Besoin d'aide

[Cezboy]

Logfile of HijackThis v1.99.1

Scan saved at 21:34:01, on 27/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\Rainlendar\Rainlendar.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Telechargement\scanner.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {C4B517D3-1813-13D3-18D3-2435B936A0A0} - C:\WINDOWS\system32\mshtmll.dll (file missing)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E638575D-BAE0-4F04-8E99-B8A05836CA3C}: NameServer = 192.168.1.1

O18 - Protocol: bw+0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {7EB594B5-7A72-4CAB-AFBD-ECB7A63B1AA2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: 1FA013DE - Unknown owner - C:\WINDOWS\system32\1FA013DE.EXE (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: jsefusf - Unknown owner - C:\WINDOWS\system32\jsefusf.exe (file missing)

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe

*********************************************************************************************************************

 

 

Pour le rapport AVG, je n'arrive pas a mettre la main dessus.

Et je vais voir dans le logiciel, à l'onglet Rapport il me dit "Aucun Rapport Disponible"

[Malekal_morte]

Il manque le rapport Killbox.

[Cezboy]

Oups pardon

Pocket Killbox version 2.0.0.648

Running on Windows XP as Ordi Famille(Administrator)

was started @ mardi, février 27, 2007, 9:23 PM

 

# 1 [Delete on Reboot]

Path = C:\WINDOWS\System32\mssys32.exe

 

 

# 2 [Delete on Reboot]

Path = C:\WINDOWS\System32\12.exe

 

 

# 3 [Delete on Reboot]

Path = C:\WINDOWS\System32\2100qqgm.exe

 

 

# 4 [Delete on Reboot]

Path = C:\WINDOWS\System32\JOTYDJ.AAB

 

 

# 5 [Delete on Reboot]

Path = C:\WINDOWS\System32\OTXCIOTY.DLL

 

 

# 6 [Delete on Reboot]

Path = C:\WINDOWS\System32\KPUAEJO.DLL

 

 

# 7 [Delete on Reboot]

Path = C:\WINDOWS\System32\1k8mu7iJg.dll

 

 

# 8 [Delete on Reboot]

Path = C:\WINDOWS\3030.exe

 

 

# 9 [Delete on Reboot]

Path = C:\WINDOWS\temp.exe

 

 

# 10 [Delete on Reboot]

Path = C:\WINDOWS\hbrVJ.exe

 

 

# 11 [Delete on Reboot]

Path = C:\WINDOWS\system32\mshtmll.dll

 

 

# 12 [Delete on Reboot]

Path = C:\WINDOWS\sclgntfys.dll

 

 

I Rebooted @ 9:28:14 PM

Killbox Closed(Exit) @ 9:28:17 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as Ordi Famille(Administrator)

was started @ mardi, février 27, 2007, 9:53 PM

[Malekal_morte]

- Fais un scan avec panda en désactivant ton antivirus pendant le scan!

(Si tu es perdu, tu peux suivre cette aide pour les scans en ligne)

- Copie/colle le rapport panda ici

[Cezboy]

Voila le rapport

Incident Status Location

 

Adware:Adware/Alexa-Toolbar Not disinfected C:\WINDOWS\SYSTEM32\FFUDF.EXE

Adware:Adware/BaiduBar Not disinfected C:\WINDOWS\SYSTEM32\BAWANG.EXE

Virus:Trj/WinKld.A Disinfected C:\WINDOWS\SYSTEM32\DUFS2.EXE

Virus:Trj/WinKld.A Not disinfected C:\WINDOWS\BD3.EXE[ad_1132.exe]

Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\COOKIES.TXT[.xiti.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\COOKIES.TXT[.doubleclick.net/]

Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\COOKIES.TXT[.mediaplex.com/]

Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\COOKIES.TXT[.weborama.fr/]

Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\COOKIES.TXT[.tradedoubler.com/]

Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Ordi Famille\Application Data\Mozilla\Firefox\Profiles\hhg50j8d.default\COOKIES.TXT[.bluestreak.com/]

Adware:Adware/51115 Not disinfected C:\!KillBox\MSHTMLL.DLL

[Malekal_morte]

Supprime ces fichiers :

C:\WINDOWS\SYSTEM32\FFUDF.EXE

C:\WINDOWS\SYSTEM32\BAWANG.EXE

C:\WINDOWS\SYSTEM32\DUFS2.EXE

C:\WINDOWS\BD2.EXE

C:\WINDOWS\BD3.EXE

C:\WINDOWS\BD4.EXE

C:\WINDOWS\BD5.EXE

 

 

Comment va l'ordinateur?

