Trojan dropper tk
nhykotine
Messages postés
6
Statut
Membre
-
bernie61 -
bernie61 -
bonjour,
spyware doctor trouve ce trojan droppper agent tk mais ne le supprime pas
le rapport hijackthis donne:
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\msdt.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\desk95.exe
C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe
C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\TEMP\KBSL2.EXE
C:\WINNT\system32\updt.pif
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINNT\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ACD Systems\ACDSee\ACDSee.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\invité\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1F6F9649-16C8-443A-A2AB-72FCDF53BEF8} - C:\WINNT\system32\wsxhtjhx.dll (file missing)
O2 - BHO: TChkBHO Class - {430C9E02-E11F-4B91-9BFB-8EC791313497} - C:\WINNT\system32\bwrjya.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {606CE2E9-2F0B-46D9-28B4-0795C1AADACD} - C:\WINNT\system32\srtdfk.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [fle9R8c] C:\WINNT\pdtejx.exe
O4 - HKLM\..\Run: [Microsoft Windows 128bit Subsystem] C:\WINNT\system32\9B.tmp
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\AC.tmp
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Java] C:\WINNT\TEMP\KBSL2.EXE
O4 - HKLM\..\Run: [Updt Service] updt.pif
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [Updt Service] updt.pif
O4 - HKLM\..\RunServices: [KNMT0] C:\WINNT\TEMP\KNMT0.EXE
O4 - HKLM\..\RunServices: [MOMT1] C:\WINNT\TEMP\MOMT1.EXE
O4 - HKLM\..\RunServices: [LTXX2] C:\WINNT\TEMP\LTXX2.EXE
O4 - HKLM\..\RunServices: [EJBX0] C:\WINNT\TEMP\EJBX0.EXE
O4 - HKLM\..\RunServices: [UDRN1] C:\WINNT\TEMP\UDRN1.EXE
O4 - HKLM\..\RunServices: [BDHN2] C:\WINNT\TEMP\BDHN2.EXE
O4 - HKLM\..\RunServices: [FDTS0] C:\WINNT\TEMP\FDTS0.EXE
O4 - HKLM\..\RunServices: [QRWM1] C:\WINNT\TEMP\QRWM1.EXE
O4 - HKLM\..\RunServices: [NXUL2] C:\WINNT\TEMP\NXUL2.EXE
O4 - HKLM\..\RunServices: [JIHU0] C:\WINNT\TEMP\JIHU0.EXE
O4 - HKLM\..\RunServices: [JXFG1] C:\WINNT\TEMP\JXFG1.EXE
O4 - HKLM\..\RunServices: [XJQJ2] C:\WINNT\TEMP\XJQJ2.EXE
O4 - HKLM\..\RunServices: [JDCN0] C:\WINNT\TEMP\JDCN0.EXE
O4 - HKLM\..\RunServices: [MWCL1] C:\WINNT\TEMP\MWCL1.EXE
O4 - HKLM\..\RunServices: [BMFI2] C:\WINNT\TEMP\BMFI2.EXE
O4 - HKLM\..\RunServices: [XEGQ0] C:\WINNT\TEMP\XEGQ0.EXE
O4 - HKLM\..\RunServices: [UQBE1] C:\WINNT\TEMP\UQBE1.EXE
O4 - HKLM\..\RunServices: [FHKR2] C:\WINNT\TEMP\FHKR2.EXE
O4 - HKLM\..\RunServices: [CXBU0] C:\WINNT\TEMP\CXBU0.EXE
O4 - HKLM\..\RunServices: [VXFH1] C:\WINNT\TEMP\VXFH1.EXE
O4 - HKLM\..\RunServices: [MLCQ2] C:\WINNT\TEMP\MLCQ2.EXE
O4 - HKLM\..\RunServices: [CGFT0] C:\WINNT\TEMP\CGFT0.EXE
O4 - HKLM\..\RunServices: [ITLN1] C:\WINNT\TEMP\ITLN1.EXE
O4 - HKLM\..\RunServices: [NITU2] C:\WINNT\TEMP\NITU2.EXE
O4 - HKLM\..\RunServices: [GWCM0] C:\WINNT\TEMP\GWCM0.EXE
O4 - HKLM\..\RunServices: [GNXO1] C:\WINNT\TEMP\GNXO1.EXE
O4 - HKLM\..\RunServices: [GXVX2] C:\WINNT\TEMP\GXVX2.EXE
O4 - HKLM\..\RunServices: [CBQW0] C:\WINNT\TEMP\CBQW0.EXE
O4 - HKLM\..\RunServices: [WLBE1] C:\WINNT\TEMP\WLBE1.EXE
O4 - HKLM\..\RunServices: [MDOX2] C:\WINNT\TEMP\MDOX2.EXE
O4 - HKLM\..\RunServices: [FPRN0] C:\WINNT\TEMP\FPRN0.EXE
O4 - HKLM\..\RunServices: [JKUI1] C:\WINNT\TEMP\JKUI1.EXE
O4 - HKLM\..\RunServices: [KBSL2] C:\WINNT\TEMP\KBSL2.EXE
O4 - HKLM\..\RunServices: [FPLE0] C:\WINNT\TEMP\FPLE0.EXE
O4 - HKLM\..\RunServices: [VMTR1] C:\WINNT\TEMP\VMTR1.EXE
O4 - HKLM\..\RunServices: [JLKF2] C:\WINNT\TEMP\JLKF2.EXE
O4 - HKLM\..\RunServices: [WVPV0] C:\WINNT\TEMP\WVPV0.EXE
O4 - HKLM\..\RunServices: [WLMX1] C:\WINNT\TEMP\WLMX1.EXE
O4 - HKLM\..\RunServices: [TGCQ2] C:\WINNT\TEMP\TGCQ2.EXE
O4 - HKLM\..\RunServices: [RKCI0] C:\WINNT\TEMP\RKCI0.EXE
O4 - HKLM\..\RunServices: [RBXK1] C:\WINNT\TEMP\RBXK1.EXE
O4 - HKLM\..\RunServices: [VUVT2] C:\WINNT\TEMP\VUVT2.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Updt Service] updt.pif
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunServices: [Updt Service] updt.pif
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/fr/win/QuickTimeInstaller.exe
O18 - Protocol: bw+0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awvvu - awvvu.dll (file missing)
O20 - Winlogon Notify: ddabx - ddabx.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Microsoft Windows Service - Unknown owner - C:\WINNT\mousesync.exe (file missing)
O23 - Service: Microsoft Distributed Transaction (MSDT) - Unknown owner - C:\WINNT\msdt.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINNT\system32\ssl.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: WindowsNod (WinNod) - Unknown owner - C:\WINNT\winnod.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
merci de vos coneils
spyware doctor trouve ce trojan droppper agent tk mais ne le supprime pas
