Cezboy

Logfile of HijackThis v1.99.1 Scan saved at 20:35, on 08/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\Ordi Famille\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E638575D-BAE0-4F04-8E99-B8A05836CA3C}: NameServer = 192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe

Logfile of HijackThis v1.99.1 Scan saved at 20:28, on 08/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Ordi Famille\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E638575D-BAE0-4F04-8E99-B8A05836CA3C}: NameServer = 192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe

AboutBuster 6.06 Scan started on [08/03/2007] at [18:27:49] ------------------------------------------------------------- Internet Explorer Instances Terminated! HomeSearch Service stopped if present ------------------------------------------------------------- Streams(ADS) not scanned: System not NTFS ------------------------------------------------------------- No Files Found! ------------------------------------------------------------- Scan was COMPLETED SUCCESSFULLY at 18:28:52

File: grep.exe Status: OK MD5 bb029ae91d3a6956a895f8156a8be779 Packers detected: - ***************************************** File: bwunin-7.2.0.137-8876480sl.exe Status: OK MD5 f6c9f8c7f3bc6fb0d11e172c2ce64645 ***************************************** La suite arrive

Bonjour Bruce Lee, J'ai un crash lors du premier lancement ComboFix Normal ou pas ?????? "Ordi Famille" - 07-03-08 6:23:41 Service Pack 2 ComboFix 07-03-08 - Running from: "C:\Documents and Settings\Ordi Famille\Bureau" ((((((((((((((((((((((((((((((( Files Created from 2007-02-08 to 2007-03-08 )))))))))))))))))))))))))))))))))) 2007-03-08 06:19 <REP> d-------- C:\WINDOWS\ERDNT 2007-03-06 19:17 1 --a------ C:\WINDOWS\system32\index.dat 2007-03-06 17:59 0 --a------ C:\WINDOWS\ntters.dll 2007-03-06 13:54 158,358 --a------ C:\WINDOWS\bd9.exe 2007-03-06 13:53 254,889 --a------ C:\WINDOWS\bd7.exe 2007-03-06 13:53 189,440 --a------ C:\WINDOWS\system32\safobj32.dll 2007-03-06 13:52 9,216 --a------ C:\WINDOWS\system32\msvcledf.dll 2007-03-06 13:52 449,536 --a------ C:\WINDOWS\bd2.exe 2007-03-06 13:52 272 --a------ C:\WINDOWS\system32\1FA013DE.dat 2007-03-06 13:52 257,272 --a------ C:\WINDOWS\bd5.exe 2007-03-06 13:52 206,797 --a------ C:\WINDOWS\bd3.exe 2007-03-06 13:52 179,135 --a------ C:\WINDOWS\bd4.exe 2007-03-06 13:52 11,931 --a------ C:\WINDOWS\system32\wintemp.exe 2007-03-06 06:55 <REP> d-------- C:\DOCUME~1\ORDIFA~1\.housecall6.6 2007-03-05 23:35 <REP> d-------- C:\WINDOWS\system32\VirtualExpander 2007-03-05 22:42 103,424 --a------ C:\grep.exe 2007-03-05 20:34 938 --a------ C:\WINDOWS\system32\tmp.reg 2007-03-05 20:33 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-03-05 20:33 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-03-05 20:33 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-03-05 20:33 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2007-03-05 20:33 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-03-05 20:33 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2007-03-05 19:24 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-03-05 19:18 43,400 --a------ C:\WINDOWS\system32\sdftj.dat 2007-03-05 19:18 108,106 --a------ C:\WINDOWS\system32\jjgfst1.exe 2007-03-05 18:59 <REP> d-------- C:\WINDOWS\pss 2007-03-05 17:53 24,576 --a------ C:\WINDOWS\system32\poptang.exe 2007-03-02 17:50 <REP> d-------- C:\WINDOWS\system32\appmgmt 2007-03-02 17:42 <REP> d--h----- C:\WINDOWS\msdownld.tmp 2007-03-01 18:07 <REP> d-------- C:\WINDOWS\AU_Temp 2007-02-28 13:14 <REP> d-------- C:\WINDOWS\Sun 2007-02-28 13:14 <REP> d-------- C:\DOCUME~1\ORDIFA~1\APPLIC~1\Sun 2007-02-28 13:11 <REP> d-------- C:\Program Files\Java 2007-02-28 13:11 <REP> d-------- C:\Program Files\Fichiers communs\Java 2007-02-28 07:33 <REP> d-------- C:\WINDOWS\system32\ActiveScan 2007-02-27 18:26 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-02-27 13:04 <REP> d-------- C:\temp 2007-02-27 08:11 <REP> d-------- C:\WINDOWS\system32\system 2007-02-26 21:51 86,094 --a------ C:\WINDOWS\BPMNT.dll 2007-02-26 21:51 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2007-02-26 21:51 229,957 --a------ C:\WINDOWS\tsc.exe 2007-02-26 21:51 1,101,904 --a------ C:\WINDOWS\vsapi32.dll 2007-02-26 21:51 <REP> d-------- C:\WINDOWS\report 2007-02-26 21:51 <REP> d-------- C:\WINDOWS\AU_Backup 2007-02-26 21:49 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2007-02-26 21:49 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2007-02-26 21:49 286,720 --a------ C:\WINDOWS\PATCH.EXE 2007-02-26 21:49 <REP> d-------- C:\WINDOWS\AU_Log 2007-02-26 20:32 4,766 --a------ C:\WINDOWS\system32\drivers\QVBGLRWBG.DAT 2007-02-26 18:42 <REP> d-------- C:\WINDOWS\BDOSCAN8 2007-02-26 18:40 38,528 -r------- C:\WINDOWS\system32\drivers\fkwld.sys 2007-02-26 18:40 <REP> d-------- C:\Program Files\Fichiers communs\WANSO 2007-02-26 13:36 42,086 --a------ C:\WINDOWS\system32\431172493361.dat 2007-02-26 13:31 42,086 --a------ C:\WINDOWS\system32\431172493085.dat 2007-02-16 18:39 <REP> d-------- C:\DOCUME~1\ORDIFA~1\APPLIC~1\Help 2007-02-11 10:49 90,112 --a------ C:\WINDOWS\unvise32.exe 2007-02-11 10:47 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL 2007-02-11 10:47 487,424 --a------ C:\WINDOWS\system32\MSVCP70.DLL 2007-02-11 10:46 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL 2007-02-11 10:46 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL 2007-02-11 10:46 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL 2007-02-11 10:46 106,496 --a------ C:\WINDOWS\system32\atl71.dll 2007-02-11 10:39 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys 2007-02-11 10:39 <REP> d-------- C:\Program Files\Pinnacle 2007-02-11 10:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle 2007-02-11 10:38 <REP> d-------- C:\Program Files\DAEMON Tools 2007-02-10 09:32 <REP> d-------- C:\DOCUME~1\ORDIFA~1\Contacts 2007-02-10 09:29 <REP> d-------- C:\WINDOWS\system32\DRVSTORE 2007-02-08 07:49 <REP> d-------- C:\Program Files\regseek (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-02-28 13:13 4221 --a------ C:\WINDOWS\mozver.dat 2007-02-22 07:47 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-02-11 10:38 223128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2007-01-31 12:54 -------- d-------- C:\DOCUME~1\ORDIFA~1\APPLIC~1\dossier de t‚l‚chargement share-to-web 2007-01-31 12:54 -------- d-------- C:\DOCUME~1\ORDIFA~1\APPLIC~1\dossier de t‚l‚chargement share-to-web 2007-01-31 12:53 -------- d-------- C:\Program Files\hewlett-packard 2007-01-31 12:53 -------- d-------- C:\Program Files\Fichiers communs\hewlett-packard 2007-01-30 08:05 -------- d-------- C:\DOCUME~1\ORDIFA~1\APPLIC~1\ahead 2007-01-30 08:03 -------- d-------- C:\Program Files\nero 2007-01-30 08:03 -------- d-------- C:\Program Files\Fichiers communs\ahead 2007-01-28 21:16 -------- d-------- C:\Program Files\my downloaded games 2007-01-28 21:15 -------- d-------- C:\Program Files\boonty 2007-01-28 20:44 -------- d-------- C:\Program Files\systran 2007-01-28 08:40 -------- d-------- C:\Program Files\zion++ 2007-01-24 18:48 -------- d-------- C:\DOCUME~1\ORDIFA~1\APPLIC~1\rainlendar 2007-01-24 18:48 -------- d-------- C:\DOCUME~1\ORDIFA~1\APPLIC~1\dvdcss 2007-01-24 18:48 -------- d-------- C:\DOCUME~1\ORDIFA~1\APPLIC~1\binarysense 2007-01-22 20:32 -------- d-------- C:\DOCUME~1\ORDIFA~1\APPLIC~1\google 2007-01-21 21:34 -------- d-------- C:\DOCUME~1\ORDIFA~1\APPLIC~1\magic match 2007-01-21 13:20 118784 -r------- C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe 2007-01-21 09:25 -------- d-------- C:\Program Files\rainlendar 2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-01-18 18:12 -------- d-------- C:\Program Files\themexp 2007-01-16 19:05 68 --a------ C:\WINDOWS\gplrlanc.dat 2007-01-15 18:32 689280 --a------ C:\WINDOWS\system32\aswboot.exe 2007-01-15 18:26 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-01-15 18:25 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-01-15 13:40 63910 --a------ C:\WINDOWS\system32\perfc00c.dat 2007-01-15 13:40 445772 --a------ C:\WINDOWS\system32\perfh00c.dat 2007-01-14 21:03 -------- d-------- C:\DOCUME~1\ORDIFA~1\APPLIC~1\adobe 2007-01-14 17:46 -------- d-------- C:\DOCUME~1\ORDIFA~1\APPLIC~1\openoffice.org2 2007-01-14 17:45 -------- d-------- C:\Program Files\openoffice.org 2.1 2007-01-12 12:18 90112 --a------ C:\WINDOWS\system32\avastss.scr (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R" "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\lib\\NMBgMonitor.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMan"="SOUNDMAN.EXE" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\ LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ DcomLaunch REG_MULTI_SZ DcomLaunchTermService\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D] Shell\Auto\command D:\EDpbw.exe Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL EDpbw.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E] Shell\Auto\command E:\EDpbw.exe Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL EDpbw.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9441a766-b02f-11db-a802-0011098f8409}] Shell\AutoRun\command H:\Setupx.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{945469ea-b9b3-11db-a82c-0011098f8409}] Shell\AutoRun\command H:\welcome.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d58d0edc-1d29-11d7-a631-806d6172696f}] Shell\Auto\command EDpbw.exe Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL EDpbw.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d58d0edd-1d29-11d7-a631-806d6172696f}] Shell\Auto\command EDpbw.exe Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL EDpbw.exe ******************************************************************** catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-03-08 6:25:00

