[LOGICIEL] [Centralisation] .:::: Hijackthis ::::.

Hayek · le 14 juillet 2006

Bon, au final j'ai utilisé Spybot-Search & Destroy qui m'a viré pas mal de truc (dont du New net). J'ai fait un nouveau log, le voici :

Logfile of HijackThis v1.99.1

Scan saved at 16:38:25, on 14/07/2006

Platform: Windows ME (Win9x 4.90.3000)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 14\PCCTLCOM.EXE

C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 14\PCCIOMON.EXE

C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 14\TMPFW.EXE

C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE

C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 14\TMPROXY.EXE

C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 14\PCCGUIDE.EXE

C:\WINDOWS\EXPLORER.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\NIKON\NKVIEW4\NKVWMON.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPODEV07.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOEVM07.EXE

C:\PROGRAM FILES\HEWLETT-PACKARD\HP PSC 700 SERIES\BIN\HPOSTS07.EXE

C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.motor-search.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.motor-search.info/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://altavista.digital.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.motor-search.info/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noos.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.loxinfo.co.th

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...rch&ap=b204

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.motor-search.info/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.motor-search.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.motor-search.info/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.motor-search.info/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.motor-search.info/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = LoxInfo Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = noos.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [TmPfw] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 14\TmPfw.exe

O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 14\PCCTLCOM.EXE

O4 - Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe

O4 - Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\hp psc 700 series\bin\hpodev07.exe

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE

O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)

O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\PROGRAM FILES\GOTO\MEMOWEB 3\IEBtn\Launcher (file missing)

O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\PROGRAM FILES\GOTO\MEMOWEB 3\IEBtn\Launcher (file missing)

O14 - IERESET.INF: START_PAGE_URL=http://www.loxinfo.co.th

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/1dac212...all/xscan53.cab

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/region/fr/t.../ActiveData.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab

O16 - DPF: {5CA8D349-C6E7-11D4-8166-009027DF3BB2} (France Telecom MDDK ActiveX Control) - http://accueil.ava.serveur-ava.com/stkid_data/ocx/mDKid.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR.cab

O19 - User stylesheet: (file missing)

snooky · le 14 juillet 2006

Coche et fixe ces lignes :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.motor-search.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.motor-search.info/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://altavista.digital.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.motor-search.info/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.noos.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.loxinfo.co.th

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirec...rch&ap=b204

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.motor-search.info/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.motor-search.info/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.motor-search.info/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.motor-search.info/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.motor-search.info/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = LoxInfo Internet Explorer

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"

4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [TmPfw] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 14\TmPfw.exe

O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 14\PCCTLCOM.EXE

O19 - User stylesheet: (file missing)

Désinstalle TREND MICRO\INTERNET SECURITY 14

Installe Anti-Spyware Trendmicro ( vise ma signature )

Si le pc est formaté en NTFS , passe Clean 1.4 .

Hayek · le 14 juillet 2006

Ok, j'ai fait ce que tu m'as conseillé. J'ai quand même eu une grosse frayeur en voulant relancer PC-Cillin, j'ai eu droit aux écrans bleus et ai dû rebooter. Là tout à l'air de bien fontionner.

Par contre il n'est pas question que je désinstalle PC-Cillin. Je ne doute pas du fait qu'il y ai mieux mais le proprio du pc l'a acheté et il ne veut pas le virer (ce que je peux à la limite comprendre).

Par rapport à cela j'ai une dernière question. J'ai supprimé la ligne lui correspondant dans HijackThis ce qui fait qu'il ne se lance plus au démarrage. J'ai cherché dans les options du logiciel afin qu'il se lance à nouveau tout seul mais je n'y suis pas arrivé. Aurais tu une solution ?

En tout cas merci pour tout.

ArTiS · le 14 juillet 2006

Salut a tous!

Voila on ma conseiller de venir ici et de poster mes resultats!

J'ai des problemes de Pop Up et de message d'erreur.

Voila ce que j'ai!

Logfile of HijackThis v1.99.1

Scan saved at 21:22:05, on 14/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\CardReader2.0\OTiReader.exe

C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\Program Files\Inventel\Gateway\wlancfg.exe

C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\isnotify.exe

C:\WINDOWS\system32\issearch.exe

C:\WINDOWS\system32\WF2K.EXE

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\ipwins\ipwins.exe

C:\Program Files\CardReader2.0\CRBroadCasting.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\ASUS\Asus Probe\AsusProb.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Fichiers communs\{98447DEE-0898-1036-0726-051117200021}\Update.exe

E:\Programmes\Steam.exe

C:\Program Files\Messenger\Msmsgs.exe

C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TClock\TClock.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: (no name) - - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmes\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1C99F9C7-F398-4776-B0FE-9FF4F5868949} - C:\WINDOWS\system32\gebya.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll

O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE Initial

O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nTrayFw] C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ipWins] C:\Program Files\ipwins\ipwins.exe

O4 - HKLM\..\Run: [CRBroadCasting] C:\Program Files\CardReader2.0\CRBroadCasting.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe

O4 - HKCU\..\Run: [steam] "E:\Programmes\Steam.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O18 - Protocol: bw+0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: offline-8876480 - {01799218-EDA4-45C7-B3DC-D1DB089D3B56} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: gebya - C:\WINDOWS\system32\gebya.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OTi Card Reader Service - Unknown owner - C:\Program Files\CardReader2.0\OTiReader.exe

O23 - Service: Prime95 Service - Unknown owner - C:\Documents and Settings\Florian\Bureau\Prime95\PRIME95.EXE

O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Voila merci a qui m'aidera :iloveyou: (Snooky?)

koskoz · le 14 juillet 2006

Bon, je ne suis pas un pro d'hijackthis, pour ça il faut attendre snooky, mais il semblerait que cette ligne soit "méchante" :

O4 - HKLM\..\Run: [ipWins] C:\Program Files\ipwins\ipwins.exe

Tu peux la supprimer et nous dire ce qu'il se passe, si ça résoud ton problème. N'oublie pas de faire un backup avec hijackthis comme ça en cas de problème tu restaure la ligne et c'est bon :iloveyou: .

snooky · le 15 juillet 2006

@ ArTis :

:cartonrouge: Désactive la restauration système.

:freeposts: Désinstalle ToolBar888 , AVG , Spysweeper et SpyDoctor .

:francais: Arrête et désactive également Spysweeper et Spydoctor dans services.msc ( à taper dans Exécuter )

:francais: Coche et fixe ces lignes :