le rapport hijackthis donne:
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\msdt.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\desk95.exe
C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe
C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\TEMP\KBSL2.EXE
C:\WINNT\system32\updt.pif
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINNT\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\ACD Systems\ACDSee\ACDSee.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\invité\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1F6F9649-16C8-443A-A2AB-72FCDF53BEF8} - C:\WINNT\system32\wsxhtjhx.dll (file missing)
O2 - BHO: TChkBHO Class - {430C9E02-E11F-4B91-9BFB-8EC791313497} - C:\WINNT\system32\bwrjya.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {606CE2E9-2F0B-46D9-28B4-0795C1AADACD} - C:\WINNT\system32\srtdfk.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [fle9R8c] C:\WINNT\pdtejx.exe
O4 - HKLM\..\Run: [Microsoft Windows 128bit Subsystem] C:\WINNT\system32\9B.tmp
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\AC.tmp
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Java] C:\WINNT\TEMP\KBSL2.EXE
O4 - HKLM\..\Run: [Updt Service] updt.pif
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [Updt Service] updt.pif
O4 - HKLM\..\RunServices: [KNMT0] C:\WINNT\TEMP\KNMT0.EXE
O4 - HKLM\..\RunServices: [MOMT1] C:\WINNT\TEMP\MOMT1.EXE
O4 - HKLM\..\RunServices: [LTXX2] C:\WINNT\TEMP\LTXX2.EXE
O4 - HKLM\..\RunServices: [EJBX0] C:\WINNT\TEMP\EJBX0.EXE
O4 - HKLM\..\RunServices: [UDRN1] C:\WINNT\TEMP\UDRN1.EXE
O4 - HKLM\..\RunServices: [BDHN2] C:\WINNT\TEMP\BDHN2.EXE
O4 - HKLM\..\RunServices: [FDTS0] C:\WINNT\TEMP\FDTS0.EXE
O4 - HKLM\..\RunServices: [QRWM1] C:\WINNT\TEMP\QRWM1.EXE
O4 - HKLM\..\RunServices: [NXUL2] C:\WINNT\TEMP\NXUL2.EXE
O4 - HKLM\..\RunServices: [JIHU0] C:\WINNT\TEMP\JIHU0.EXE
O4 - HKLM\..\RunServices: [JXFG1] C:\WINNT\TEMP\JXFG1.EXE
O4 - HKLM\..\RunServices: [XJQJ2] C:\WINNT\TEMP\XJQJ2.EXE
O4 - HKLM\..\RunServices: [JDCN0] C:\WINNT\TEMP\JDCN0.EXE
O4 - HKLM\..\RunServices: [MWCL1] C:\WINNT\TEMP\MWCL1.EXE
O4 - HKLM\..\RunServices: [BMFI2] C:\WINNT\TEMP\BMFI2.EXE
O4 - HKLM\..\RunServices: [XEGQ0] C:\WINNT\TEMP\XEGQ0.EXE
O4 - HKLM\..\RunServices: [UQBE1] C:\WINNT\TEMP\UQBE1.EXE
O4 - HKLM\..\RunServices: [FHKR2] C:\WINNT\TEMP\FHKR2.EXE
O4 - HKLM\..\RunServices: [CXBU0] C:\WINNT\TEMP\CXBU0.EXE
O4 - HKLM\..\RunServices: [VXFH1] C:\WINNT\TEMP\VXFH1.EXE
O4 - HKLM\..\RunServices: [MLCQ2] C:\WINNT\TEMP\MLCQ2.EXE
O4 - HKLM\..\RunServices: [CGFT0] C:\WINNT\TEMP\CGFT0.EXE
O4 - HKLM\..\RunServices: [ITLN1] C:\WINNT\TEMP\ITLN1.EXE
O4 - HKLM\..\RunServices: [NITU2] C:\WINNT\TEMP\NITU2.EXE
O4 - HKLM\..\RunServices: [GWCM0] C:\WINNT\TEMP\GWCM0.EXE
O4 - HKLM\..\RunServices: [GNXO1] C:\WINNT\TEMP\GNXO1.EXE
O4 - HKLM\..\RunServices: [GXVX2] C:\WINNT\TEMP\GXVX2.EXE
O4 - HKLM\..\RunServices: [CBQW0] C:\WINNT\TEMP\CBQW0.EXE
O4 - HKLM\..\RunServices: [WLBE1] C:\WINNT\TEMP\WLBE1.EXE
O4 - HKLM\..\RunServices: [MDOX2] C:\WINNT\TEMP\MDOX2.EXE
O4 - HKLM\..\RunServices: [FPRN0] C:\WINNT\TEMP\FPRN0.EXE
O4 - HKLM\..\RunServices: [JKUI1] C:\WINNT\TEMP\JKUI1.EXE
O4 - HKLM\..\RunServices: [KBSL2] C:\WINNT\TEMP\KBSL2.EXE
O4 - HKLM\..\RunServices: [FPLE0] C:\WINNT\TEMP\FPLE0.EXE
O4 - HKLM\..\RunServices: [VMTR1] C:\WINNT\TEMP\VMTR1.EXE
O4 - HKLM\..\RunServices: [JLKF2] C:\WINNT\TEMP\JLKF2.EXE
O4 - HKLM\..\RunServices: [WVPV0] C:\WINNT\TEMP\WVPV0.EXE
O4 - HKLM\..\RunServices: [WLMX1] C:\WINNT\TEMP\WLMX1.EXE
O4 - HKLM\..\RunServices: [TGCQ2] C:\WINNT\TEMP\TGCQ2.EXE
O4 - HKLM\..\RunServices: [RKCI0] C:\WINNT\TEMP\RKCI0.EXE
O4 - HKLM\..\RunServices: [RBXK1] C:\WINNT\TEMP\RBXK1.EXE
O4 - HKLM\..\RunServices: [VUVT2] C:\WINNT\TEMP\VUVT2.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Updt Service] updt.pif
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunServices: [Updt Service] updt.pif
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/fr/win/QuickTimeInstaller.exe
O18 - Protocol: bw+0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: awvvu - awvvu.dll (file missing)
O20 - Winlogon Notify: ddabx - ddabx.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Microsoft Windows Service - Unknown owner - C:\WINNT\mousesync.exe (file missing)
O23 - Service: Microsoft Distributed Transaction (MSDT) - Unknown owner - C:\WINNT\msdt.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINNT\system32\ssl.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: WindowsNod (WinNod) - Unknown owner - C:\WINNT\winnod.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
merci de vos coneils
11 réponses
-
resalut
0. Installe ce nettoyeur CCLEANER http://www.ccleaner.com/ ou lien direct là http://www.filehippo.com/download_ccleaner.html (la flèche)
Tutorial là http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ensuite
*Configure ton ordi pour tous scan à exécuter complétement, il faut pouvoir scanner tous les dossiers caché et système donc faire :
Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher
- masquer fichiers protégés du dossier système
Puis cliquer APPLIQUER à TOUS les Dossiers
1. Tu connais ça ? non, alors vérifie (cliq droit souris/propriété) si inconnu ZIP compresse le fichier et efface le .EXE (sinon à vérifier là http://virusscan.jotti.org/ fichier par fichier Parcourir puis SUBMIT lance ce multiple scanneur antivirus)
2. Relances Hijackthis et coche (puis FIX)
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1F6F9649-16C8-443A-A2AB-72FCDF53BEF8} - C:\WINNT\system32\wsxhtjhx.dll (file missing)
O2 - BHO: TChkBHO Class - {430C9E02-E11F-4B91-9BFB-8EC791313497} - C:\WINNT\system32\bwrjya.dll (file missing)
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [fle9R8c] C:\WINNT\pdtejx.exe
O4 - HKLM\..\Run: [Microsoft Windows 128bit Subsystem] C:\WINNT\system32\9B.tmp
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\AC.tmp
O4 - HKLM\..\Run: [Java] C:\WINNT\TEMP\KBSL2.EXE
O4 - HKLM\..\Run: [Updt Service] updt.pif
O4 - HKLM\..\RunServices: [Updt Service] updt.pif
O4 - HKLM\..\RunServices: [KNMT0] C:\WINNT\TEMP\KNMT0.EXE
O4 - HKLM\..\RunServices: [MOMT1] C:\WINNT\TEMP\MOMT1.EXE
O4 - HKLM\..\RunServices: [LTXX2] C:\WINNT\TEMP\LTXX2.EXE
O4 - HKLM\..\RunServices: [EJBX0] C:\WINNT\TEMP\EJBX0.EXE
O4 - HKLM\..\RunServices: [UDRN1] C:\WINNT\TEMP\UDRN1.EXE
O4 - HKLM\..\RunServices: [BDHN2] C:\WINNT\TEMP\BDHN2.EXE
O4 - HKLM\..\RunServices: [FDTS0] C:\WINNT\TEMP\FDTS0.EXE
O4 - HKLM\..\RunServices: [QRWM1] C:\WINNT\TEMP\QRWM1.EXE
O4 - HKLM\..\RunServices: [NXUL2] C:\WINNT\TEMP\NXUL2.EXE
O4 - HKLM\..\RunServices: [JIHU0] C:\WINNT\TEMP\JIHU0.EXE
O4 - HKLM\..\RunServices: [JXFG1] C:\WINNT\TEMP\JXFG1.EXE
O4 - HKLM\..\RunServices: [XJQJ2] C:\WINNT\TEMP\XJQJ2.EXE
O4 - HKLM\..\RunServices: [JDCN0] C:\WINNT\TEMP\JDCN0.EXE
O4 - HKLM\..\RunServices: [MWCL1] C:\WINNT\TEMP\MWCL1.EXE
O4 - HKLM\..\RunServices: [BMFI2] C:\WINNT\TEMP\BMFI2.EXE
O4 - HKLM\..\RunServices: [XEGQ0] C:\WINNT\TEMP\XEGQ0.EXE
O4 - HKLM\..\RunServices: [UQBE1] C:\WINNT\TEMP\UQBE1.EXE
O4 - HKLM\..\RunServices: [FHKR2] C:\WINNT\TEMP\FHKR2.EXE
O4 - HKLM\..\RunServices: [CXBU0] C:\WINNT\TEMP\CXBU0.EXE
O4 - HKLM\..\RunServices: [VXFH1] C:\WINNT\TEMP\VXFH1.EXE
O4 - HKLM\..\RunServices: [MLCQ2] C:\WINNT\TEMP\MLCQ2.EXE
O4 - HKLM\..\RunServices: [CGFT0] C:\WINNT\TEMP\CGFT0.EXE
O4 - HKLM\..\RunServices: [ITLN1] C:\WINNT\TEMP\ITLN1.EXE
O4 - HKLM\..\RunServices: [NITU2] C:\WINNT\TEMP\NITU2.EXE
O4 - HKLM\..\RunServices: [GWCM0] C:\WINNT\TEMP\GWCM0.EXE
O4 - HKLM\..\RunServices: [GNXO1] C:\WINNT\TEMP\GNXO1.EXE
O4 - HKLM\..\RunServices: [GXVX2] C:\WINNT\TEMP\GXVX2.EXE
O4 - HKLM\..\RunServices: [CBQW0] C:\WINNT\TEMP\CBQW0.EXE
O4 - HKLM\..\RunServices: [WLBE1] C:\WINNT\TEMP\WLBE1.EXE
O4 - HKLM\..\RunServices: [MDOX2] C:\WINNT\TEMP\MDOX2.EXE
O4 - HKLM\..\RunServices: [FPRN0] C:\WINNT\TEMP\FPRN0.EXE
O4 - HKLM\..\RunServices: [JKUI1] C:\WINNT\TEMP\JKUI1.EXE
O4 - HKLM\..\RunServices: [KBSL2] C:\WINNT\TEMP\KBSL2.EXE
O4 - HKLM\..\RunServices: [FPLE0] C:\WINNT\TEMP\FPLE0.EXE
O4 - HKLM\..\RunServices: [VMTR1] C:\WINNT\TEMP\VMTR1.EXE
O4 - HKLM\..\RunServices: [JLKF2] C:\WINNT\TEMP\JLKF2.EXE
O4 - HKLM\..\RunServices: [WVPV0] C:\WINNT\TEMP\WVPV0.EXE
O4 - HKLM\..\RunServices: [WLMX1] C:\WINNT\TEMP\WLMX1.EXE
O4 - HKLM\..\RunServices: [TGCQ2] C:\WINNT\TEMP\TGCQ2.EXE
O4 - HKLM\..\RunServices: [RKCI0] C:\WINNT\TEMP\RKCI0.EXE
O4 - HKLM\..\RunServices: [RBXK1] C:\WINNT\TEMP\RBXK1.EXE
O4 - HKLM\..\RunServices: [VUVT2] C:\WINNT\TEMP\VUVT2.EXE
O4 - HKCU\..\Run: [Updt Service] updt.pif
O4 - HKCU\..\RunServices: [Updt Service] updt.pif
O20 - Winlogon Notify: awvvu - awvvu.dll (file missing)
O20 - Winlogon Notify: ddabx - ddabx.dll (file missing)
O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINNT\system32\ssl.exe (file missing)
O23 - Service: WindowsNod (WinNod) - Unknown owner - C:\WINNT\winnod.exe (file missing)
3. Effacer ces programmes .EXE et .DLL( et à la fin vider la corbeille)
C:\WINNT\pdtejx.exe
C:\WINNT\system32\9B.tmp
C:\WINNT\system32\AC.tmp
C:\WINNT\TEMP\ >> TOUT le répertoire
C:… updt.pif
4. fais Démarrer/exécuter et là tappes SERVICES.MSC pour arrêter les services suivants :
(double cliq sur le service incriminé puis cliq ARRETER et DESACTIVER à type de démarrage)
Service: Microsoft SSL (ssl) - Unknown owner
Service: WindowsNod (WinNod) - Unknown owner
5. vider les répertoires temps et la corbeille, en lançant Ccleaner
Refais un hijackthis de contrôle et dis nous où en sont les problèmes…
puis applique procédure l2mfix
http://users.skynet.be/BernieClub/#l2mfix
a+ -
re
j'oublie ceci à effacer aussi
C:\Program Files\Fichiers communs\Totem Shared > TOUT le répertoire
a+ -
merci de tous ces conseils,
et de la rapidité de ta réponse!!!
après les différents cleanage
je suis dans la procédurel2mfix et voici le log
L2MFIX find log 122705
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="Extension du Panneau de configuration PlusPack"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'interpr‚teur de commandes"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour les objets Microsoft Windows Network"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'interpr‚teur de commandes pour la compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension du shell d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau et accŠs … distance"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Dossier favori du shell"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="Poste de travail"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Porte-documents"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Raccourci vers le dossier"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Volume mont‚"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="Extension de la page de propri‚t‚s des fichiers"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="Page des types de fichiers"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="Gestionnaire des types de fichiers MIME"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Service Copier vers Microsoft"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Service D‚placer vers Microsoft"
"{13709620-C279-11CE-A49E-444553540000}"="Service d'automatisation de l'interface"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Menu D‚marrer"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Service SendTo Microsoft"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Service Nouvel objet Microsoft"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Ouvrir avec le gestionnaire de menu contextuel"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Afficher les extensions HTML du Panneau de configuration"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Extension de la page de propri‚t‚s des options des dossiers"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Application d'aide du systŠme pour le glisser-d‚placer"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Ajouter l'‚l‚ment de cryptage dans les menus contextuels de l'Explorateur"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Dossier Bureau"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Bande de menus"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Suivi du menu Shell"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Barre du Bureau"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Liens"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Image miniature"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Miniatures"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Extracteur de miniatures des filtres graphiques Office"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'application du shell"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Menu Fichiers hors connexion"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Options du dossier Fichiers hors connexion"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{E0D79300-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79301-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79302-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{68f32140-2ca3-11d0-acc1-444553540000}"="PicaView32"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.11 Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.11 DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.11 Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.11 Property Sheet Shell Extension"
"{FEB7DAE0-E111-11D0-BFD7-444553540000}"="ICEOWS"
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{B5FB6487-7E79-4816-B73B-8A65E41971DA}"="BullGuard Antivirus v4"
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{445E4740-3BF5-11D0-9384-D0B903C10E27}"="Split File Shell Extension v3.1b"
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
"{A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A}"="XnView Shell Extension"
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9"
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINNT\SYSTEM32\
awtqr.dll Sun 11 Dec 2005 19:07:12 ..SH. 28 173 27,51 K
awtsp.dll Tue 13 Dec 2005 20:48:00 ..SH. 28 173 27,51 K
awvts.dll Tue 13 Dec 2005 19:21:26 ..SH. 28 173 27,51 K
ddcyy.dll Wed 14 Dec 2005 20:00:36 ..SH. 28 173 27,51 K
gdiplus.dll Tue 22 Nov 2005 9:18:10 A.... 1 706 800 1,63 M
geebc.dll Tue 13 Dec 2005 11:39:52 ..SH. 28 173 27,51 K
islzma.dll Fri 21 Oct 2005 15:50:14 A.... 102 912 100,50 K
jkhhi.dll Tue 13 Dec 2005 8:42:24 ..SH. 28 173 27,51 K
mljgf.dll Sun 11 Dec 2005 19:56:58 ..SH. 28 173 27,51 K
mlljj.dll Wed 14 Dec 2005 19:02:42 ..SH. 28 173 27,51 K
mllmm.dll Sun 11 Dec 2005 19:11:16 ..SH. 28 173 27,51 K
pmnlk.dll Tue 13 Dec 2005 22:23:50 ..SH. 28 173 27,51 K
sockspy.dll Thu 15 Dec 2005 11:01:58 A.... 61 440 60,00 K
ssqpp.dll Wed 14 Dec 2005 13:59:52 ..SH. 28 173 27,51 K
vtsts.dll Tue 13 Dec 2005 14:43:00 ..SH. 28 173 27,51 K
wodfamod.dll Tue 22 Nov 2005 9:18:12 ...H. 245 248 239,50 K
wrlogo~1.dll Thu 27 Oct 2005 16:41:02 A.... 492 544 481,00 K
wrlzma.dll Thu 27 Oct 2005 16:40:58 A.... 17 920 17,50 K
18 items found: 18 files (13 H/S), 0 directories.
Total of file sizes: 2 964 940 bytes 2,82 M
Locate .tmp files:
C:\WINNT\SYSTEM32\
100.tmp Thu 3 Nov 2005 12:26:10 A.... 0 0,00 K
2.tmp Thu 3 Nov 2005 19:42:24 A.... 0 0,00 K
24.tmp Tue 4 Oct 2005 7:57:40 A.... 157 696 154,00 K
3.tmp Fri 4 Nov 2005 9:27:56 A.... 0 0,00 K
32.tmp Mon 10 Oct 2005 7:32:34 A.... 0 0,00 K
3a.tmp Tue 11 Oct 2005 7:35:14 A.... 0 0,00 K
42.tmp Mon 10 Oct 2005 13:21:56 A.... 0 0,00 K
46.tmp Tue 4 Oct 2005 10:31:26 A.... 157 696 154,00 K
48.tmp Fri 4 Nov 2005 8:43:14 A.... 0 0,00 K
4c.tmp Sun 9 Oct 2005 10:09:02 A.... 0 0,00 K
5d.tmp Sat 15 Oct 2005 13:17:52 A.... 0 0,00 K
6e.tmp Thu 3 Nov 2005 19:19:26 A.... 157 184 153,50 K
72.tmp Mon 10 Oct 2005 20:36:36 A.... 0 0,00 K
86.tmp Sun 16 Oct 2005 19:16:50 A.... 0 0,00 K
89.tmp Sun 16 Oct 2005 19:25:48 A.... 0 0,00 K
90.tmp Mon 17 Oct 2005 20:32:16 A.... 0 0,00 K
94.tmp Fri 21 Oct 2005 7:32:10 A.... 0 0,00 K
a.tmp Thu 3 Nov 2005 19:29:52 A.... 157 184 153,50 K
aa.tmp Thu 3 Nov 2005 8:47:54 A.... 157 184 153,50 K
ab.tmp Thu 3 Nov 2005 14:14:24 A.... 0 0,00 K
b1.tmp Wed 26 Oct 2005 1:28:34 A.... 0 0,00 K
b3.tmp Wed 19 Oct 2005 21:25:14 A.... 0 0,00 K
e82.tmp Thu 13 Oct 2005 18:49:38 A.... 0 0,00 K
23 items found: 23 files, 0 directories.
Total of file sizes: 786 944 bytes 768,50 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle Disque local
Le num‚ro de s‚rie du volume est 04CA-36AE
R‚pertoire de C:\WINNT\System32
14/12/2005 20:00 28ÿ173 ddcyy.dll
14/12/2005 19:02 28ÿ173 mlljj.dll
14/12/2005 13:59 28ÿ173 ssqpp.dll
13/12/2005 22:23 28ÿ173 pmnlk.dll
13/12/2005 20:47 28ÿ173 awtsp.dll
13/12/2005 19:21 28ÿ173 awvts.dll
13/12/2005 14:42 28ÿ173 vtsts.dll
13/12/2005 11:39 28ÿ173 geebc.dll
13/12/2005 08:42 28ÿ173 jkhhi.dll
11/12/2005 19:56 28ÿ173 mljgf.dll
11/12/2005 19:11 28ÿ173 mllmm.dll
11/12/2005 19:07 28ÿ173 awtqr.dll
19/11/2005 18:20 <DIR> dllcache
29/09/2005 14:34 401ÿ408 ?explore.exe
19/06/2003 20:05 133ÿ120 updt.pif
14 fichier(s) 872ÿ604 octets
1 R‚p(s) 38ÿ173ÿ246ÿ976 octets libres
je continue la procédure, j'en suis à l'option 2 et te tiens au courant
merci encore! -
toujours là...
je viens de relancer spyware doctor et il retrouve le trojan dropper agent tk,
au cas où je mets mon dernier log highjack
merci d'avance
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\msdt.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\desk95.exe
C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe
C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\system32\updt.pif
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\invité\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {606CE2E9-2F0B-46D9-28B4-0795C1AADACD} - C:\WINNT\system32\srtdfk.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [fle9R8c] C:\WINNT\pdtejx.exe
O4 - HKLM\..\Run: [Microsoft Windows 128bit Subsystem] C:\WINNT\system32\9B.tmp
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\AC.tmp
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Java] C:\WINNT\TEMP\KBSL2.EXE
O4 - HKLM\..\Run: [Updt Service] updt.pif
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [Updt Service] updt.pif
O4 - HKLM\..\RunServices: [KNMT0] C:\WINNT\TEMP\KNMT0.EXE
O4 - HKLM\..\RunServices: [MOMT1] C:\WINNT\TEMP\MOMT1.EXE
O4 - HKLM\..\RunServices: [LTXX2] C:\WINNT\TEMP\LTXX2.EXE
O4 - HKLM\..\RunServices: [EJBX0] C:\WINNT\TEMP\EJBX0.EXE
O4 - HKLM\..\RunServices: [UDRN1] C:\WINNT\TEMP\UDRN1.EXE
O4 - HKLM\..\RunServices: [BDHN2] C:\WINNT\TEMP\BDHN2.EXE
O4 - HKLM\..\RunServices: [FDTS0] C:\WINNT\TEMP\FDTS0.EXE
O4 - HKLM\..\RunServices: [QRWM1] C:\WINNT\TEMP\QRWM1.EXE
O4 - HKLM\..\RunServices: [NXUL2] C:\WINNT\TEMP\NXUL2.EXE
O4 - HKLM\..\RunServices: [JIHU0] C:\WINNT\TEMP\JIHU0.EXE
O4 - HKLM\..\RunServices: [JXFG1] C:\WINNT\TEMP\JXFG1.EXE
O4 - HKLM\..\RunServices: [XJQJ2] C:\WINNT\TEMP\XJQJ2.EXE
O4 - HKLM\..\RunServices: [JDCN0] C:\WINNT\TEMP\JDCN0.EXE
O4 - HKLM\..\RunServices: [MWCL1] C:\WINNT\TEMP\MWCL1.EXE
O4 - HKLM\..\RunServices: [BMFI2] C:\WINNT\TEMP\BMFI2.EXE
O4 - HKLM\..\RunServices: [XEGQ0] C:\WINNT\TEMP\XEGQ0.EXE
O4 - HKLM\..\RunServices: [UQBE1] C:\WINNT\TEMP\UQBE1.EXE
O4 - HKLM\..\RunServices: [FHKR2] C:\WINNT\TEMP\FHKR2.EXE
O4 - HKLM\..\RunServices: [CXBU0] C:\WINNT\TEMP\CXBU0.EXE
O4 - HKLM\..\RunServices: [VXFH1] C:\WINNT\TEMP\VXFH1.EXE
O4 - HKLM\..\RunServices: [MLCQ2] C:\WINNT\TEMP\MLCQ2.EXE
O4 - HKLM\..\RunServices: [CGFT0] C:\WINNT\TEMP\CGFT0.EXE
O4 - HKLM\..\RunServices: [ITLN1] C:\WINNT\TEMP\ITLN1.EXE
O4 - HKLM\..\RunServices: [NITU2] C:\WINNT\TEMP\NITU2.EXE
O4 - HKLM\..\RunServices: [GWCM0] C:\WINNT\TEMP\GWCM0.EXE
O4 - HKLM\..\RunServices: [GNXO1] C:\WINNT\TEMP\GNXO1.EXE
O4 - HKLM\..\RunServices: [GXVX2] C:\WINNT\TEMP\GXVX2.EXE
O4 - HKLM\..\RunServices: [CBQW0] C:\WINNT\TEMP\CBQW0.EXE
O4 - HKLM\..\RunServices: [WLBE1] C:\WINNT\TEMP\WLBE1.EXE
O4 - HKLM\..\RunServices: [MDOX2] C:\WINNT\TEMP\MDOX2.EXE
O4 - HKLM\..\RunServices: [FPRN0] C:\WINNT\TEMP\FPRN0.EXE
O4 - HKLM\..\RunServices: [JKUI1] C:\WINNT\TEMP\JKUI1.EXE
O4 - HKLM\..\RunServices: [KBSL2] C:\WINNT\TEMP\KBSL2.EXE
O4 - HKLM\..\RunServices: [FPLE0] C:\WINNT\TEMP\FPLE0.EXE
O4 - HKLM\..\RunServices: [VMTR1] C:\WINNT\TEMP\VMTR1.EXE
O4 - HKLM\..\RunServices: [JLKF2] C:\WINNT\TEMP\JLKF2.EXE
O4 - HKLM\..\RunServices: [WVPV0] C:\WINNT\TEMP\WVPV0.EXE
O4 - HKLM\..\RunServices: [WLMX1] C:\WINNT\TEMP\WLMX1.EXE
O4 - HKLM\..\RunServices: [TGCQ2] C:\WINNT\TEMP\TGCQ2.EXE
O4 - HKLM\..\RunServices: [RKCI0] C:\WINNT\TEMP\RKCI0.EXE
O4 - HKLM\..\RunServices: [RBXK1] C:\WINNT\TEMP\RBXK1.EXE
O4 - HKLM\..\RunServices: [VUVT2] C:\WINNT\TEMP\VUVT2.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Updt Service] updt.pif
O4 - HKCU\..\RunServices: [Updt Service] updt.pif
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/fr/win/QuickTimeInstaller.exe
O18 - Protocol: bw+0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Microsoft Windows Service - Unknown owner - C:\WINNT\mousesync.exe (file missing)
O23 - Service: Microsoft Distributed Transaction (MSDT) - Unknown owner - C:\WINNT\msdt.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
-
le voilà
L2MFIX find log 122705
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="Extension du Panneau de configuration PlusPack"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'interpr‚teur de commandes"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour les objets Microsoft Windows Network"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'interpr‚teur de commandes pour la compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension du shell d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau et accŠs … distance"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Dossier favori du shell"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="Poste de travail"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Porte-documents"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Raccourci vers le dossier"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Volume mont‚"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="Extension de la page de propri‚t‚s des fichiers"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="Page des types de fichiers"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="Gestionnaire des types de fichiers MIME"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Service Copier vers Microsoft"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Service D‚placer vers Microsoft"
"{13709620-C279-11CE-A49E-444553540000}"="Service d'automatisation de l'interface"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Menu D‚marrer"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Service SendTo Microsoft"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Service Nouvel objet Microsoft"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Ouvrir avec le gestionnaire de menu contextuel"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Afficher les extensions HTML du Panneau de configuration"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Extension de la page de propri‚t‚s des options des dossiers"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Application d'aide du systŠme pour le glisser-d‚placer"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Ajouter l'‚l‚ment de cryptage dans les menus contextuels de l'Explorateur"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Dossier Bureau"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Bande de menus"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Suivi du menu Shell"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Barre du Bureau"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Liens"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Image miniature"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Miniatures"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Extracteur de miniatures des filtres graphiques Office"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'application du shell"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Menu Fichiers hors connexion"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Options du dossier Fichiers hors connexion"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{E0D79300-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79301-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79302-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{68f32140-2ca3-11d0-acc1-444553540000}"="PicaView32"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.11 Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.11 DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.11 Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.11 Property Sheet Shell Extension"
"{FEB7DAE0-E111-11D0-BFD7-444553540000}"="ICEOWS"
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{B5FB6487-7E79-4816-B73B-8A65E41971DA}"="BullGuard Antivirus v4"
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{445E4740-3BF5-11D0-9384-D0B903C10E27}"="Split File Shell Extension v3.1b"
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
"{A5D35F9F-6A11-4EAA-B70B-7BB6FE32663A}"="XnView Shell Extension"
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9"
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINNT\SYSTEM32\
awtqr.dll Sun 11 Dec 2005 19:07:12 ..SH. 28 173 27,51 K
awtsp.dll Tue 13 Dec 2005 20:48:00 ..SH. 28 173 27,51 K
awvts.dll Tue 13 Dec 2005 19:21:26 ..SH. 28 173 27,51 K
ddcyy.dll Wed 14 Dec 2005 20:00:36 ..SH. 28 173 27,51 K
gdiplus.dll Tue 22 Nov 2005 9:18:10 A.... 1 706 800 1,63 M
geebc.dll Tue 13 Dec 2005 11:39:52 ..SH. 28 173 27,51 K
islzma.dll Fri 21 Oct 2005 15:50:14 A.... 102 912 100,50 K
jkhhi.dll Tue 13 Dec 2005 8:42:24 ..SH. 28 173 27,51 K
mljgf.dll Sun 11 Dec 2005 19:56:58 ..SH. 28 173 27,51 K
mlljj.dll Wed 14 Dec 2005 19:02:42 ..SH. 28 173 27,51 K
mllmm.dll Sun 11 Dec 2005 19:11:16 ..SH. 28 173 27,51 K
pmnlk.dll Tue 13 Dec 2005 22:23:50 ..SH. 28 173 27,51 K
sockspy.dll Thu 15 Dec 2005 11:01:58 A.... 61 440 60,00 K
ssqpp.dll Wed 14 Dec 2005 13:59:52 ..SH. 28 173 27,51 K
vtsts.dll Tue 13 Dec 2005 14:43:00 ..SH. 28 173 27,51 K
wodfamod.dll Tue 22 Nov 2005 9:18:12 ...H. 245 248 239,50 K
wrlogo~1.dll Thu 27 Oct 2005 16:41:02 A.... 492 544 481,00 K
wrlzma.dll Thu 27 Oct 2005 16:40:58 A.... 17 920 17,50 K
18 items found: 18 files (13 H/S), 0 directories.
Total of file sizes: 2 964 940 bytes 2,82 M
Locate .tmp files:
C:\WINNT\SYSTEM32\
100.tmp Thu 3 Nov 2005 12:26:10 A.... 0 0,00 K
2.tmp Thu 3 Nov 2005 19:42:24 A.... 0 0,00 K
24.tmp Tue 4 Oct 2005 7:57:40 A.... 157 696 154,00 K
3.tmp Fri 4 Nov 2005 9:27:56 A.... 0 0,00 K
32.tmp Mon 10 Oct 2005 7:32:34 A.... 0 0,00 K
3a.tmp Tue 11 Oct 2005 7:35:14 A.... 0 0,00 K
42.tmp Mon 10 Oct 2005 13:21:56 A.... 0 0,00 K
46.tmp Tue 4 Oct 2005 10:31:26 A.... 157 696 154,00 K
48.tmp Fri 4 Nov 2005 8:43:14 A.... 0 0,00 K
4c.tmp Sun 9 Oct 2005 10:09:02 A.... 0 0,00 K
5d.tmp Sat 15 Oct 2005 13:17:52 A.... 0 0,00 K
6e.tmp Thu 3 Nov 2005 19:19:26 A.... 157 184 153,50 K
72.tmp Mon 10 Oct 2005 20:36:36 A.... 0 0,00 K
86.tmp Sun 16 Oct 2005 19:16:50 A.... 0 0,00 K
89.tmp Sun 16 Oct 2005 19:25:48 A.... 0 0,00 K
90.tmp Mon 17 Oct 2005 20:32:16 A.... 0 0,00 K
94.tmp Fri 21 Oct 2005 7:32:10 A.... 0 0,00 K
a.tmp Thu 3 Nov 2005 19:29:52 A.... 157 184 153,50 K
aa.tmp Thu 3 Nov 2005 8:47:54 A.... 157 184 153,50 K
ab.tmp Thu 3 Nov 2005 14:14:24 A.... 0 0,00 K
b1.tmp Wed 26 Oct 2005 1:28:34 A.... 0 0,00 K
b3.tmp Wed 19 Oct 2005 21:25:14 A.... 0 0,00 K
e82.tmp Thu 13 Oct 2005 18:49:38 A.... 0 0,00 K
23 items found: 23 files, 0 directories.
Total of file sizes: 786 944 bytes 768,50 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle Disque local
Le num‚ro de s‚rie du volume est 04CA-36AE
R‚pertoire de C:\WINNT\System32
14/12/2005 20:00 28ÿ173 ddcyy.dll
14/12/2005 19:02 28ÿ173 mlljj.dll
14/12/2005 13:59 28ÿ173 ssqpp.dll
13/12/2005 22:23 28ÿ173 pmnlk.dll
13/12/2005 20:47 28ÿ173 awtsp.dll
13/12/2005 19:21 28ÿ173 awvts.dll
13/12/2005 14:42 28ÿ173 vtsts.dll
13/12/2005 11:39 28ÿ173 geebc.dll
13/12/2005 08:42 28ÿ173 jkhhi.dll
11/12/2005 19:56 28ÿ173 mljgf.dll
11/12/2005 19:11 28ÿ173 mllmm.dll
11/12/2005 19:07 28ÿ173 awtqr.dll
19/11/2005 18:20 <DIR> dllcache
29/09/2005 14:34 401ÿ408 ?explore.exe
19/06/2003 20:05 133ÿ120 updt.pif
14 fichier(s) 872ÿ604 octets
1 R‚p(s) 38ÿ176ÿ906ÿ240 octets libres -
re
lances l'effaceur de Hijackthis
ouvrir Hijackthis là en bas droite CONFIG puis onglet MISCtools, là « Delete a file on reboot », cliq dessus et suivre chemin de fichier à effacer, il indique alors « voulez-vous redémarrer maintenant », cliq sur NON si d’autres fichiers sont à sélectionner et à nouveau « Delete a file on reboot » .. puis cliq OUI quand tous les fichiers sont sélectionnés
pour effacer ces DLL
awtqr.dll
awtsp.dll
awvts.dll
ddcyy.dll
geebc.dll
jkhhi.dll
mljgf.dll
mlljj.dll
mllmm.dll
pmnlk.dll
ssqpp.dll
vtsts.dll
si tu trouves pas toutes ce sera normal
et refais un Hijackthis
a+ -
-
j'ai effacé les fichiers cités plus haut (ils y étaient tous)
et voilà le ledernier hijack
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINNT\msdt.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\system32\desk95.exe
C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe
C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\system32\updt.pif
C:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\invité\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {606CE2E9-2F0B-46D9-28B4-0795C1AADACD} - C:\WINNT\system32\srtdfk.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk95.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Uninstall0002] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [fle9R8c] C:\WINNT\pdtejx.exe
O4 - HKLM\..\Run: [Microsoft Windows 128bit Subsystem] C:\WINNT\system32\9B.tmp
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\AC.tmp
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Java] C:\WINNT\TEMP\KBSL2.EXE
O4 - HKLM\..\Run: [BDMCon] c:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [KNMT0] C:\WINNT\TEMP\KNMT0.EXE
O4 - HKLM\..\RunServices: [MOMT1] C:\WINNT\TEMP\MOMT1.EXE
O4 - HKLM\..\RunServices: [LTXX2] C:\WINNT\TEMP\LTXX2.EXE
O4 - HKLM\..\RunServices: [EJBX0] C:\WINNT\TEMP\EJBX0.EXE
O4 - HKLM\..\RunServices: [UDRN1] C:\WINNT\TEMP\UDRN1.EXE
O4 - HKLM\..\RunServices: [BDHN2] C:\WINNT\TEMP\BDHN2.EXE
O4 - HKLM\..\RunServices: [FDTS0] C:\WINNT\TEMP\FDTS0.EXE
O4 - HKLM\..\RunServices: [QRWM1] C:\WINNT\TEMP\QRWM1.EXE
O4 - HKLM\..\RunServices: [NXUL2] C:\WINNT\TEMP\NXUL2.EXE
O4 - HKLM\..\RunServices: [JIHU0] C:\WINNT\TEMP\JIHU0.EXE
O4 - HKLM\..\RunServices: [JXFG1] C:\WINNT\TEMP\JXFG1.EXE
O4 - HKLM\..\RunServices: [XJQJ2] C:\WINNT\TEMP\XJQJ2.EXE
O4 - HKLM\..\RunServices: [JDCN0] C:\WINNT\TEMP\JDCN0.EXE
O4 - HKLM\..\RunServices: [MWCL1] C:\WINNT\TEMP\MWCL1.EXE
O4 - HKLM\..\RunServices: [BMFI2] C:\WINNT\TEMP\BMFI2.EXE
O4 - HKLM\..\RunServices: [XEGQ0] C:\WINNT\TEMP\XEGQ0.EXE
O4 - HKLM\..\RunServices: [UQBE1] C:\WINNT\TEMP\UQBE1.EXE
O4 - HKLM\..\RunServices: [FHKR2] C:\WINNT\TEMP\FHKR2.EXE
O4 - HKLM\..\RunServices: [CXBU0] C:\WINNT\TEMP\CXBU0.EXE
O4 - HKLM\..\RunServices: [VXFH1] C:\WINNT\TEMP\VXFH1.EXE
O4 - HKLM\..\RunServices: [MLCQ2] C:\WINNT\TEMP\MLCQ2.EXE
O4 - HKLM\..\RunServices: [CGFT0] C:\WINNT\TEMP\CGFT0.EXE
O4 - HKLM\..\RunServices: [ITLN1] C:\WINNT\TEMP\ITLN1.EXE
O4 - HKLM\..\RunServices: [NITU2] C:\WINNT\TEMP\NITU2.EXE
O4 - HKLM\..\RunServices: [GWCM0] C:\WINNT\TEMP\GWCM0.EXE
O4 - HKLM\..\RunServices: [GNXO1] C:\WINNT\TEMP\GNXO1.EXE
O4 - HKLM\..\RunServices: [GXVX2] C:\WINNT\TEMP\GXVX2.EXE
O4 - HKLM\..\RunServices: [CBQW0] C:\WINNT\TEMP\CBQW0.EXE
O4 - HKLM\..\RunServices: [WLBE1] C:\WINNT\TEMP\WLBE1.EXE
O4 - HKLM\..\RunServices: [MDOX2] C:\WINNT\TEMP\MDOX2.EXE
O4 - HKLM\..\RunServices: [FPRN0] C:\WINNT\TEMP\FPRN0.EXE
O4 - HKLM\..\RunServices: [JKUI1] C:\WINNT\TEMP\JKUI1.EXE
O4 - HKLM\..\RunServices: [KBSL2] C:\WINNT\TEMP\KBSL2.EXE
O4 - HKLM\..\RunServices: [FPLE0] C:\WINNT\TEMP\FPLE0.EXE
O4 - HKLM\..\RunServices: [VMTR1] C:\WINNT\TEMP\VMTR1.EXE
O4 - HKLM\..\RunServices: [JLKF2] C:\WINNT\TEMP\JLKF2.EXE
O4 - HKLM\..\RunServices: [WVPV0] C:\WINNT\TEMP\WVPV0.EXE
O4 - HKLM\..\RunServices: [WLMX1] C:\WINNT\TEMP\WLMX1.EXE
O4 - HKLM\..\RunServices: [TGCQ2] C:\WINNT\TEMP\TGCQ2.EXE
O4 - HKLM\..\RunServices: [RKCI0] C:\WINNT\TEMP\RKCI0.EXE
O4 - HKLM\..\RunServices: [RBXK1] C:\WINNT\TEMP\RBXK1.EXE
O4 - HKLM\..\RunServices: [VUVT2] C:\WINNT\TEMP\VUVT2.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020909/qtinstall.info.apple.com/sikes/fr/win/QuickTimeInstaller.exe
O18 - Protocol: bw+0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CFDE3DAE-87CD-4C42-AC95-7CF333B0E475} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Microsoft Windows Service - Unknown owner - C:\WINNT\mousesync.exe (file missing)
O23 - Service: Microsoft Distributed Transaction (MSDT) - Unknown owner - C:\WINNT\msdt.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) -
re
bon on recommence tout, fais ça sans redémarrer l'ordi stp
0.
*Configure ton ordi pour tous scan à exécuter complétement, il faut pouvoir scanner tous les dossiers caché et système donc faire :
Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher
- masquer fichiers protégés du dossier système
Puis cliquer APPLIQUER à TOUS les Dossiers
2. Relances Hijackthis et coche (puis FIX)
O2 - BHO: (no name) - {606CE2E9-2F0B-46D9-28B4-0795C1AADACD} - C:\WINNT\system32\srtdfk.dll
O4 - HKLM\..\Run: [Uninstall0001] "C:\Program Files\Fichiers communs\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver
O4 - HKLM\..\Run: [fle9R8c] C:\WINNT\pdtejx.exe
4 - HKLM\..\Run: [Microsoft Windows 128bit Subsystem] C:\WINNT\system32\9B.tmp
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\AC.tmp
O4 - HKLM\..\Run: [Java] C:\WINNT\TEMP\KBSL2.EXE
O4 - HKLM\..\RunServices: [KNMT0] C:\WINNT\TEMP\KNMT0.EXE
O4 - HKLM\..\RunServices: [MOMT1] C:\WINNT\TEMP\MOMT1.EXE
O4 - HKLM\..\RunServices: [LTXX2] C:\WINNT\TEMP\LTXX2.EXE
O4 - HKLM\..\RunServices: [EJBX0] C:\WINNT\TEMP\EJBX0.EXE
O4 - HKLM\..\RunServices: [UDRN1] C:\WINNT\TEMP\UDRN1.EXE
O4 - HKLM\..\RunServices: [BDHN2] C:\WINNT\TEMP\BDHN2.EXE
O4 - HKLM\..\RunServices: [FDTS0] C:\WINNT\TEMP\FDTS0.EXE
O4 - HKLM\..\RunServices: [QRWM1] C:\WINNT\TEMP\QRWM1.EXE
O4 - HKLM\..\RunServices: [NXUL2] C:\WINNT\TEMP\NXUL2.EXE
O4 - HKLM\..\RunServices: [JIHU0] C:\WINNT\TEMP\JIHU0.EXE
O4 - HKLM\..\RunServices: [JXFG1] C:\WINNT\TEMP\JXFG1.EXE
O4 - HKLM\..\RunServices: [XJQJ2] C:\WINNT\TEMP\XJQJ2.EXE
O4 - HKLM\..\RunServices: [JDCN0] C:\WINNT\TEMP\JDCN0.EXE
O4 - HKLM\..\RunServices: [MWCL1] C:\WINNT\TEMP\MWCL1.EXE
O4 - HKLM\..\RunServices: [BMFI2] C:\WINNT\TEMP\BMFI2.EXE
O4 - HKLM\..\RunServices: [XEGQ0] C:\WINNT\TEMP\XEGQ0.EXE
O4 - HKLM\..\RunServices: [UQBE1] C:\WINNT\TEMP\UQBE1.EXE
O4 - HKLM\..\RunServices: [FHKR2] C:\WINNT\TEMP\FHKR2.EXE
O4 - HKLM\..\RunServices: [CXBU0] C:\WINNT\TEMP\CXBU0.EXE
O4 - HKLM\..\RunServices: [VXFH1] C:\WINNT\TEMP\VXFH1.EXE
O4 - HKLM\..\RunServices: [MLCQ2] C:\WINNT\TEMP\MLCQ2.EXE
O4 - HKLM\..\RunServices: [CGFT0] C:\WINNT\TEMP\CGFT0.EXE
O4 - HKLM\..\RunServices: [ITLN1] C:\WINNT\TEMP\ITLN1.EXE
O4 - HKLM\..\RunServices: [NITU2] C:\WINNT\TEMP\NITU2.EXE
O4 - HKLM\..\RunServices: [GWCM0] C:\WINNT\TEMP\GWCM0.EXE
O4 - HKLM\..\RunServices: [GNXO1] C:\WINNT\TEMP\GNXO1.EXE
O4 - HKLM\..\RunServices: [GXVX2] C:\WINNT\TEMP\GXVX2.EXE
O4 - HKLM\..\RunServices: [CBQW0] C:\WINNT\TEMP\CBQW0.EXE
O4 - HKLM\..\RunServices: [WLBE1] C:\WINNT\TEMP\WLBE1.EXE
O4 - HKLM\..\RunServices: [MDOX2] C:\WINNT\TEMP\MDOX2.EXE
O4 - HKLM\..\RunServices: [FPRN0] C:\WINNT\TEMP\FPRN0.EXE
O4 - HKLM\..\RunServices: [JKUI1] C:\WINNT\TEMP\JKUI1.EXE
O4 - HKLM\..\RunServices: [KBSL2] C:\WINNT\TEMP\KBSL2.EXE
O4 - HKLM\..\RunServices: [FPLE0] C:\WINNT\TEMP\FPLE0.EXE
O4 - HKLM\..\RunServices: [VMTR1] C:\WINNT\TEMP\VMTR1.EXE
O4 - HKLM\..\RunServices: [JLKF2] C:\WINNT\TEMP\JLKF2.EXE
O4 - HKLM\..\RunServices: [WVPV0] C:\WINNT\TEMP\WVPV0.EXE
O4 - HKLM\..\RunServices: [WLMX1] C:\WINNT\TEMP\WLMX1.EXE
O4 - HKLM\..\RunServices: [TGCQ2] C:\WINNT\TEMP\TGCQ2.EXE
O4 - HKLM\..\RunServices: [RKCI0] C:\WINNT\TEMP\RKCI0.EXE
O4 - HKLM\..\RunServices: [RBXK1] C:\WINNT\TEMP\RBXK1.EXE
O4 - HKLM\..\RunServices: [VUVT2] C:\WINNT\TEMP\VUVT2.EXE
O23 - Service: Microsoft Distributed Transaction (MSDT) - Unknown owner - C:\WINNT\msdt.exe
3. Effacer ces programmes .EXE et .DLL( et à la fin vider la corbeille)
C:\WINNT\msdt.exe
C:\WINNT\system32\srtdfk.dll
C:\Program Files\Fichiers communs\Totem Shared\ >> TOUT le répertoire
C:\WINNT\pdtejx.exe
C:\WINNT\system32\9B.tmp
C:\WINNT\system32\AC.tmp
C:\WINNT\TEMP\KBSL2.EXE
C:\WINNT\TEMP\ > TOUT le répertoire
4. fais Démarrer/exécuter et là tappes SERVICES.MSC pour arrêter les services suivants :
(double cliq sur le service incriminé puis cliq ARRETER et DESACTIVER à type de démarrage)
Service: Microsoft Distributed Transaction (MSDT) - Unknown owner -
5. vider les répertoires temps et la corbeille, en lançant Ccleaner
Refais un hijackthis de contrôle et dis nous où en sont les problèmes…
a+ -
re
effaces aussi ces fichiers
100.tmp
2.tmp
24.tmp
3.tmp
32.tmp
3a.tmp
42.tmp
46.tmp
48.tmp
4c.tmp
5d.tmp
6e.tmp
86.tmp
89.tmp
90.tmp
94.tmp
a.tmp
aa.tmp
ab.tmp
b1.tmp
b3.tmp
e82.tmp
et applique smitfrau
http://users.skynet.be/BernieClub/#frau
a+