Bonjour a toi, Rapport clean par Malekal_morte - http://www.malekal.com Option 1, executee le 07/03/2007 a 18:00:47,42 *** Recherche de fichiers sur C: *** Recherche des fichiers dans C:\WINDOWS\ *** Recherche des fichiers dans C:\WINDOWS\system32 *** Fin du rapport !

StartupList report, 06/03/2007, 21:30:00 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Ordi Famille\Bureau\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ordi Famille\Bureau\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Ordi Famille\Menu Démarrer\Programmes\Démarrage] Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SoundMan = SOUNDMAN.EXE avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" sdafdsafds = D;]XJOEPXT]ufnq]273/fyf !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Creative Detector = C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [CKAVWebScan Object] InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll CODEBASE = http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab [bDSCANONLINE Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services 1FA013DE: C:\WINDOWS\system32\1FA013DE.EXE -service (disabled) Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system) acpidisk: \??\C:\WINDOWS\system32\drivers\acpidisk.sys (autostart) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Service for WDM 3D Audio Driver: system32\drivers\ALCXSENS.SYS (manual start) Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start) Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Pilote de processeur AMD K7: system32\DRIVERS\amdk7.sys (system) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Protocole client ARP 1394: system32\DRIVERS\arp1394.sys (manual start) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start) avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart) Pilote de média asynchrone RAS: system32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart) ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart) ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start) Protocole client ATM ARP: system32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: system32\DRIVERS\audstub.sys (manual start) avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart) avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start) avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start) AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system) AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart) AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Décodeur sous-titre fermé: system32\DRIVERS\CCDECODE.sys (manual start) Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled) Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.EXE (autostart) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de disque: system32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Pilote de Gestionnaire de disque logique: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) DSDrv4: \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys (manual start) dtscsi: \SystemRoot\System32\Drivers\dtscsi.sys (manual start) epdotu77: System32\DRIVERS\epdotu77.sys (system) EPSON Printer Status Agent2: C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote de contrôleur de lecteur de disquettes: system32\DRIVERS\fdc.sys (manual start) fkwld: system32\drivers\fkwld.sys (system) Pilote de lecteur de disquettes: system32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\DRIVERS\fltMgr.sys (system) Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system) GMSIPCI: \??\G:\INSTALL\GMSIPCI.SYS (manual start) Classificateur de paquets générique: system32\DRIVERS\msgpc.sys (manual start) Hauppauge WinTV 848/9 WDM Video Driver: system32\DRIVERS\HCWBT8XX.sys (autostart) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) HP Extended Keyboard: system32\DRIVERS\hpmmkbd.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system) Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start) InCD File System: system32\drivers\InCDFs.sys (disabled) InCDPass: system32\drivers\InCDPass.sys (system) InCD Reader: system32\drivers\InCDRm.sys (system) Pilote du pare-feu Windows IPv6: system32\DRIVERS\Ip6Fw.sys (manual start) Pilote de filtre de trafic IP: system32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: system32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: system32\DRIVERS\ipsec.sys (system) Service énumérateur IR: system32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system) jsefusf: C:\WINDOWS\system32\jsefusf.exe -service (autostart) Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Logitech AEC Driver: system32\DRIVERS\LVcKap.sys (manual start) Logitech Machine Vision Engine Loader: system32\DRIVERS\LVMVDrv.sys (manual start) Logitech LVPr2Mon Driver: system32\drivers\LVPr2Mon.sys (manual start) Logitech Process Monitor: c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe (autostart) LVSrvLauncher: C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe (autostart) Logitech USB Monitor Filter: system32\drivers\lvusbsta.sys (manual start) Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Partage de Bureau à distance NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system) Redirecteur client WebDav: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start) Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start) Codec NABTS/FEC VBI: system32\DRIVERS\NABTSFEC.sys (manual start) Connection TV/vidéo Microsoft: system32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: system32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: system32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: system32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: system32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: system32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote réseau 1394: system32\DRIVERS\nic1394.sys (manual start) NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) nvatabus: system32\DRIVERS\nvatabus.sys (system) NVIDIA nForce Networking Controller Driver: system32\DRIVERS\NVENETFD.sys (manual start) NVIDIA Network Bus Enumerator: system32\DRIVERS\nvnetbus.sys (manual start) NVIDIA nForce AGP Bus Filter: system32\DRIVERS\nv_agp.sys (system) Pilote de filtre de trafic IPX: system32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: system32\DRIVERS\nwlnkfwd.sys (manual start) Contrôleur hôte compatible IEE 1394 VIA OHCI: system32\DRIVERS\ohci1394.sys (system) Pilote de port parallèle: system32\DRIVERS\parport.sys (manual start) PCI Bus Driver: system32\DRIVERS\pci.sys (system) PCIIde: system32\DRIVERS\pciide.sys (system) Volume Adapter: system32\DRIVERS\lv302af.sys (manual start) Logitech QuickCam IM(PID_08A0): system32\DRIVERS\LV302AV.SYS (manual start) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart) Miniport réseau étendu (PPTP): system32\DRIVERS\raspptp.sys (manual start) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: system32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: system32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) Pilote de connexion automatique d'accès distant: system32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: system32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Pilote de redirecteur de périphérique Terminal Server: system32\DRIVERS\rdpdr.sys (manual start) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: system32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Accès à distance au Registre: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: system32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: system32\DRIVERS\serenum.sys (manual start) Pilote de port série: system32\DRIVERS\serial.sys (system) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détrameur décalage BDA: system32\DRIVERS\SLIP.sys (manual start) Pilote de filtrage Sony USB (SONYPVU1): system32\DRIVERS\SONYPVU1.SYS (manual start) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) sptd: System32\Drivers\sptd.sys (system) Pilote de filtre de restauration système: \SystemRoot\system32\DRIVERS\sr.sys (disabled) Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart) BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{A15273DD-67D1-4E36-89D1-A903E62FAC22} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: system32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: system32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINDOWS\system32\tlntsvr.exe (manual start) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Pilote de mise à jour microcode: system32\DRIVERS\update.sys (manual start) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote USB audio (WDM): system32\drivers\usbaudio.sys (manual start) Pilote parent générique USB Microsoft: system32\DRIVERS\usbccgp.sys (manual start) Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start) Pilote de concentrateur standard USB Microsoft: system32\DRIVERS\usbhub.sys (manual start) Pilote miniport de contrôleur hôte ouvert USB Microsoft: system32\DRIVERS\usbohci.sys (manual start) Classe d'imprimantes USB Microsoft: system32\DRIVERS\usbprint.sys (manual start) Pilote de scanneur USB: system32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: system32\DRIVERS\USBSTOR.SYS (manual start) Service Messenger Sharing Folders USN Journal Reader: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: system32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Extensions du pilote WMI: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Codec Teletext standard: system32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) wvmizx55: System32\DRIVERS\wvmizx55.sys (system) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) xbjjor04: System32\DRIVERS\xbjjor04.sys (system) Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) zodbuz54: System32\DRIVERS\zodbuz54.sys (system) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 36 112 bytes Report generated in 0,125 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only *********************************************************************************** --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 21:23:36 06/03/2007 + Résultat de l'analyse: :mozilla.17:C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.19:C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. Fin du rapport

