Analyse rapport Hijackthis SVP

[phyr312]

Bonjour,

depuis quelques temps j'ai des résultats bizares quand j'utilise la commande cmd netstat

J'ai passé Hijackthis, mais je n'y comprends rien.

Pourriez vous svp analyser mon rapport et me dire ce que vouss en pensez ?

Merci d'avance.

 

Logfile of HijackThis v1.99.1

Scan saved at 11:45:22, on 19/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\ps2.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe

C:\Logitech\SetPoint\LBTWiz.exe

C:\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\QuickTime\qttask.exe

C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

C:\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe

C:\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE

C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\Logitech\Easy Synchronization\servicestub.exe

C:\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

c:\program files\internet explorer\iexplore.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aerosim.free.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll

O2 - BHO: (no name) - {4116222D-BD1A-4B19-B577-20C0A2D9B737} - C:\WINDOWS\system32\pyxintypes22.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KASP] "C:\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [OESpamTest] C:\KASPER~1\KASPER~3\OESpamTest.ExE

O4 - HKLM\..\Run: [devwin10] C:\devwin10.exe /S

O4 - HKLM\..\Run: [iSUSPM Startup] c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe -startup

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [Easy Synchronization] C:\Logitech\Easy Synchronization\LogitechEasySync.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [suNotification] K:\ShadowSurfer\suatshut.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Logitech\Easy Synchronization\LogitechEasySync.exe --ports

O4 - HKCU\..\Run: [Wallpaper] "C:\Wallpaper\Wallpaper.exe" Starter

O4 - HKCU\..\Run: [ccleaner] "C:\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [LDM] C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Startup: Kaspersky Anti-Hacker.lnk = C:\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://K:\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O15 - Trusted Zone: http://aerosim.free.fr

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab

O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} (KeybHunterWebInterface Class) - https://particuliers.secure.lcl.fr/v_1.0/im...FormProtect.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132567961562

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx

O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx

O18 - Protocol: bw+0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll

O20 - Winlogon Notify: sunotify - C:\WINDOWS\SYSTEM32\sunotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Modifié le 23 août 2006 par phyr312

[bruce lee]

Bonjour,

 

analyse en cours, retour dans 10 minutes

[Pollux_63]

Bonjour et bienvenue sur zeb'sécu.

Afin d'éliminer les éventuels malwares de ton PC, merci d'appliquer dans un premier la procédure suivante :

http://forum.zebulon.fr/index.php?showtopic=83986

 

Ensuite moi-même, ou un autre membre de l'équipe sécurité te donnera la marche à suivre.

 

A bientôt.

 

PS : si tu as des questions sur la procédure (ou autre) n'hésite pas à demander.

[bruce lee]

re,

 

j'aimerai une petite analyse sur deux fichiers s'il te plait:

 

1/affiche tout les fichiers:

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

 

 

 

2/rend toi ensuite sur ce site http://virusscan.jotti.org/ et fait analyser pyxintypes22.dll qui se trouve ici:

 

C:\WINDOWS\system32\pyxintypes22.dll

 

 

et post le resultat.

 

 

fais la meme manip avec sunotify.dll qui se trouve ici:

 

C:\WINDOWS\SYSTEM32\sunotify.dll

 

@+

 

EDIT: 'jour Pollux_63

Modifié le 19 août 2006 par bruce lee

[Jack_Burton]

Bonjour a tous, bjr phyr312, Bruce et pollux

 

fais la meme manip avec sunotify.dll qui se trouve ici:

 

C:\WINDOWS\SYSTEM32\sunotify.dll

Ce fichier n'est pas infectueux. Il est lié au logiciel ShadowSurfer

 

Bonne continuation

Modifié le 19 août 2006 par Jack_Burton

[phyr312]

Bonjour Bruce Lee

 

Pour: pyxintypes22.dll , voila:

Service load: 0% 100%

 

File: pyxintypes22.dll

Status: INFECTED/MALWARE

MD5 b7078ed9ac861da9cfba98d047cfbcf1

Packers detected: UPX

Scanner results

AntiVir Found Adware-Spyware/Stud.A.1 adware

ArcaVir Found nothing

Avast Found Win32:Trojano-3384

AVG Antivirus Found Generic.LRH

BitDefender Found Trojan.Downloader.Agent.RG

ClamAV Found nothing

Dr.Web Found Trojan.DownLoader.6588

F-Prot Antivirus Found nothing

Fortinet Found W32/Small.CGU!tr

Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Stud.a

NOD32 Found Win32/Adware.BHO.AA application

Norman Virus Control Found W32/Stud.B

UNA Found Adware.Stud

VirusBuster Found nothing

VBA32 Found Trojan-Downloader.Agent.49 (probable variant)

 

 

Pour: sunotify.dll , voila:

Service load: 0% 100%

 

File: sunotify.dll

Status: OK

MD5 6432d085224abd99dbb5c1ee8377f1e0

Packers detected: -

Scanner results

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

UNA Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

Comme le dit Jack Burton, j'ai shadow surfer.

 

Merci de ton aide.