[Cezboy]

Supprime ces fichiers :

C:\WINDOWS\SYSTEM32\FFUDF.EXE ---------- Ca fait plusieurs fois que je le supprime celui là, pourquoi il revient ??

C:\WINDOWS\SYSTEM32\BAWANG.EXE

C:\WINDOWS\SYSTEM32\DUFS2.EXE

C:\WINDOWS\BD2.EXE

C:\WINDOWS\BD3.EXE

C:\WINDOWS\BD4.EXE

C:\WINDOWS\BD5.EXE

Comment va l'ordinateur?

 

Le pc ne montre plus de signe d'infection. Il tourne bien.

[Malekal_morte]

OK.

 

Il y avait un keylogger dans ton infection. Un keylogger est un programme qui enregistre les frappes claviers dans le but d'intercepter les mots de passe et numéro de carte de crédits.

 

Pour finir :

 

Sur HijackThis, coche ces lignes :

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm

O2 - BHO: (no name) - {C4B517D3-1813-13D3-18D3-2435B936A0A0} - C:\WINDOWS\system32\mshtmll.dll (file missing)

 

--> clic sur fix checked

 

_____

 

 

Je t'invite à changer tes mots de passe et contacter ta banque.

 

 

 

C'est OK en suivant les dernières manipulations ci-dessous

 

Essaye de rapporter ton infection sur le site que je te donne ci-dessous, ce serait super cool

 

Ton infection : Infection Chinoise / Keylogger

 

Finir le nettoyage :

- Nettoye ton ordinateur avec CCleaner : http://www.malekal.com/tutorial_CCleaner.html

- Désactive puis réactive la restauration du système :

- Mode d'emploi Windows XP

- Tu peux ensuite désinstaller tous les programmes que l'on a utilisé.

 

 

 

je t'invite à jeter un coup d'oeil à ces liens dans la mesure du possible, essaye de rapporter ton infection :

 

Comment se protéger des virus : - Tout ceci est résume sur cette page : Sécuriser son ordinateur et connaître les menaces

Je t'invite aussi à mettre à jour tous les composants de ton système - Garde l'habitude de les maintenir à jour, un ordinateur avec des logiciels non à jour = infection ! tu peux scanner ton ordinateur pour vérifier quels sont les progammes non à jour en suivant les directives de cette page : http://www.malekal.com/scan_vulnerabilite.php

 

Faire bouger les choses :

 

Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapport ton infection :

- Voir les règles de Malware-Complaints

- Enregistre sur le forum à partir du bouton register en haut :

Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age

Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

 

Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforu...e115fda8cee41a4

 

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10

 

Pour poster un message, clics sur le bouton "post reply" et remplir les informations - NE PAS CREER UN SUJET avec le bouton New Topic.

 

Pour toutes aides pour poster ton message, tu peux consulter ce lien : http://www.malekal.com/malwarecomplaints.html

Si tu as des questions ou des problèmes, n'hésites pas à me demander ici ou à contacter un des modérateurs du forum : Kimberly, AgnesD ou ipl_001

[Malekal_morte]

Un petit truc :

Peux-tu zipper le dossier C:\!Killbox sous le nom Cezboy.zip

Peux-tu aller sur http://upload.malekal.com

ensuite tu clic sur parcourir et sélectionne le zip.

Et tu clics sur envoyer fichier.

 

Merci de confirmer quand cela est fait !

[Cezboy]

Un petit truc :

Peux-tu zipper le dossier C:\!Killbox sous le nom Cezboy.zip

Peux-tu aller sur http://upload.malekal.com

ensuite tu clic sur parcourir et sélectionne le zip.

Et tu clics sur envoyer fichier.

 

Merci de confirmer quand cela est fait !

Je viens de t'envoyer Cezboy.zip dans Malware. Je peux te demander à quoi ca va te servir ?

 

Merci beaucoup pour ton aide.

Je vais me pencher sérieusement sur le sujet.(Aurais-tu de bons Tutos à me proposer ?).

Et peux être qu'un jour je pourrais aidé quelqu'un à mon tour.

 

Encore merci, a bientôt j'espere mais dans d'autres circonstance.

Cezboy.