Bonjour, Voici les rapports ************************************************* --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 20:31:22 06/03/2007 + Résultat de l'analyse: C:\Documents and Settings\Ordi Famille\Bureau\backups\backup-20070306-074145-253.dll -> Adware.BHO : Aucune action entreprise. C:\Documents and Settings\Ordi Famille\Bureau\backups\backup-20070306-135617-757.dll -> Adware.BHO : Aucune action entreprise. C:\Documents and Settings\Ordi Famille\Bureau\backups\backup-20070306-190128-486.dll -> Adware.BHO : Aucune action entreprise. C:\WINDOWS\system32\setup111.exe -> Adware.Cdnup : Aucune action entreprise. C:\WINDOWS\system32\drivers\acpidisk.sys -> Adware.Cinmus : Aucune action entreprise. C:\Documents and Settings\Ordi Famille\Bureau\backups\backup-20070306-074121-901.dll -> Adware.Softomate : Aucune action entreprise. C:\Documents and Settings\Ordi Famille\Bureau\backups\backup-20070306-135617-156.dll -> Adware.Softomate : Aucune action entreprise. C:\WINDOWS\system32\1FA013DE.DLL -> Backdoor.Agent.ahj : Aucune action entreprise. C:\WINDOWS\system32\1FA013DE.EXE -> Backdoor.Agent.ahj : Aucune action entreprise. C:\WINDOWS\system32\1FA013DET.EXE -> Backdoor.Agent.ahj : Aucune action entreprise. C:\WINDOWS\system32\zy0002.exe -> Downloader.Agent.bid : Aucune action entreprise. D:\EDpbw.exe -> Worm.Agent.t : Aucune action entreprise. E:\EDpbw.exe -> Worm.Agent.t : Aucune action entreprise. Fin du rapport *************************************************************************************** SDFix: Version 1.69 Run by Ordi Famille - 06/03/2007 - 18:42:48,59 Microsoft Windows XP [version 5.1.2600] Running From: C:\Documents and Settings\Ordi Famille\Bureau\SDFix Safe Mode: Checking Services: Restoring Windows Registry Entries Restoring Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\Temp\1.exe - Deleted ADS Check: C:\WINDOWS\system32 No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer" "C:\\WINDOWS\\temp\\162.exe"="C:\\WINDOWS\\temp\\162.exe:*:Enabled:162.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Backups Folder: - C:\DOCUME~1\ORDIFA~1\Bureau\SDFix\backups\backups.zip Checking For Files with Hidden Attributes : C:\WINDOWS\f0vd12yigmug2.dll C:\WINDOWS\EDpbw.exe C:\WINDOWS\100.exe C:\Program Files\Messenger\msmsgs.exe Add/Remove Programs List: Ad-Aware SE Professional ATI - Software Uninstall Utility ATI Display Driver avast! Antivirus AVG Anti-Spyware 7.5 CCleaner (remove only) AdPush Software Creative Mass Storage Drivers EPSON Logiciel imprimante EPSON Logiciel imprimante Hewlett-Packard Extended Keyboard HijackThis 1.99.1 NEC-Mitsubishi NaViSet K!TV Kaspersky On-line Scanner Kaspersky Online Scanner Mozilla Firefox (2.0.0.2) Mozilla Thunderbird (1.5.0.10) Creative Mass Storage Drivers NVIDIA Drivers Panda ActiveScan Programme de gestion Camera de Logitech© Rainlendar (remove only) Shockwave Adobe Flash Player 9 ActiveX Spybot - Search & Destroy 1.4 Creative System Information Themexp.org File VideoLAN VLC media player 0.8.4a Winamp (remove only) Archiveur WinRAR Ziepod 0.99.8 Zion++ Vert 2.16 ATI HYDRAVISION Livebox Creative MediaSource J2SE Runtime Environment 5.0 Update 11 Nero 7 Ultra Edition HP Precisionscan Pro 3.1 NEC-Mitsubishi NaViSet Logitech Desktop Messenger Adobe Reader 8 - Fran‡ais Creative Zen Nano Plus Logitech Audio Echo Cancellation Component Microsoft .NET Framework 1.1 ATI Catalyst Control Center OpenOffice.org 2.1 Logitech Video Enumerator Logitech QuickCam Windows Live Messenger Realtek AC'97 Audio ÒæàÇÓ¥ÓöûÏóáÞä Finished ******************************************************************************************** Logfile of HijackThis v1.99.1 Scan saved at 20:33:58, on 06/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Ordi Famille\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [sdafdsafds] D;]XJOEPXT]ufnq]273/fyf O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\RunOnce: [zodbuz54] %systemroot%\system32\Rundll32.exe %systemroot%\system32\zodbuz54.dll,DllUnregisterServer O4 - HKLM\..\RunOnce: [xbjjor04] %systemroot%\system32\Rundll32.exe %systemroot%\system32\xbjjor04.dll,DllUnregisterServer O4 - HKLM\..\RunOnce: [wvmizx55] %systemroot%\system32\Rundll32.exe %systemroot%\system32\wvmizx55.dll,DllUnregisterServer O4 - HKLM\..\RunOnce: [epdotu77] %systemroot%\system32\Rundll32.exe %systemroot%\system32\epdotu77.dll,DllUnregisterServer O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E638575D-BAE0-4F04-8E99-B8A05836CA3C}: NameServer = 192.168.1.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: jsefusf - Unknown owner - C:\WINDOWS\system32\jsefusf.exe (file missing) O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe

Scanner Malware name AntiVir BDS/Cakl.D backdoor ArcaVir X Avast Win32:Delf-BQR AVG Antivirus X BitDefender MemScan:Backdoor.Cakl.B ClamAV X Dr.Web X F-Prot Antivirus X F-Secure Anti-Virus Backdoor.Win32.Cakl.b Fortinet X Kaspersky Anti-Virus Backdoor.Win32.Cakl.b NOD32 a variant of Win32/HideProc Norman Virus Control X Panda Antivirus X VirusBuster Packed/MoleBox VBA32 Embedded.Backdoor.Win32.Cakl.a Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)

Oui il me dit """The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file'""

Merci beaucoup. SmitFraudFix v2.147 Rapport fait à 20:34:08,65, 05/03/2007 Executé à partir de C:\Documents and Settings\Ordi Famille\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ordi Famille »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ordi Famille\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ORDIFA~1\FAVORIS »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Cette page de demarrage est t'elle voulut: hao123.union123.com Pas du tout !!!!

Aprés que Trend Office scan ait detécter le virus sur ma clé USB j'ai un scan et il n'a rien trouvé du tout. Le rapport qui suis viens de mon PC perso qui est lui aussi infecté, le probleme cité plus haut c'est sur mon PC du taf. Logfile of HijackThis v1.99.1 Scan saved at 19:29:25, on 05/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\WINDOWS\inf\mssys.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ffudf.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\inf\mssys.exe C:\Documents and Settings\Ordi Famille\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {74D5B78A-88D3-53B3-4F98-F4A57934BA9F} - C:\WINDOWS\inf\mshtmll.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: XTTBPos00 - {BBBE1C1A-89F7-4AF6-ABD1-2B2EF2D7A73B} - C:\PROGRA~1\SOFTTO~1\soft.dll O3 - Toolbar: sofa - {B7D3E479-CC68-42B5-A338-C6B1F168274C} - C:\Program Files\SoftToolbar\soft.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [system] C:\Program Files\Fichiers communs\System\Updaterun.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [sdafdsafds] D;]XJOEPXT]ufnq]273/fyf O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [mssys32] C:\WINDOWS\inf\mssys.exe O4 - HKCU\..\Run: [mshtmll] regsvr32 /s C:\WINDOWS\inf\mshtmll.dll O4 - HKCU\..\Run: [mssys] C:\WINDOWS\inf\mssys.exe O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E638575D-BAE0-4F04-8E99-B8A05836CA3C}: NameServer = 192.168.1.1 O18 - Protocol: bw+0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: 1FA013DE - Unknown owner - C:\WINDOWS\system32\1FA013DE.EXE (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe ***************************************************************************************************************

L'infection risque t'elle de ce propager sur mon autre PC. (Réseau local) ??

Bonjour a tous, Mon anti virus me dit que le fichier hbrvj.exe est infecté par Worm_agent.kcx. Il était apparemment sur ma cle USB. Que puis je faire ???? Es ce dangereux ??

Voilà c'est fait. Milles excuses.

Je viens de t'envoyer Cezboy.zip dans Malware. Je peux te demander à quoi ca va te servir ? Merci beaucoup pour ton aide. Je vais me pencher sérieusement sur le sujet.(Aurais-tu de bons Tutos à me proposer ?). Et peux être qu'un jour je pourrais aidé quelqu'un à mon tour. Encore merci, a bientôt j'espere mais dans d'autres circonstance. Cezboy.

Le pc ne montre plus de signe d'infection. Il tourne bien.