[bruce lee]

re bonjour a tous, jack

 

 

 

Si durant la procedure ci bas, il y a des etapes que tu n'as pas reussi a faire, merci de

continuer la procedure jusqu'au bout et de les signaler dans ta prochaine reponse.

 

 

1/Télécharge http://www.ewido.net/en/download/ Ewido anti-spyware

 

Lance Ewido et clique sur le bouton Update (barre d'outils - au haut). Sous Manual Update clique Start update.

 

Tu verras ceci juste au bas, lorsque la mise à jour sera complétée : "Update successful"

 

Ferme Ewido. Ne pas le lancer tout de suite.

 

 

2/demarre en mode sans echec http://www.sosordi.net/Faq/Faq.2.html

 

 

3/ lance hijackthis en cliquant sur scanner seulementcoche ces lignes:

 

O2 - BHO: (no name) - {4116222D-BD1A-4B19-B577-20C0A2D9B737} - C:\WINDOWS\system32\pyxintypes22.dll

toutes les lignes 018 sauf les 4 dernieres

 

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fixer objet

 

 

4/pour supprimer les fichiers nefastes on va tous les afficher en faisant comme ceci:

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

 

5/supprime ce qui est en gras:

 

C:\WINDOWS\system32\ pyxintypes22.dll<== le fichier

 

 

6/ Du mode Sans Échec, lance Ewido et clique sur le bouton Scanner (de la barre d'outils) et ensuite clique sur Complete System Scan. Le scan prendra un certain temps, donc sois patient.

 

Ewido affichera une liste des fichiers détectés, sur la gauche. En fin de scan, l'outil appliquera les "Actions" à appliquer automatiquement. Clique sur le bouton Apply all actions. Ewido affichera "All actions have been applied" du côté droit.

 

Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit sûr (sur ton Bureau, par exemple).

 

 

7/redemarre en mode normal

 

8/poste le rapport d'ewido ainsi qu'un nouveau log hijackthis.

 

bon courage, et si tu as la moindre question n'hesite surtout pas

 

@+

Modifié le 19 août 2006 par bruce lee

[phyr312]

Bonjour BruceLee,

 

Désolé d'avoir tardé, mais tout cela m'a pris du temps.

J'ai fait tout ce que tu m'as indiqué, voila les nouvelles logs:

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

+ Created at: 16:07:50 21/08/2006

+ Scan result:

 

L:\CD_DVD\Jeu_Keepsake\Anglais\keepsake nocd.zip/unpack.exe -> Adware.Stud : Cleaned with backup (quarantined).

C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D13M1007NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Ignored.

C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.

C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned.

C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@estat[1].txt -> TrackingCookie.Estat : Cleaned.

C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.

C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.

C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.

 

::Report end

------------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 16:14:08, on 21/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\WINDOWS\system32\ps2.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\ewido anti-spyware 4.0\guard.exe

C:\Logitech\SetPoint\LBTWiz.exe

C:\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

C:\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe

C:\Logitech\Easy Synchronization\servicestub.exe

C:\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE

C:\Logitech\Easy Synchronization\LogitechEasySync.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aerosim.free.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [KASP] "C:\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [OESpamTest] C:\KASPER~1\KASPER~3\OESpamTest.ExE

O4 - HKLM\..\Run: [devwin10] C:\devwin10.exe /S

O4 - HKLM\..\Run: [iSUSPM Startup] c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe -startup

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent

O4 - HKLM\..\Run: [Easy Synchronization] C:\Logitech\Easy Synchronization\LogitechEasySync.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [suNotification] K:\ShadowSurfer\suatshut.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Logitech\Easy Synchronization\LogitechEasySync.exe --ports

O4 - HKCU\..\Run: [Wallpaper] "C:\Wallpaper\Wallpaper.exe" Starter

O4 - HKCU\..\Run: [ccleaner] "C:\CCleaner\ccleaner.exe" /AUTO

O4 - HKCU\..\Run: [LDM] C:\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Startup: Kaspersky Anti-Hacker.lnk = C:\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Kaspersky Security Suite\Kaspersky Anti-Hacker\KAVPF.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://K:\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O15 - Trusted Zone: http://aerosim.free.fr

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab

O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (Contrôleur de DownloadManager) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab

O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} (KeybHunterWebInterface Class) - https://particuliers.secure.lcl.fr/v_1.0/im...FormProtect.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132567961562

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx

O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {8050E2F6-454C-494A-8F26-47C5494DD1FB} - C:\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll

O20 - Winlogon Notify: sunotify - C:\WINDOWS\SYSTEM32\sunotify.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Kaspersky Security Suite\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTSERV.EXE

O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Logitech\Easy Synchronization\servicestub.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

-----------------------------------------------------

 

Tu me diras ce que tu en pense ?

 

Sur un autre forum, AgnesD m'aide aussi pour cela, tu peux voir l'avancement des choses à cette adresse:

http://forumxp.net.free.fr/phpBB2/viewtopi...ea8bb0f9163ddb5

 

Merci d'avance.

[bruce lee]

Bonjour phyr312 ,

 

Je te laisse finir avec agnesD (sur l'autre forum)

 

@+

[phyr312]

OK, Merci pour votre aide.