Voila le rapport Incident Status Location Adware:Adware/Alexa-Toolbar Not disinfected C:\WINDOWS\SYSTEM32\FFUDF.EXE Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\SYSTEM32\BAWANG.EXE Virus:Trj/WinKld.A Disinfected C:\WINDOWS\SYSTEM32\DUFS2.EXE Virus:Trj/WinKld.A Not disinfected C:\WINDOWS\BD3.EXE[ad_1132.exe] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\COOKIES.TXT[.xiti.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\COOKIES.TXT[.doubleclick.net/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\COOKIES.TXT[.mediaplex.com/] Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\COOKIES.TXT[.weborama.fr/] Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\COOKIES.TXT[.tradedoubler.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\COOKIES.TXT[.bluestreak.com/] Adware:Adware/51115 Not disinfected C:\!KillBox\MSHTMLL.DLL

Oups pardon Pocket Killbox version 2.0.0.648 Running on Windows XP as Ordi Famille(Administrator) was started @ mardi, février 27, 2007, 9:23 PM # 1 [Delete on Reboot] Path = C:\WINDOWS\System32\mssys32.exe # 2 [Delete on Reboot] Path = C:\WINDOWS\System32\12.exe # 3 [Delete on Reboot] Path = C:\WINDOWS\System32\2100qqgm.exe # 4 [Delete on Reboot] Path = C:\WINDOWS\System32\JOTYDJ.AAB # 5 [Delete on Reboot] Path = C:\WINDOWS\System32\OTXCIOTY.DLL # 6 [Delete on Reboot] Path = C:\WINDOWS\System32\KPUAEJO.DLL # 7 [Delete on Reboot] Path = C:\WINDOWS\System32\1k8mu7iJg.dll # 8 [Delete on Reboot] Path = C:\WINDOWS\3030.exe # 9 [Delete on Reboot] Path = C:\WINDOWS\temp.exe # 10 [Delete on Reboot] Path = C:\WINDOWS\hbrVJ.exe # 11 [Delete on Reboot] Path = C:\WINDOWS\system32\mshtmll.dll # 12 [Delete on Reboot] Path = C:\WINDOWS\sclgntfys.dll I Rebooted @ 9:28:14 PM Killbox Closed(Exit) @ 9:28:17 PM __________________________________________________ Pocket Killbox version 2.0.0.648 Running on Windows XP as Ordi Famille(Administrator) was started @ mardi, février 27, 2007, 9:53 PM

Logfile of HijackThis v1.99.1 Scan saved at 21:34:01, on 27/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe D:\Telechargement\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {C4B517D3-1813-13D3-18D3-2435B936A0A0} - C:\WINDOWS\system32\mshtmll.dll (file missing) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E638575D-BAE0-4F04-8E99-B8A05836CA3C}: NameServer = 192.168.1.1 O18 - Protocol: bw+0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: 1FA013DE - Unknown owner - C:\WINDOWS\system32\1FA013DE.EXE (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: jsefusf - Unknown owner - C:\WINDOWS\system32\jsefusf.exe (file missing) O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe ********************************************************************************************************************* Pour le rapport AVG, je n'arrive pas a mettre la main dessus. Et je vais voir dans le logiciel, à l'onglet Rapport il me dit "Aucun Rapport Disponible"

jsefusf.dll c'est bon il est à la poubelle !!!

C:\WINDOWS\System32\pngfllt.txt -->27/02/2007 20:23:16 C:\WINDOWS\System32\ntoskrnl.ini -->27/02/2007 20:21:26 C:\WINDOWS\System32\jsds3utj.dat -->27/02/2007 20:21:24 C:\WINDOWS\System32\mshtmll.dll -->27/02/2007 20:21:08 C:\WINDOWS\System32\jsefusf.dll -->27/02/2007 20:21:06 C:\WINDOWS\System32\ffudf.exe -->27/02/2007 20:21:06 C:\WINDOWS\System32\index.dat -->27/02/2007 19:54:10 C:\WINDOWS\System32\mssys32.exe -->27/02/2007 18:26:10 C:\WINDOWS\System32\12.exe -->27/02/2007 13:04:48 C:\WINDOWS\System32\1FA013DE.dat -->27/02/2007 13:04:36 C:\WINDOWS\System32\2100qqgm.exe -->27/02/2007 08:11:12 C:\WINDOWS\System32\JOTYDJ.AAB -->27/02/2007 07:55:00 C:\WINDOWS\System32\OTXCIOTY.DLL -->27/02/2007 07:55:00 C:\WINDOWS\System32\KPUAEJO.DLL -->27/02/2007 07:55:00 C:\WINDOWS\System32\1k8mu7iJg.dll -->27/02/2007 07:54:44 C:\WINDOWS\System32\WBGLSXDHMRWB.OKC -->27/02/2007 07:18:08 C:\WINDOWS\System32\stf1.jpg -->27/02/2007 07:12:54 C:\WINDOWS\System32\dsffdsg22.st -->26/02/2007 22:17:28 C:\WINDOWS\System32\jds1172520951.web -->26/02/2007 21:15:58 C:\WINDOWS\System32\mscpx32r.det -->26/02/2007 21:15:54 C:\WINDOWS\System32\mprmsgse.axz -->26/02/2007 20:32:20 C:\WINDOWS\System32\stf2.jpg -->26/02/2007 18:49:36 C:\WINDOWS\System32\LRXEJOT.DLL -->26/02/2007 18:44:54 C:\WINDOWS\System32\110-5637-107 -->26/02/2007 18:40:32 C:\WINDOWS\System32\94-5637-107 -->26/02/2007 18:40:28 C:\WINDOWS.log -->27/02/2007 20:22:04 C:\WINDOWS\wiadebug.log -->27/02/2007 20:21:26 C:\WINDOWS\bootstat.dat -->27/02/2007 20:20:50 C:\WINDOWS\WindowsUpdate.log -->27/02/2007 20:19:16 C:\WINDOWS\setupapi.log -->27/02/2007 18:26:50 C:\WINDOWS\setupact.log -->27/02/2007 17:54:26 C:\WINDOWS\setuperr.log -->27/02/2007 17:54:22 C:\WINDOWS\ntbtlog.txt -->27/02/2007 17:51:02 C:\WINDOWS\SchedLgU.Txt -->27/02/2007 17:49:26 C:\WINDOWS\wiaservc.log -->27/02/2007 17:49:26 C:\WINDOWS\spoollist.txt -->27/02/2007 17:40:18 C:\WINDOWS23.txt -->27/02/2007 13:05:48 C:\WINDOWS\temp.exe -->27/02/2007 08:14:48 C:\WINDOWS\Sti_Trace.log -->27/02/2007 08:11:08 C:\WINDOWS\tsc.ini -->26/02/2007 22:08:38 C:\WINDOWS\twunk_16.exe |24/08/2001 12:00:00 C:\WINDOWS\twunk_32.exe |24/08/2001 12:00:00 C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe |21/01/2007 13:20:34 C:\WINDOWS\IsUninst.exe |31/01/2007 12:55:04 C:\WINDOWS\3030.exe |26/02/2007 18:39:11 C:\WINDOWS\temp.exe |27/02/2007 08:14:46 C:\WINDOWS\PATCH.EXE |26/02/2007 21:49:51 C:\WINDOWS\bd2.exe |26/02/2007 18:39:31 C:\WINDOWS\bd3.exe |26/02/2007 18:39:47 C:\WINDOWS\bd4.exe |26/02/2007 18:39:53 C:\WINDOWS\bd5.exe |26/02/2007 18:40:05 C:\WINDOWS\unvise32.exe |11/02/2007 10:49:16 C:\WINDOWS\bdoscandel.exe |25/05/2006 01:22:06 C:\WINDOWS\runtsckl.exe |02/11/2005 18:07:12 C:\WINDOWS\tsc.exe |26/02/2007 21:51:00 C:\WINDOWS\hbrVJ.exe |27/02/2007 13:16:01 C:\WINDOWS\alcrmv.exe |01/01/2003 02:15:48 C:\WINDOWS\alcupd.exe |01/01/2003 02:15:48 C:\WINDOWS\SOUNDMAN.EXE |01/01/2003 02:15:55 C:\WINDOWS\Ctregrun.exe |01/01/2003 02:53:00 C:\WINDOWS\Primary.exe |01/01/2003 03:02:11 C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe |01/01/2003 03:15:16 C:\WINDOWS\twain.dll |24/08/2001 12:00:00 C:\WINDOWS\twain_32.dll |03/08/2004 22:54:44 C:\WINDOWS\UNZIP.DLL |26/02/2007 21:49:51 C:\WINDOWS\TMUPDATE.DLL |26/02/2007 21:49:52 C:\WINDOWS\loadhttp.dll |15/10/2002 14:29:40 C:\WINDOWS\patchw32.dll |14/12/2001 13:34:46 C:\WINDOWS\AuHCcup1.dll |23/07/1999 10:53:20 C:\WINDOWS\BPMNT.dll |26/02/2007 21:51:00 C:\WINDOWS\vsapi32.dll |26/02/2007 21:51:00 C:\WINDOWS\hcextoutput.dll |26/02/2007 21:51:00 C:\WINDOWS\sclgntfys.dll |27/02/2007 08:11:57 C:\WINDOWS\f0vd12yigmug2.dll |27/02/2007 13:04:10 C:\WINDOWS\system32\append.exe |24/08/2001 12:00:00 C:\WINDOWS\system32\debug.exe |24/08/2001 12:00:00 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 17:47:34 C:\WINDOWS\system32\edlin.exe |24/08/2001 12:00:00 C:\WINDOWS\system32\exe2bin.exe |24/08/2001 12:00:00 C:\WINDOWS\system32\fastopen.exe |24/08/2001 12:00:00 C:\WINDOWS\system32\mem.exe |24/08/2001 12:00:00 C:\WINDOWS\system32\mscdexnt.exe |24/08/2001 12:00:00 C:\WINDOWS\system32\nlsfunc.exe |24/08/2001 12:00:00 C:\WINDOWS\system32\nw16.exe |24/08/2001 12:00:00 C:\WINDOWS\system32\setver.exe |24/08/2001 12:00:00 C:\WINDOWS\system32\share.exe |24/08/2001 12:00:00 C:\WINDOWS\system32\vwipxspx.exe |24/08/2001 12:00:00 C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 17:47:48 C:\WINDOWS\system32\usrprbda.exe |23/08/2001 17:47:48 C:\WINDOWS\system32\usrshuta.exe |23/08/2001 17:47:48 C:\WINDOWS\system32\dosx.exe |03/08/2004 20:51:28 C:\WINDOWS\system32\redir.exe |03/08/2004 20:48:48 C:\WINDOWS\system32\ffudf.exe |27/02/2007 20:21:05 C:\WINDOWS\system32\ati2evxx.exe |04/08/2005 04:02:58 C:\WINDOWS\system32\ati2sgag.exe |01/01/2003 02:18:31 C:\WINDOWS\system32\aswBoot.exe |01/01/2003 02:34:35 C:\WINDOWS\system32\Ati2mdxx.exe |04/08/2005 04:04:34 C:\WINDOWS\system32\prntfix.exe |24/01/2001 06:31:18 C:\WINDOWS\system32\bawang.exe |26/02/2007 13:31:19 C:\WINDOWS\system32\2100qqgm.exe |27/02/2007 08:11:07 C:\WINDOWS\system32\dufs2.exe |26/02/2007 13:36:58 C:\WINDOWS\system32\12.exe |27/02/2007 13:04:41 C:\WINDOWS\system32\NeroCheck.exe |09/07/2001 11:50:42 C:\WINDOWS\system32\nvugart.exe |01/01/2003 02:15:03 C:\WINDOWS\system32\NVUNINST.EXE |01/01/2003 02:15:12 C:\WINDOWS\system32\nvumctl.exe |01/01/2003 02:15:12 C:\WINDOWS\system32\nvusmb.exe |01/01/2003 02:15:14 C:\WINDOWS\system32\nvunrm.exe |01/01/2003 02:15:15 C:\WINDOWS\system32\nvuide.exe |01/01/2003 02:15:26 C:\WINDOWS\system32\RTLCPL.EXE |01/01/2003 02:15:53 C:\WINDOWS\system32\HPHLPKBD.EXE |08/02/2002 14:09:06 C:\WINDOWS\system32\HPMMKBD.EXE |08/02/2002 14:16:44 C:\WINDOWS\system32\HPKSETUP.EXE |06/07/2000 11:10:14 C:\WINDOWS\system32\pxhpinst.exe |01/01/2003 02:38:21 C:\WINDOWS\system32\pxinsa64.exe |01/01/2003 02:38:21 C:\WINDOWS\system32\pxinsi64.exe |01/01/2003 02:38:21 C:\WINDOWS\system32\pxcpya64.exe |01/01/2003 02:38:21 C:\WINDOWS\system32\CTSVCCDA.EXE |01/01/2003 02:50:18 C:\WINDOWS\system32\CTSVCCTL.EXE |01/01/2003 02:50:18 C:\WINDOWS\system32\ir32_32.dll |24/08/2001 12:00:00 C:\WINDOWS\system32\jgaw400.dll |24/08/2001 12:00:00 C:\WINDOWS\system32\jgmd400.dll |24/08/2001 12:00:00 C:\WINDOWS\system32\jgdw400.dll |24/08/2001 12:00:00 C:\WINDOWS\system32\jgsd400.dll |24/08/2001 12:00:00 C:\WINDOWS\system32\jgsh400.dll |24/08/2001 12:00:00 C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 17:47:06 C:\WINDOWS\system32\msencode.dll |24/08/2001 12:00:00 C:\WINDOWS\system32\scriptpw.dll |24/08/2001 12:00:00 C:\WINDOWS\system32\slbrccsp.dll |24/08/2001 12:00:00 C:\WINDOWS\system32\spnike.dll |23/08/2001 17:47:18 C:\WINDOWS\system32\sprio600.dll |23/08/2001 17:47:18 C:\WINDOWS\system32\sprio800.dll |23/08/2001 17:47:18 C:\WINDOWS\system32\jgpl400.dll |24/08/2001 12:00:00 C:\WINDOWS\system32\tsd32.dll |24/08/2001 12:00:00 C:\WINDOWS\system32\win87em.dll |24/08/2001 12:00:00 C:\WINDOWS\system32\paqsp.dll |23/08/2001 17:47:16 C:\WINDOWS\system32\usrcntra.dll |23/08/2001 17:47:20 C:\WINDOWS\system32\usrcoina.dll |23/08/2001 17:47:20 C:\WINDOWS\system32\usrdpa.dll |23/08/2001 17:47:20 C:\WINDOWS\system32\usrdtea.dll |23/08/2001 17:47:20 C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 17:47:20 C:\WINDOWS\system32\usrlbva.dll |23/08/2001 17:47:20 C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 17:47:20 C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 17:47:20 C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 17:47:20 C:\WINDOWS\system32\usrv42a.dll |23/08/2001 17:47:20 C:\WINDOWS\system32\usrv80a.dll |23/08/2001 17:47:20 C:\WINDOWS\system32\usrvoica.dll |23/08/2001 17:47:20 C:\WINDOWS\system32\usrvpa.dll |23/08/2001 17:47:20 C:\WINDOWS\system32\NVCOG.DLL |01/01/2003 02:15:02 C:\WINDOWS\system32\amstream.dll |03/08/2004 22:54:22 C:\WINDOWS\system32\atmfd.dll |03/08/2004 22:52:50 C:\WINDOWS\system32\atmlib.dll |03/08/2004 22:54:22 C:\WINDOWS\system32\compatUI.dll |03/08/2004 22:54:24 C:\WINDOWS\system32\encdec.dll |03/08/2004 22:54:26 C:\WINDOWS\system32\iccvid.dll |03/08/2004 22:54:28 C:\WINDOWS\system32\ieencode.dll |03/08/2004 22:54:28 C:\WINDOWS\system32\msdmo.dll |03/08/2004 22:54:34 C:\WINDOWS\system32\qedwipes.dll |03/08/2004 22:53:42 C:\WINDOWS\system32\sbe.dll |03/08/2004 22:54:38 C:\WINDOWS\system32\slbcsp.dll |03/08/2004 20:31:44 C:\WINDOWS\system32\slbiop.dll |03/08/2004 22:54:40 C:\WINDOWS\system32\ir41_qc.dll |03/08/2004 22:54:30 C:\WINDOWS\system32\ir41_qcx.dll |03/08/2004 22:54:30 C:\WINDOWS\system32\ir50_32.dll |03/08/2004 22:54:30 C:\WINDOWS\system32\ir50_qc.dll |03/08/2004 22:54:30 C:\WINDOWS\system32\ir50_qcx.dll |03/08/2004 22:54:30 C:\WINDOWS\system32\isrdbg32.dll |01/01/2003 01:52:04 C:\WINDOWS\system32\EqnClass.Dll |01/01/2003 01:45:45 C:\WINDOWS\system32\spxcoins.dll |01/01/2003 01:45:46 C:\WINDOWS\system32\dgsetup.dll |01/01/2003 01:45:46 C:\WINDOWS\system32\dgrpsetu.dll |01/01/2003 01:45:46 C:\WINDOWS\system32\lvcodec2.dll |01/01/2003 03:20:59 C:\WINDOWS\system32\LVUI2.dll |01/01/2003 03:20:59 C:\WINDOWS\system32\LVUI2RC.dll |01/01/2003 03:20:59 C:\WINDOWS\system32\lvcoinst.dll |01/01/2003 03:20:59 C:\WINDOWS\system32\hypertrm.dll |01/01/2003 01:50:08 C:\WINDOWS\system32\ATIDDC.DLL |04/08/2005 04:02:32 C:\WINDOWS\system32\atitvo32.dll |04/08/2005 03:08:22 C:\WINDOWS\system32\atipdlxx.dll |04/08/2005 04:04:56 C:\WINDOWS\system32\ATIDEMGR.dll |04/08/2005 06:27:54 C:\WINDOWS\system32\atioglxx.dll |04/08/2005 04:28:52 C:\WINDOWS\system32\atioglx1.dll |04/08/2005 05:46:26 C:\WINDOWS\system32\atiiiexx.dll |01/01/2003 02:18:27 C:\WINDOWS\system32\ati2dvag.dll |01/01/2003 01:47:37 C:\WINDOWS\system32\ati2cqag.dll |01/01/2003 01:47:37 C:\WINDOWS\system32\ati3duag.dll |01/01/2003 01:47:38 C:\WINDOWS\system32\ativvaxx.dll |01/01/2003 01:47:38 C:\WINDOWS\system32\ati2evxx.dll |04/08/2005 04:04:18 C:\WINDOWS\system32\ati2edxx.dll |04/08/2005 04:04:28 C:\WINDOWS\system32\atikvmag.dll |04/08/2005 03:34:12 C:\WINDOWS\system32\ati3d1ag.dll |01/01/2003 01:47:37 C:\WINDOWS\system32\Oemdspif.dll |04/08/2005 04:04:42 C:\WINDOWS\system32\ZiepodOneClicker.dll |14/01/2007 07:50:21 C:\WINDOWS\system32\lfbmp70n.dll |11/06/1998 14:08:02 C:\WINDOWS\system32\lffax70n.dll |11/06/1998 14:08:04 C:\WINDOWS\system32\OpenAL32.dll |21/01/2007 09:22:01 C:\WINDOWS\system32\lffpx70n.dll |11/06/1998 14:08:06 C:\WINDOWS\system32\lfgif70n.dll |11/06/1998 14:08:06 C:\WINDOWS\system32\lfpcx70n.dll |11/06/1998 14:08:08 C:\WINDOWS\system32\lfpng70n.dll |11/06/1998 14:08:08 C:\WINDOWS\system32\lftif70n.dll |11/06/1998 14:08:08 C:\WINDOWS\system32\ltfil70n.DLL |11/06/1998 14:08:12 C:\WINDOWS\system32\ltkrn70n.dll |11/06/1998 14:08:12 C:\WINDOWS\system32\ipeapi12.dll |11/04/2001 20:56:24 C:\WINDOWS\system32\hpgud32.dll |31/01/2007 12:54:49 C:\WINDOWS\system32\hpguapi.dll |31/01/2007 12:54:50 C:\WINDOWS\system32\hpg4400.dll |31/01/2007 12:54:50 C:\WINDOWS\system32\rts8891u.dll |31/01/2007 12:54:50 C:\WINDOWS\system32\hpgtpusd.dll |31/01/2007 12:54:50 C:\WINDOWS\system32\hpsjvset.dll |31/01/2007 12:54:50 C:\WINDOWS\system32\hpgtulbz.dll |31/01/2007 12:54:51 C:\WINDOWS\system32\KPUAEJO.DLL |26/02/2007 18:28:03 C:\WINDOWS\system32\epdotu77.dll |03/08/2004 22:54:30 C:\WINDOWS\system32\OTXCIOTY.DLL |26/02/2007 18:28:04 C:\WINDOWS\system32\LRXEJOT.DLL |26/02/2007 18:41:12 C:\WINDOWS\system32\mshtmll.dll |27/02/2007 08:14:31 C:\WINDOWS\system32\hticons.dll |01/01/2003 01:50:38 C:\WINDOWS\system32\1k8mu7iJg.dll |26/02/2007 18:27:22 C:\WINDOWS\system32\LFCMP70n.DLL |11/06/1998 14:08:02 C:\WINDOWS\system32\Lffpx7.dll |14/04/2000 16:50:02 C:\WINDOWS\system32\Lfkodak.dll |11/06/1998 14:08:06 C:\WINDOWS\system32\ipebase12.dll |11/04/2001 21:13:46 C:\WINDOWS\system32\ipeistor12.dll |11/04/2001 21:16:58 C:\WINDOWS\system32\imagX7.dll |26/07/2004 17:16:10 C:\WINDOWS\system32\imagXpr7.dll |26/07/2004 17:16:10 C:\WINDOWS\system32\imagXR7.dll |26/07/2004 17:16:10 C:\WINDOWS\system32\imagXRA7.dll |26/07/2004 17:16:10 C:\WINDOWS\system32\TwnLib4.dll |09/07/2004 09:43:56 C:\WINDOWS\system32\NeroCo.dll |16/02/2005 15:18:04 C:\WINDOWS\system32\RXBGNSXCIN.DLL |26/02/2007 18:28:03 C:\WINDOWS\system32\OUZELQVZE.DLL |26/02/2007 18:28:04 C:\WINDOWS\system32\bdco1.dll |01/01/2003 02:15:15 C:\WINDOWS\system32\nvconrm.dll |01/01/2003 02:15:15 C:\WINDOWS\system32\fdco1.dll |01/01/2003 02:15:19 C:\WINDOWS\system32\idecoi.dll |01/01/2003 02:15:23 C:\WINDOWS\system32\a3d.dll |01/01/2003 02:08:37 C:\WINDOWS\system32\Audio3D.dll |01/01/2003 02:08:37 C:\WINDOWS\system32\RtlCPAPI.dll |01/01/2003 02:15:55 C:\WINDOWS\system32\ativcoxx.dll |09/11/2001 16:01:04 C:\WINDOWS\system32\Monapi.dll |24/06/2002 00:09:26 C:\WINDOWS\system32\HPKBDEXT.DLL |29/06/2000 10:05:04 C:\WINDOWS\system32\HPMAPILD.DLL |04/02/2002 16:49:08 C:\WINDOWS\system32\HPMSGLED.DLL |04/02/2002 16:49:06 C:\WINDOWS\system32\E_SL2353.DLL |01/01/2003 02:26:50 C:\WINDOWS\system32\ECBTEG.DLL |01/01/2003 02:26:50 C:\WINDOWS\system32\EBPCHP.DLL |01/01/2003 02:26:50 C:\WINDOWS\system32\EBAPI2.dll |01/01/2003 02:27:43 C:\WINDOWS\system32\px.dll |01/01/2003 02:38:21 C:\WINDOWS\system32\pxmas.dll |01/01/2003 02:38:21 C:\WINDOWS\system32\pxwave.dll |01/01/2003 02:38:21 C:\WINDOWS\system32\vxblock.dll |01/01/2003 02:38:21 C:\WINDOWS\system32\pxdrv.dll |01/01/2003 02:38:21 C:\WINDOWS\system32\pxsfs.dll |01/01/2003 02:38:21 C:\WINDOWS\system32\pxafs.dll |01/01/2003 02:38:21 Le volume dans le lecteur C s'appelle ORDI FIXE Le numéro de série du volume est 1701-08F7 Répertoire de C:\WINDOWS\system32 03/08/2004 22:54 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 14 924 382 208 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle ORDI FIXE Le numéro de série du volume est 1701-08F7 Répertoire de C:\WINDOWS\Downloaded Program Files 01/01/2003 01:53 <REP> . 01/01/2003 01:53 <REP> .. 01/01/2003 01:53 65 desktop.ini 26/05/2005 04:19 291 wuweb.inf 09/11/2006 14:36 5 019 swflash.inf 15/11/2006 14:20 251 368 ExentCtl.ocx 31/05/2006 04:15 10 oscan81.ocx_x 14/03/2005 14:38 126 live.ini 14/03/2005 14:58 7 073 scanoptions.tsi 16/03/2005 12:34 7 407 lang.ini 25/05/2006 01:21 53 248 ipsupd.dll 25/05/2006 01:21 118 784 bdupd.dll 07/12/2004 17:07 32 libfn.dll 07/12/2004 17:07 32 bdcore.dll 01/06/2006 02:54 471 040 oscan8.ocx 01/06/2006 02:57 1 331 oscan8.inf 02/11/2005 18:07 435 712 xscan53.ocx 02/11/2005 18:01 1 777 xscan.inf 08/08/2006 11:45 576 kavwebscan.inf 17 fichier(s) 1 353 891 octets Total des fichiers listés : 17 fichier(s) 1 353 891 octets 2 Rép(s) 14 924 382 208 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Liste des programmes installes Ad-Aware SE Professional Adobe Flash Player 9 ActiveX Adobe Reader 8 - Français Adsense based PopAd Archiveur WinRAR ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver ATI HYDRAVISION avast! Antivirus AVG Anti-Spyware 7.5 CCleaner (remove only) Creative Mass Storage Drivers Creative Mass Storage Drivers Creative MediaSource Creative System Information Creative Zen Nano Plus EPSON Logiciel imprimante EPSON Logiciel imprimante Hewlett-Packard Extended Keyboard HijackThis 1.99.1 HP Precisionscan Pro 3.1 K!TV Kaspersky Online Scanner Livebox Logitech Audio Echo Cancellation Component Logitech Desktop Messenger Logitech QuickCam Logitech Video Enumerator Microsoft .NET Framework 1.1 Mozilla Firefox (2.0.0.2) Mozilla Thunderbird (1.5) NEC-Mitsubishi NaViSet NEC-Mitsubishi NaViSet Nero 7 Ultra Edition NVIDIA Drivers OpenOffice.org 2.1 Programme de gestion Camera de Logitech® Rainlendar (remove only) Realtek AC'97 Audio Spybot - Search & Destroy 1.4 Themexp.org File VideoLAN VLC media player 0.8.4a Winamp (remove only) Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Media Format Runtime Ziepod 0.99.8 Zion++ Vert 2.16 Le volume dans le lecteur C s'appelle ORDI FIXE Le numéro de série du volume est 1701-08F7 Répertoire de C:\Program Files 01/01/2003 01:46 <REP> . 01/01/2003 01:46 <REP> .. 14/01/2007 20:01 <REP> Adobe 01/01/2003 02:34 <REP> Alwil Software 01/01/2003 02:18 <REP> ATI Technologies 28/01/2007 21:15 <REP> Boonty 01/01/2003 02:35 <REP> CCleaner 01/01/2003 01:51 <REP> ComPlus Applications 01/01/2003 02:47 <REP> Creative 11/02/2007 10:38 <REP> DAEMON Tools 01/01/2003 02:26 <REP> EPSON 01/01/2003 01:46 <REP> Fichiers communs 27/02/2007 07:17 <REP> Grisoft 31/01/2007 12:53 <REP> Hewlett-Packard 01/01/2003 01:51 <REP> Internet Explorer 13/01/2007 18:21 <REP> K!TV 01/01/2003 02:35 <REP> Lavasoft 01/01/2003 03:12 <REP> Logitech 01/01/2003 01:50 <REP> Messenger 01/01/2003 01:55 <REP> microsoft frontpage 01/01/2003 01:52 <REP> Movie Maker 01/01/2003 03:44 <REP> MozBackup 01/01/2003 02:35 <REP> Mozilla Firefox 01/01/2003 02:35 <REP> Mozilla Thunderbird 01/01/2003 01:50 <REP> MSN 01/01/2003 01:50 <REP> MSN Gaming Zone 01/01/2003 03:53 <REP> MSN Messenger 28/01/2007 21:16 <REP> My Downloaded Games 01/01/2003 02:23 <REP> NEC-Mitsubishi 30/01/2007 08:03 <REP> Nero 01/01/2003 01:52 <REP> NetMeeting 01/01/2003 01:51 <REP> Online Services 14/01/2007 17:45 <REP> OpenOffice.org 2.1 01/01/2003 01:52 <REP> Outlook Express 11/02/2007 10:39 <REP> Pinnacle 21/01/2007 09:25 <REP> Rainlendar 08/02/2007 07:49 <REP> regseek 01/01/2003 03:38 <REP> SAGEM 01/01/2003 01:53 <REP> Services en ligne 26/02/2007 18:40 <REP> SoftToolbar 01/01/2003 02:36 <REP> Spybot - Search & Destroy 28/01/2007 20:44 <REP> Systran 18/01/2007 18:12 <REP> themexp 01/01/2003 02:36 <REP> VideoLAN 01/01/2003 02:38 <REP> Winamp 01/01/2003 01:51 <REP> Windows Media Player 01/01/2003 01:50 <REP> Windows NT 01/01/2003 02:37 <REP> WinRAR 01/01/2003 02:58 <REP> WinTV 01/01/2003 01:55 <REP> xerox 14/01/2007 07:50 <REP> Ziepod 28/01/2007 08:40 <REP> Zion++ 0 fichier(s) 0 octets 52 Rép(s) 14 924 251 136 octets libres Le volume dans le lecteur C s'appelle ORDI FIXE Le numéro de série du volume est 1701-08F7 Répertoire de C:\Program Files\fichiers communs 01/01/2003 01:46 <REP> . 01/01/2003 01:46 <REP> .. 01/01/2003 01:46 <REP> Microsoft Shared 01/01/2003 01:46 <REP> SpeechEngines 01/01/2003 01:46 <REP> ODBC 01/01/2003 01:51 <REP> System 01/01/2003 01:52 <REP> MSSoap 01/01/2003 01:52 <REP> Services 01/01/2003 02:14 <REP> InstallShield 01/01/2003 02:27 <REP> EPSON 01/01/2003 03:12 <REP> Logitech 14/01/2007 20:01 <REP> Adobe 28/01/2007 21:17 <REP> Macrovision Shared 30/01/2007 08:03 <REP> Ahead 31/01/2007 12:53 <REP> Hewlett-Packard 26/02/2007 18:40 <REP> WANSO 0 fichier(s) 0 octets 16 Rép(s) 14 924 251 136 octets libres Le volume dans le lecteur C s'appelle ORDI FIXE Le numéro de série du volume est 1701-08F7 Répertoire de C:\ 11/11/2001 00:00 68 096 diff.exe 27/08/2006 14:10 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 14 924 251 136 octets libres c:\Documents and Settings\Ordi Famille\Local Settings\Temp\1001.exe c:\Documents and Settings\Ordi Famille\Local Settings\Temp\1059.exe c:\Documents and Settings\Ordi Famille\Local Settings\Temp\ad1830.exe c:\Documents and Settings\Ordi Famille\Local Settings\Temp\bind_50202.exe c:\Documents and Settings\Ordi Famille\Local Settings\Temp\kill.exe c:\Documents and Settings\Ordi Famille\Local Settings\Temporary Internet Files\Content.IE5\8LMZO1ER\alading[1].exe c:\Documents and Settings\Ordi Famille\Bureau\clean\pskill.exe c:\Documents and Settings\Ordi Famille\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Ordi Famille\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Ordi Famille\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Ordi Famille\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Ordi Famille\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Ordi Famille\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Ordi Famille\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Ordi Famille\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Ordi Famille\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Ordi Famille\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe c:\Documents and Settings\Ordi Famille\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\Ordi Famille\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Ordi Famille\Application Data\Creative\Media Database\JetFileBackup\Expsrv.dll c:\Documents and Settings\Ordi Famille\Application Data\Creative\Media Database\JetFileBackup\Msado15.dll c:\Documents and Settings\Ordi Famille\Application Data\Creative\Media Database\JetFileBackup\Msadox.dll c:\Documents and Settings\Ordi Famille\Application Data\Creative\Media Database\JetFileBackup\Msadrh15.dll c:\Documents and Settings\Ordi Famille\Application Data\Creative\Media Database\JetFileBackup\Msjet40.dll c:\Documents and Settings\Ordi Famille\Application Data\Creative\Media Database\JetFileBackup\Msjetoledb40.dll c:\Documents and Settings\Ordi Famille\Application Data\Creative\Media Database\JetFileBackup\Msjint40.dll c:\Documents and Settings\Ordi Famille\Application Data\Creative\Media Database\JetFileBackup\Msjro.dll c:\Documents and Settings\Ordi Famille\Application Data\Creative\Media Database\JetFileBackup\Msjter40.dll c:\Documents and Settings\Ordi Famille\Application Data\Creative\Media Database\JetFileBackup\Msjtes40.dll c:\Documents and Settings\Ordi Famille\Application Data\Creative\Media Database\JetFileBackup\Mswstr10.dll c:\Documents and Settings\Ordi Famille\Application Data\Creative\Media Database\JetFileBackup\vbajet32.dll Liste des drivers... < Service Pack 2 2 27 2007 20:27:48.500 < Pilote charg' \WINDOWS\system32\ntoskrnl.exe < Pilote charg' \WINDOWS\system32\hal.dll < Pilote charg' \WINDOWS\system32\KDCOM.DLL < Pilote charg' \WINDOWS\system32\BOOTVID.dll < Pilote charg' sptd.sys < Pilote charg' \WINDOWS\System32\Drivers\WMILIB.SYS < Pilote charg' \WINDOWS\System32\Drivers\SCSIPORT.SYS < Pilote charg' ACPI.sys < Pilote charg' pci.sys < Pilote charg' isapnp.sys < Pilote charg' ohci1394.sys < Pilote charg' \WINDOWS\system32\DRIVERS\1394BUS.SYS < Pilote charg' pciide.sys < Pilote charg' \WINDOWS\system32\DRIVERS\PCIIDEX.SYS < Pilote charg' MountMgr.sys < Pilote charg' ftdisk.sys < Pilote charg' dmload.sys < Pilote charg' dmio.sys < Pilote charg' PartMgr.sys < Pilote charg' VolSnap.sys < Pilote charg' atapi.sys < Pilote charg' nvatabus.sys < Pilote charg' disk.sys < Pilote charg' \WINDOWS\system32\DRIVERS\CLASSPNP.SYS < Pilote charg' fltMgr.sys < Pilote charg' PxHelp20.sys < Pilote charg' Fastfat.sys < Pilote charg' KSecDD.sys < Pilote charg' NDIS.sys < Pilote charg' nv_agp.sys < Pilote charg' Mup.sys < Pilote charg' epdotu77.sys < Pilote charg' \SystemRoot\system32\DRIVERS\nic1394.sys < Pilote charg' \SystemRoot\system32\DRIVERS\amdk7.sys < Pilote charg' \SystemRoot\system32\DRIVERS\usbohci.sys < Pilote charg' \SystemRoot\system32\DRIVERS\usbehci.sys < Pilote charg' \SystemRoot\system32\DRIVERS\nvnetbus.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\ALCXWDM.SYS < Pilote charg' \SystemRoot\system32\drivers\ALCXSENS.SYS < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\DRIVERS\HCWBT8XX.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\DRIVERS\cdrom.sys < Pilote charg' \SystemRoot\system32\DRIVERS\redbook.sys < Pilote charg' \SystemRoot\system32\DRIVERS\imapi.sys < Pilote charg' \SystemRoot\system32\DRIVERS\ati2mtag.sys < Pilote charg' \SystemRoot\system32\DRIVERS\fdc.sys < Pilote charg' \SystemRoot\system32\DRIVERS\serial.sys < Pilote charg' \SystemRoot\system32\DRIVERS\serenum.sys < Pilote charg' \SystemRoot\system32\DRIVERS\parport.sys < Pilote charg' \SystemRoot\system32\DRIVERS\i8042prt.sys < Pilote charg' \SystemRoot\system32\DRIVERS\mouclass.sys < Pilote charg' \SystemRoot\system32\DRIVERS\hpmmkbd.sys < Pilote charg' \SystemRoot\system32\DRIVERS\kbdclass.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\DRIVERS\audstub.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\DRIVERS\rasl2tp.sys < Pilote charg' \SystemRoot\system32\DRIVERS\ndistapi.sys < Pilote charg' \SystemRoot\system32\DRIVERS\ndiswan.sys < Pilote charg' \SystemRoot\system32\DRIVERS\raspppoe.sys < Pilote charg' \SystemRoot\system32\DRIVERS\raspptp.sys < Pilote charg' \SystemRoot\system32\DRIVERS\msgpc.sys < Pilote charg' \SystemRoot\system32\DRIVERS\psched.sys < Pilote charg' \SystemRoot\system32\DRIVERS\ptilink.sys < Pilote charg' \SystemRoot\system32\DRIVERS\raspti.sys < Pilote charg' \SystemRoot\system32\DRIVERS\rdpdr.sys < Pilote charg' \SystemRoot\system32\DRIVERS\termdd.sys < Pilote charg' \SystemRoot\system32\DRIVERS\swenum.sys < Pilote charg' \SystemRoot\system32\DRIVERS\update.sys < Pilote charg' \SystemRoot\system32\DRIVERS\mssmbios.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\System32\Drivers\NDProxy.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\NDProxy.SYS < Pilote charg' \SystemRoot\system32\DRIVERS\usbhub.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\DRIVERS\NVENETFD.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\DRIVERS\flpydisk.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\lbrtfdc.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Sfloppy.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\i2omgmt.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Changer.SYS < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\Cdaudio.SYS < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\DRIVERS\usbccgp.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\DRIVERS\LVMVDrv.sys < Pilote charg' \SystemRoot\system32\drivers\lvusbsta.sys < Pilote charg' \SystemRoot\system32\DRIVERS\LV302AV.SYS < Pilote charg' \SystemRoot\system32\DRIVERS\lv302af.sys < Pilote charg' \SystemRoot\system32\drivers\usbaudio.sys < Pilote charg' \SystemRoot\system32\DRIVERS\LVcKap.sys < Pilote charg' \SystemRoot\system32\drivers\fkwld.sys < Pilote charg' \SystemRoot\System32\Drivers\Fs_Rec.SYS < Pilote charg' \SystemRoot\System32\Drivers\Null.SYS < Pilote charg' \SystemRoot\System32\Drivers\Beep.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\AvgAsCln.sys < Pilote charg' \SystemRoot\System32\drivers\vga.sys < Pilote charg' \SystemRoot\System32\Drivers\mnmdd.SYS < Pilote charg' \SystemRoot\System32\DRIVERS\RDPCDD.sys < Pilote charg' \SystemRoot\System32\Drivers\Msfs.SYS < Pilote charg' \SystemRoot\System32\Drivers\Npfs.SYS < Pilote charg' \SystemRoot\system32\DRIVERS\rasacd.sys < Pilote charg' \SystemRoot\system32\DRIVERS\ipsec.sys < Pilote charg' \SystemRoot\system32\DRIVERS\tcpip.sys < Pilote charg' \SystemRoot\System32\Drivers\aswTdi.SYS < Pilote charg' \SystemRoot\system32\DRIVERS\netbt.sys < Pilote charg' \SystemRoot\System32\drivers\afd.sys < Pilote charg' \SystemRoot\system32\DRIVERS\netbios.sys < Le pilote n'a pas 't' charg' \SystemRoot\System32\Drivers\PCIDump.SYS < Pilote charg' \SystemRoot\system32\DRIVERS\rdbss.sys < Pilote charg' \SystemRoot\system32\DRIVERS\mrxsmb.sys < Le pilote n'a pas 't' charg' \SystemRoot\system32\drivers\InCDPass.sys < Le pilote n'a pas 't' charg' \SystemRoot\system32\drivers\InCDRm.sys < Pilote charg' \SystemRoot\system32\DRIVERS\ipnat.sys < Pilote charg' \SystemRoot\system32\DRIVERS\wanarp.sys < Pilote charg' \SystemRoot\system32\DRIVERS\arp1394.sys < Pilote charg' \SystemRoot\System32\Drivers\Fips.SYS < Pilote charg' \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys < Pilote charg' \SystemRoot\System32\Drivers\Aavmker4.SYS < Pilote charg' \SystemRoot\system32\drivers\splitter.sys < Pilote charg' \SystemRoot\system32\drivers\aec.sys < Pilote charg' \SystemRoot\system32\drivers\swmidi.sys < Pilote charg' \SystemRoot\system32\drivers\DMusic.sys < Pilote charg' \SystemRoot\system32\drivers\kmixer.sys < Pilote charg' \SystemRoot\system32\drivers\drmkaud.sys < Pilote charg' \SystemRoot\System32\Drivers\Cdfs.SYS < Pilote charg' \SystemRoot\system32\DRIVERS\ndisuio.sys < Le pilote n'a pas 't' charg' \SystemRoot\system32\DRIVERS\rdbss.sys < Le pilote n'a pas 't' charg' \SystemRoot\system32\DRIVERS\mrxsmb.sys < Pilote charg' \SystemRoot\system32\drivers\wdmaud.sys < Pilote charg' \SystemRoot\system32\drivers\sysaudio.sys < Pilote charg' \SystemRoot\system32\drivers\splitter.sys < Pilote charg' \SystemRoot\system32\drivers\aec.sys < Pilote charg' \SystemRoot\system32\drivers\swmidi.sys < Pilote charg' \SystemRoot\system32\drivers\DMusic.sys < Pilote charg' \SystemRoot\system32\drivers\kmixer.sys < Pilote charg' \SystemRoot\system32\drivers\drmkaud.sys < Pilote charg' Fastfat.SYS *********************************************************************************** Logfile of HijackThis v1.99.1 Scan saved at 20:32:09, on 27/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\WINDOWS\system32\mssys32.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Telechargement\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {A4BC11D3-1D10-17D1-13D4-943BB236A5D0} - C:\WINDOWS\system32\mshtmll.dll O2 - BHO: (no name) - {C4B517D3-1813-13D3-18D3-2435B936A0A0} - C:\WINDOWS\system32\mshtmll.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [mshtmll] regsvr32 /s C:\WINDOWS\system32\mshtmll.dll O4 - HKCU\..\Run: [mssys32] C:\WINDOWS\system32\mssys32.exe O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E638575D-BAE0-4F04-8E99-B8A05836CA3C}: NameServer = 192.168.1.1 O18 - Protocol: bw+0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: sclgntfys - C:\WINDOWS\sclgntfys.dll O23 - Service: 1FA013DE - Unknown owner - C:\WINDOWS\system32\1FA013DE.EXE (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: jsefusf - Unknown owner - C:\WINDOWS\system32\jsefusf.exe (file missing) O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe

Voici les rapports KASPERSKY ONLINE SCANNER REPORT Tuesday, February 27, 2007 7:19:54 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 27/02/2007 Kaspersky Anti-Virus database records: 258959 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target Critical Areas C:\WINDOWS C:\DOCUME~1\ORDIFA~1\LOCALS~1\Temp\ Scan Statistics Total number of scanned objects 12625 Number of viruses found 1 Number of infected objects 3 / 0 Number of suspicious objects 0 Duration of the scan process 00:08:33 Infected Object Name Virus Name Last Action C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\drivers\epdotu77.sys Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\ffudf.exe Infected: Backdoor.Win32.Agent.ahj skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\jsefusf.exe Infected: Backdoor.Win32.Agent.ahj skipped C:\WINDOWS\system32\jsefusf.dll Infected: Backdoor.Win32.Agent.ahj skipped C:\WINDOWS\system32\epdotu77.dll Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_284.dat Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\WINDOWS\sclgntfys.dll Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\DOCUME~1\ORDIFA~1\LOCALS~1\Temp\~DFCE0.tmp Object is locked skipped Scan process completed. *********************************************************************************************** RAPPORT CLEAN Script execute en mode sans echec Rapport clean par Malekal_morte - http://www.malekal.com Option 2, executee le 27/02/2007 a 17:54:05,70 Microsoft Windows XP [version 5.1.2600] *** Suppression de fichiers sur C: *** Suppression des fichiers dans C:\WINDOWS\ tentative de suppression de C:\WINDOWS\EDpbw.exe *** Suppression des fichiers dans C:\WINDOWS\system32 tentative de suppression de C:\WINDOWS\system32\ad_1128.exe tentative de suppression de C:\WINDOWS\system32\dufs1.exe tentative de suppression de "C:\Program Files\Fichiers communs\CPUSH\" *** Suppression des clefs du registre effectuee.. *** Fin du rapport ! *********************************************************************************************** Logfile of HijackThis v1.99.1 Scan saved at 19:31:50, on 27/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\mssys32.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Telechargement\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {A4BC11D3-1D10-17D1-13D4-943BB236A5D0} - C:\WINDOWS\system32\mshtmll.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [mshtmll] regsvr32 /s C:\WINDOWS\system32\mshtmll.dll O4 - HKCU\..\Run: [mssys32] C:\WINDOWS\system32\mssys32.exe O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E638575D-BAE0-4F04-8E99-B8A05836CA3C}: NameServer = 192.168.1.1 O18 - Protocol: bw+0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: sclgntfys - C:\WINDOWS\sclgntfys.dll O23 - Service: 1FA013DE - Unknown owner - C:\WINDOWS\system32\1FA013DE.EXE (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe

Je mis met dès que je rentre à la maison. Merci encore.

Tout d'abord merci de prendre un petit temps pour m'aider. VundoFix n'a rien trouvé. ********************************************************* VundoFix V6.3.9 Checking Java version... Sun Java not detected Scan started at 13:08:19 27/02/2007 Listing files found while scanning.... No infected files were found. Beginning removal... ********************************************************* Logfile of HijackThis v1.99.1 Scan saved at 13:13:48, on 27/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\WINDOWS\system32\ffudf.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mssys32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Telechargement\scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\WINDOWS\EDpbw.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush0.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Ziepod One-Click IE Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\WINDOWS\system32\ZiepodOneClicker.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {A4BC11D3-1D10-17D1-13D4-943BB236A5D0} - C:\WINDOWS\system32\mshtmll.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [s0rf6rd] rundll32.exe C:\WINDOWS\f0vd12yigmug2.dll _start@16 O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [updatereal] C:\WINDOWS\AntiAdwa.exe other O4 - HKCU\..\Run: [mssys32] C:\WINDOWS\system32\mssys32.exe O4 - HKCU\..\Run: [mshtmll] regsvr32 /s C:\WINDOWS\system32\mshtmll.dll O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Program Files\²Æ¸»Í¨\caif.dll (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E638575D-BAE0-4F04-8E99-B8A05836CA3C}: NameServer = 192.168.1.1 O18 - Protocol: bw+0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: sclgntfys - C:\WINDOWS\sclgntfys.dll O23 - Service: 4C5A618A - Unknown owner - C:\WINDOWS\system32\4C5A618A.EXE (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe