NSIS Media Advertisment Impossible à supprimer
Dernière réponse : dans Sécurité
J'ai un sérieux problème avec ces satanées fenêtres "NSIS Media Advertisment" que je n'arrive pas à supprimer.
Je suis sur un PC Compaq tournant sous Windows 2000 SP4, IE 6.0
J'ai longuement cherché pour essayer de faire disparaître ce problème, après avoir beaucoup cherché sur Internet, mais rien n'y fait, toujours ces fenêtres Popup qui apparaissent dès que je démarre Internet Explorer.
De plus, mon UC est à 100% par moments, j'ai tout à coup 2 à 3 explorer.exe qui apparaissent.
je suis donc obligé de mettre fin à ces tâches manuellement et de redémarrer un "Explorer.exe" (nouvelle tâche) après coup pour que ça tienne le coup un petit moment.
J'ai le dossier C:\Program Files\Fichiers communs\NSIS qui se crée, mais si je le supprime manuellement ou si je désinstalle NSIS avec son "uninst.exe" ou dans "ajouter/supprimer des programmes" il revient quand même au prochain démarrage.
A ce propos, dans C:\Program Files\Fichiers communs\NSIS, Si j'ouvre la dll "ns9.dll",
je trouve des références à:
- MSVBVM60.DLL
- C:\WINDOWS\system32\MSVBVM60.DLL
- mediastub.dll
J'ai des avertissements continuels de mon firewall qui me demande si je veux exécuter ces inombrables ******.exe avec icône en forme de chien qui sont présents dans mon dossier
C:\WINNT\TEMP et qui sont associés à cette merde, j'imagine.
En voici quelques'uns:
- APC4A7.EXE
- YH952C.EXE
- WYBAAD.EXE
- SR2560.EXE
- A0491.EXE
Je peux arrêter leur création en mettant ce dossier en lecture seule, mais ce n'est qu'un emplâtre sur une jambe de bois, ça n'empêche pas les fenêtres "NSIS media advertisment"
d'apparaître.
J'ai fait, en mode sans échec, après avoir effectué les mises à jour :
- Analyse avec mon Antivirus Trend Micro -> TOUT EST OK
- Analyse et protection avec Spyware Doctor -> OK SAUF 1 problème.
J'ai toujours un avertissement signalé qui m'oblige à redémarrer le PC après la tentative de réparation, mais ce problème est à nouveau signalé lors d'un prochain scan.
Ca me dit "Suppression de la clé détectée comme Trojan.Agent.HT" dans la clé de registre HKCU\Software\Microsoft\Internet explorer\#Main Windows, mais je ne vois rien qui corresponde en ouvrant le registre sous cette clé.
De plus, il me signale continuellement le blocage de ces fenêtres de pub.
- Analyse et imunisation avec Spybot - Search & Destroy -> TOUT EST OK
- Analyse avec ewido anti-spyware -> TOUT EST OK
- Analyse avec Ad-Aware SE Personal -> TOUT EST OK
- Analyse avec Spy Sweeper -> TOUT EST OK
- Analyse en ligne avec Kaspersky -> TOUT EST OK
- Analyse en ligne avec BitDefender -> TOUT EST OK
- Protection avec SpywareBlaster 3.5.1
- Nettoyage du registre avec CCleaner
- Nettoyage du registre avec RegCleaner
- Nettoyage du registre avec RegSeeker
- SmitFraudFix
- bfu.zip avec EGDACCESS.bfu
- Blacklight Beta (Blbeta.exe)
- clean.cmd
- Essai de détection de dll ou process avec Process Explorer
Contrôle notament des Svchost par ce logiciel et dans le regsitre sous HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
- Contrôle de la validité de tous mes process (et certaines dll) dans la librairie en ligne http://www.processlibrary.com
- Essai en désinstallant NSIS avec son "uninst.exe" ou dans "ajouter/supprimer des programmes" mais il revient quand même au prochain démarrage.
- Essai de recherche manuelle dans le registre ou dans le poste de travail avec par exemple "NSIS" comme mot clé.
VOILA, J'AI PASSE PLEIN DE TEMPS POUR TENTER L'ARRET DE CES FENETRES, POUR FAIRE QUE MON PC ARRETE DE RAMER, MAIS RIEN N'Y A FAIT.
ET MAINTENANT, QUE DOIS-JE FAIRE ?
Y-aurait-il une bonne âme qui voudrait peut-être analyser mon rapport Hijakthis ou celui d'un autre logiciel ?
Merci d'avance à celui ou celle qui saura m'aider sur cet épineux problème.
Je suis sur un PC Compaq tournant sous Windows 2000 SP4, IE 6.0
J'ai longuement cherché pour essayer de faire disparaître ce problème, après avoir beaucoup cherché sur Internet, mais rien n'y fait, toujours ces fenêtres Popup qui apparaissent dès que je démarre Internet Explorer.
De plus, mon UC est à 100% par moments, j'ai tout à coup 2 à 3 explorer.exe qui apparaissent.
je suis donc obligé de mettre fin à ces tâches manuellement et de redémarrer un "Explorer.exe" (nouvelle tâche) après coup pour que ça tienne le coup un petit moment.
J'ai le dossier C:\Program Files\Fichiers communs\NSIS qui se crée, mais si je le supprime manuellement ou si je désinstalle NSIS avec son "uninst.exe" ou dans "ajouter/supprimer des programmes" il revient quand même au prochain démarrage.
A ce propos, dans C:\Program Files\Fichiers communs\NSIS, Si j'ouvre la dll "ns9.dll",
je trouve des références à:
- MSVBVM60.DLL
- C:\WINDOWS\system32\MSVBVM60.DLL
- mediastub.dll
J'ai des avertissements continuels de mon firewall qui me demande si je veux exécuter ces inombrables ******.exe avec icône en forme de chien qui sont présents dans mon dossier
C:\WINNT\TEMP et qui sont associés à cette merde, j'imagine.
En voici quelques'uns:
- APC4A7.EXE
- YH952C.EXE
- WYBAAD.EXE
- SR2560.EXE
- A0491.EXE
Je peux arrêter leur création en mettant ce dossier en lecture seule, mais ce n'est qu'un emplâtre sur une jambe de bois, ça n'empêche pas les fenêtres "NSIS media advertisment"
d'apparaître.
J'ai fait, en mode sans échec, après avoir effectué les mises à jour :
- Analyse avec mon Antivirus Trend Micro -> TOUT EST OK
- Analyse et protection avec Spyware Doctor -> OK SAUF 1 problème.
J'ai toujours un avertissement signalé qui m'oblige à redémarrer le PC après la tentative de réparation, mais ce problème est à nouveau signalé lors d'un prochain scan.
Ca me dit "Suppression de la clé détectée comme Trojan.Agent.HT" dans la clé de registre HKCU\Software\Microsoft\Internet explorer\#Main Windows, mais je ne vois rien qui corresponde en ouvrant le registre sous cette clé.
De plus, il me signale continuellement le blocage de ces fenêtres de pub.
- Analyse et imunisation avec Spybot - Search & Destroy -> TOUT EST OK
- Analyse avec ewido anti-spyware -> TOUT EST OK
- Analyse avec Ad-Aware SE Personal -> TOUT EST OK
- Analyse avec Spy Sweeper -> TOUT EST OK
- Analyse en ligne avec Kaspersky -> TOUT EST OK
- Analyse en ligne avec BitDefender -> TOUT EST OK
- Protection avec SpywareBlaster 3.5.1
- Nettoyage du registre avec CCleaner
- Nettoyage du registre avec RegCleaner
- Nettoyage du registre avec RegSeeker
- SmitFraudFix
- bfu.zip avec EGDACCESS.bfu
- Blacklight Beta (Blbeta.exe)
- clean.cmd
- Essai de détection de dll ou process avec Process Explorer
Contrôle notament des Svchost par ce logiciel et dans le regsitre sous HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
- Contrôle de la validité de tous mes process (et certaines dll) dans la librairie en ligne http://www.processlibrary.com
- Essai en désinstallant NSIS avec son "uninst.exe" ou dans "ajouter/supprimer des programmes" mais il revient quand même au prochain démarrage.
- Essai de recherche manuelle dans le registre ou dans le poste de travail avec par exemple "NSIS" comme mot clé.
VOILA, J'AI PASSE PLEIN DE TEMPS POUR TENTER L'ARRET DE CES FENETRES, POUR FAIRE QUE MON PC ARRETE DE RAMER, MAIS RIEN N'Y A FAIT.
ET MAINTENANT, QUE DOIS-JE FAIRE ?
Y-aurait-il une bonne âme qui voudrait peut-être analyser mon rapport Hijakthis ou celui d'un autre logiciel ?
Merci d'avance à celui ou celle qui saura m'aider sur cet épineux problème.
Autres pages sur : nsis media advertisment impossible supprimer
Lassé par la pub ? Créez un compte
Oui, j'ai essayé tout ça.
Merci pour ta réponse et voilà le log demandé ...
Bonne lecture.
Logfile of HijackThis v1.99.1
Scan saved at 7:10:46 , on 15.09.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINNT\system32\MGE\RunSC.exe
C:\WINNT\system32\MGE\PCtl.exe
C:\WINNT\system32\NA_Service.exe
C:\WINNT\system32\NA_XWAY.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\system32\MGE\BIL.EXE
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\MGE\CILRS232.EXE
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\TEMP\KQFBD5.EXE
C:\WINNT\system32\cidaemon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINNT\system32\hpnra.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Siemens\Common\S7ubtoox\s7ubtstx.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Popup Eclair\popupeclair.exe
C:\Siemens\Common\Sqlany\dbsrv50.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\BT\Ordinateurs\Logiciels\Windows\Windows 2000\Divers\Process Explorer\procexp.exe
C:\WINNT\system32\cidaemon.exe
C:\BT\Ordinateurs\Logiciels\Antivirus\Pour suppression Norton System Doctor\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/index_narrow.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\system32\hpnra.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [popupeclair] C:\Program Files\Popup Eclair\popupeclair.exe
O4 - HKCU\..\Run: [Ub4TrayApp] "C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" /start
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Start Firewall.lnk = C:\WINNT\system32\net.exe
O4 - Global Startup: Synchro heure.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Popup Eclair Bypass - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Popup Eclair\addbypass.exe
O9 - Extra 'Tools' menuitem: Popup Eclair Bypass - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Popup Eclair\addbypass.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://polytabsrv01.polytab.lan:4343/SMB/console/html/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camacvt.vmail.ch:81/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {E78DE03F-DC83-40DB-B590-8FD80BE5F7C8} (Security Server Management Console) - https://polytabsrv01.polytab.lan:4343/SMB/console/html/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: NameServer = 192.168.1.100,212.147.10.162,212.147.10.10,212.147.10.180
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: NameServer = 192.168.1.100,212.147.10.162,212.147.10.10,212.147.10.180
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: NameServer = 192.168.1.100,212.147.10.162,212.147.10.10,212.147.10.180
O18 - Protocol: bw+0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MGE Service module - Unknown owner - C:\WINNT\system32\MGE\RunSC.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation - C:\WINNT\system32\NA_Service.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Merci pour ta réponse et voilà le log demandé ...
Bonne lecture.
Logfile of HijackThis v1.99.1
Scan saved at 7:10:46 , on 15.09.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINNT\system32\MGE\RunSC.exe
C:\WINNT\system32\MGE\PCtl.exe
C:\WINNT\system32\NA_Service.exe
C:\WINNT\system32\NA_XWAY.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\system32\MGE\BIL.EXE
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\MGE\CILRS232.EXE
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\TEMP\KQFBD5.EXE
C:\WINNT\system32\cidaemon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINNT\system32\hpnra.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Siemens\Common\S7ubtoox\s7ubtstx.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Popup Eclair\popupeclair.exe
C:\Siemens\Common\Sqlany\dbsrv50.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\BT\Ordinateurs\Logiciels\Windows\Windows 2000\Divers\Process Explorer\procexp.exe
C:\WINNT\system32\cidaemon.exe
C:\BT\Ordinateurs\Logiciels\Antivirus\Pour suppression Norton System Doctor\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/index_narrow.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\system32\hpnra.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [popupeclair] C:\Program Files\Popup Eclair\popupeclair.exe
O4 - HKCU\..\Run: [Ub4TrayApp] "C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" /start
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Start Firewall.lnk = C:\WINNT\system32\net.exe
O4 - Global Startup: Synchro heure.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Popup Eclair Bypass - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Popup Eclair\addbypass.exe
O9 - Extra 'Tools' menuitem: Popup Eclair Bypass - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Popup Eclair\addbypass.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://polytabsrv01.polytab.lan:4343/SMB/console/html/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camacvt.vmail.ch:81/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {E78DE03F-DC83-40DB-B590-8FD80BE5F7C8} (Security Server Management Console) - https://polytabsrv01.polytab.lan:4343/SMB/console/html/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: NameServer = 192.168.1.100,212.147.10.162,212.147.10.10,212.147.10.180
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: NameServer = 192.168.1.100,212.147.10.162,212.147.10.10,212.147.10.180
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: NameServer = 192.168.1.100,212.147.10.162,212.147.10.10,212.147.10.180
O18 - Protocol: bw+0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MGE Service module - Unknown owner - C:\WINNT\system32\MGE\RunSC.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation - C:\WINNT\system32\NA_Service.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Bonjour,
-- Clique Droit sur Hijackthis :
-> Choisis " Renommer "
-> Tape Scanner.exe puis valide
- Lance l'application
- Choisis l'option Do a system scan and save a logfile
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
Aide sur Hijackthis
-- Clique Droit sur Hijackthis :
-> Choisis " Renommer "
-> Tape Scanner.exe puis valide
- Lance l'application
- Choisis l'option Do a system scan and save a logfile
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
Aide sur Hijackthis
Salut,
comme tu as deja tout essayer, je ne peut que te dire quoi supprimer sur ton log!
supprime ca alors et fait fix checked:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O4 - Global Startup: Synchro heure.bat
Tout les 018 logitech
Est ce que polytab.lan tu le connait?? ou tu sais ce que c'est???
Si non supprimer ces lignes:
O16 - DPF: {E78DE03F-DC83-40DB-B590-8FD80BE5F7C8} (Security Server Management Console) - https://polytabsrv01.polytab.lan:43 [...] onsole.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
voila j'espere que ca t'aidera
@++
comme tu as deja tout essayer, je ne peut que te dire quoi supprimer sur ton log!
supprime ca alors et fait fix checked:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O4 - Global Startup: Synchro heure.bat
Tout les 018 logitech
Est ce que polytab.lan tu le connait?? ou tu sais ce que c'est???
Si non supprimer ces lignes:
O16 - DPF: {E78DE03F-DC83-40DB-B590-8FD80BE5F7C8} (Security Server Management Console) - https://polytabsrv01.polytab.lan:43 [...] onsole.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
voila j'espere que ca t'aidera
@++
Voilà le log en renomant Hijackthis en "Scanner.exe"
Logfile of HijackThis v1.99.1
Scan saved at 8:44:01 , on 15.09.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINNT\system32\MGE\RunSC.exe
C:\WINNT\system32\MGE\PCtl.exe
C:\WINNT\system32\NA_Service.exe
C:\WINNT\system32\NA_XWAY.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\system32\MGE\BIL.EXE
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\MGE\CILRS232.EXE
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\TEMP\KQFBD5.EXE
C:\WINNT\system32\cidaemon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINNT\system32\hpnra.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Siemens\Common\S7ubtoox\s7ubtstx.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Popup Eclair\popupeclair.exe
C:\Siemens\Common\Sqlany\dbsrv50.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\BT\Ordinateurs\Logiciels\Windows\Windows 2000\Divers\Process Explorer\procexp.exe
C:\WINNT\system32\cidaemon.exe
C:\BT\Ordinateurs\Logiciels\Antivirus\Pour suppression Norton System Doctor\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/index_narrow.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\system32\hpnra.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [popupeclair] C:\Program Files\Popup Eclair\popupeclair.exe
O4 - HKCU\..\Run: [Ub4TrayApp] "C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" /start
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Start Firewall.lnk = C:\WINNT\system32\net.exe
O4 - Global Startup: Synchro heure.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Popup Eclair Bypass - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Popup Eclair\addbypass.exe
O9 - Extra 'Tools' menuitem: Popup Eclair Bypass - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Popup Eclair\addbypass.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://polytabsrv01.polytab.lan:4343/SMB/console/html/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camacvt.vmail.ch:81/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {E78DE03F-DC83-40DB-B590-8FD80BE5F7C8} (Security Server Management Console) - https://polytabsrv01.polytab.lan:4343/SMB/console/html/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: NameServer = 192.168.1.100,212.147.10.162,212.147.10.10,212.147.10.180
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: NameServer = 192.168.1.100,212.147.10.162,212.147.10.10,212.147.10.180
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: NameServer = 192.168.1.100,212.147.10.162,212.147.10.10,212.147.10.180
O18 - Protocol: bw+0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MGE Service module - Unknown owner - C:\WINNT\system32\MGE\RunSC.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation - C:\WINNT\system32\NA_Service.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 8:44:01 , on 15.09.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINNT\system32\MGE\RunSC.exe
C:\WINNT\system32\MGE\PCtl.exe
C:\WINNT\system32\NA_Service.exe
C:\WINNT\system32\NA_XWAY.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\system32\MGE\BIL.EXE
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\MGE\CILRS232.EXE
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINNT\TEMP\KQFBD5.EXE
C:\WINNT\system32\cidaemon.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\WINNT\system32\hpnra.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Siemens\Common\S7ubtoox\s7ubtstx.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Popup Eclair\popupeclair.exe
C:\Siemens\Common\Sqlany\dbsrv50.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\BT\Ordinateurs\Logiciels\Windows\Windows 2000\Divers\Process Explorer\procexp.exe
C:\WINNT\system32\cidaemon.exe
C:\BT\Ordinateurs\Logiciels\Antivirus\Pour suppression Norton System Doctor\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/index_narrow.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"
O4 - HKLM\..\Run: [HP Network Registry Agent] C:\WINNT\system32\hpnra.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [S7UB Start] "C:\Siemens\Common\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [popupeclair] C:\Program Files\Popup Eclair\popupeclair.exe
O4 - HKCU\..\Run: [Ub4TrayApp] "C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe" /start
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Start Firewall.lnk = C:\WINNT\system32\net.exe
O4 - Global Startup: Synchro heure.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Popup Eclair Bypass - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Popup Eclair\addbypass.exe
O9 - Extra 'Tools' menuitem: Popup Eclair Bypass - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Popup Eclair\addbypass.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://polytabsrv01.polytab.lan:4343/SMB/console/html/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camacvt.vmail.ch:81/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {E78DE03F-DC83-40DB-B590-8FD80BE5F7C8} (Security Server Management Console) - https://polytabsrv01.polytab.lan:4343/SMB/console/html/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CCS\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: NameServer = 192.168.1.100,212.147.10.162,212.147.10.10,212.147.10.180
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: NameServer = 192.168.1.100,212.147.10.162,212.147.10.10,212.147.10.180
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = polytab.lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: Domain = polytab.lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{1288BAE2-1682-4828-922D-5CD5407249A4}: NameServer = 192.168.1.100,212.147.10.162,212.147.10.10,212.147.10.180
O18 - Protocol: bw+0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B41EF498-F196-4A90-BDCA-6C5D97AAAED7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MGE Service module - Unknown owner - C:\WINNT\system32\MGE\RunSC.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation - C:\WINNT\system32\NA_Service.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Ton rapport semble bon...
- Télécharge Clean.zip (de Malekal),
décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Redémarre en mode sans échec
- Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
Redémarre normalement
- Le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt
Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence; clique Scan puis Next
Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
A la fin du scan, NE TOUCHE A RIEN !
Nous devons analyser ce rapport, ferme donc le programme.
Poste le rapport sur le forum.
Aide sur BlackLight de Malekal_Morte
- Télécharge Clean.zip (de Malekal),
décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Redémarre en mode sans échec
- Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
Redémarre normalement
- Le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt
Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence; clique Scan puis Next
Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
A la fin du scan, NE TOUCHE A RIEN !
Nous devons analyser ce rapport, ferme donc le programme.
Poste le rapport sur le forum.
Aide sur BlackLight de Malekal_Morte
Ce matin j'ai donc essayé tout ça.
- Clean
En mode sans échec, je reçois un message d'erreur à la fin
du processus, genre erreur création de Aldb2.exe
Mais en mode normal, c'est Ok, voici le rapport
0Script clean par Malekal_morte - http://www.malekal.com
Microsoft Windows 2000 [Version 5.00.2195]
Script execute en mode normal
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINNT\
*** Suppression des fichiers dans C:\WINNT\system32
- blbeta.exe
Voici le rapport
09/19/06 10:49:47 [Info]: BlackLight Engine 1.0.46 initialized
09/19/06 10:49:47 [Info]: OS: 5.0 build 2195 (Service Pack 4)
09/19/06 10:49:49 [Note]: 7019 4
09/19/06 10:49:49 [Note]: 7005 0
09/19/06 10:49:53 [Note]: 7006 0
09/19/06 10:49:53 [Note]: 7011 1680
09/19/06 10:49:54 [Note]: 7026 0
09/19/06 10:49:55 [Note]: 7026 0
09/19/06 10:50:06 [Note]: FSRAW library version 1.7.1019
09/19/06 10:57:23 [Note]: 2000 1006
09/19/06 11:12:43 [Note]: 7007 0
- Clean
En mode sans échec, je reçois un message d'erreur à la fin
du processus, genre erreur création de Aldb2.exe
Mais en mode normal, c'est Ok, voici le rapport
0Script clean par Malekal_morte - http://www.malekal.com
Microsoft Windows 2000 [Version 5.00.2195]
Script execute en mode normal
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINNT\
*** Suppression des fichiers dans C:\WINNT\system32
- blbeta.exe
Voici le rapport
09/19/06 10:49:47 [Info]: BlackLight Engine 1.0.46 initialized
09/19/06 10:49:47 [Info]: OS: 5.0 build 2195 (Service Pack 4)
09/19/06 10:49:49 [Note]: 7019 4
09/19/06 10:49:49 [Note]: 7005 0
09/19/06 10:49:53 [Note]: 7006 0
09/19/06 10:49:53 [Note]: 7011 1680
09/19/06 10:49:54 [Note]: 7026 0
09/19/06 10:49:55 [Note]: 7026 0
09/19/06 10:50:06 [Note]: FSRAW library version 1.7.1019
09/19/06 10:57:23 [Note]: 2000 1006
09/19/06 11:12:43 [Note]: 7007 0
Je suis sur que je passe a cote de quelque chose de simple mais que je ne vois pas...
Avec Internet Explorer
Fais un scan en ligne Panda
- Clique sur " Scan your PC "
- Ensuite sur " Check Now "
- /!\ Clique en bas sur " I don't Accept "
Entre ton adresse e-mail puis commence le scan
- Poste le rapport en fin d'analyse
Si tu as Avast! désactive-le lors du scan
Avec Internet Explorer
Fais un scan en ligne Panda
- Clique sur " Scan your PC "
- Ensuite sur " Check Now "
- /!\ Clique en bas sur " I don't Accept "
Entre ton adresse e-mail puis commence le scan
- Poste le rapport en fin d'analyse
Si tu as Avast! désactive-le lors du scan
Voilà, j'ai scanné mon PC avec Panda en ligne,
ça a pris presque tout la journée, le résultat est là:
A mon avis, c'est OK car :
- clean, c'est ce que j'ai téléchargé pour tenter une solution
- Smitfraud idem
- les cookies sont ceux des autres comptes qui sont jamais utilisés. J'afface toujours tous les cookies avant d'éteindre mon PC
Incident
Status
Location
Potentially unwanted tool:Application/Pskill.K
Not disinfected
C:\BT\Ordinateurs\Logiciels\Antivirus\Pour suppression Norton System Doctor\Clean\clean.zip[clean/pskill.exe]
Potentially unwanted tool:Application/Pskill.K
Not disinfected
C:\BT\Ordinateurs\Logiciels\Antivirus\Pour suppression Norton System Doctor\Clean\pskill.exe
Potentially unwanted tool:Application/Processor
Not disinfected
C:\BT\Ordinateurs\Logiciels\Nettoyeur registre\SmitFraudFix\Process.exe
Potentially unwanted tool:Application/Processor
Not disinfected
C:\BT\Ordinateurs\Logiciels\Nettoyeur registre\SmitFraudFix\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Spyware:Cookie/YieldManager Not disinfected
C:\Documents and Settings\Default User\Cookies\cb@ad.yieldmanager[1].txt
Spyware:Cookie/Atwola Not disinfected
H:\ANCIEN DISQUE\Documents and Settings\BC\Application Data\Mozilla\Profiles\default\tfpu270v.slt\cookies.txt[.atwola.com/]
ça a pris presque tout la journée, le résultat est là:
A mon avis, c'est OK car :
- clean, c'est ce que j'ai téléchargé pour tenter une solution
- Smitfraud idem
- les cookies sont ceux des autres comptes qui sont jamais utilisés. J'afface toujours tous les cookies avant d'éteindre mon PC
Incident
Status
Location
Potentially unwanted tool:Application/Pskill.K
Not disinfected
C:\BT\Ordinateurs\Logiciels\Antivirus\Pour suppression Norton System Doctor\Clean\clean.zip[clean/pskill.exe]
Potentially unwanted tool:Application/Pskill.K
Not disinfected
C:\BT\Ordinateurs\Logiciels\Antivirus\Pour suppression Norton System Doctor\Clean\pskill.exe
Potentially unwanted tool:Application/Processor
Not disinfected
C:\BT\Ordinateurs\Logiciels\Nettoyeur registre\SmitFraudFix\Process.exe
Potentially unwanted tool:Application/Processor
Not disinfected
C:\BT\Ordinateurs\Logiciels\Nettoyeur registre\SmitFraudFix\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Spyware:Cookie/YieldManager Not disinfected
C:\Documents and Settings\Default User\Cookies\cb@ad.yieldmanager[1].txt
Spyware:Cookie/Atwola Not disinfected
H:\ANCIEN DISQUE\Documents and Settings\BC\Application Data\Mozilla\Profiles\default\tfpu270v.slt\cookies.txt[.atwola.com/]
Ah oui, j'oubliais encore:
Ce PC est un des 6 postes présents au sein d'un réseau équipé d'un serveur Windows 2003.
L'antivirus est Trend Micro, MAJ distribuées par le serveur sur chacun des postes.
Scan aurtomatique programmé une fois par semaine, tout est OK.
Sur ce serveur sont présents un PC W98, deux PC W2000 et trois PC WXP.
Seul ce PC W2000 présente ce problème de fenêtres NSIS media Advertisment, de petits EXE qui veulent toujours s'exécuter et de l'UC à 100%, avec plusieurs explorer.exe par moments (la cause de l'UC à 100%, car après quand ça arrive, j'arrête les 2 ou 3 explorer.exe, je redémarre explorer.exe et tout est OK, UC normal)
Tout reste normal (si j'utilise mes autres programmes présents sur ce PC) jusqu'à ce que j'aille à nouveau sur Internet ce qui fait réapparaître ces fenêtres et l'UC à 100%.
Ce PC est un des 6 postes présents au sein d'un réseau équipé d'un serveur Windows 2003.
L'antivirus est Trend Micro, MAJ distribuées par le serveur sur chacun des postes.
Scan aurtomatique programmé une fois par semaine, tout est OK.
Sur ce serveur sont présents un PC W98, deux PC W2000 et trois PC WXP.
Seul ce PC W2000 présente ce problème de fenêtres NSIS media Advertisment, de petits EXE qui veulent toujours s'exécuter et de l'UC à 100%, avec plusieurs explorer.exe par moments (la cause de l'UC à 100%, car après quand ça arrive, j'arrête les 2 ou 3 explorer.exe, je redémarre explorer.exe et tout est OK, UC normal)
Tout reste normal (si j'utilise mes autres programmes présents sur ce PC) jusqu'à ce que j'aille à nouveau sur Internet ce qui fait réapparaître ces fenêtres et l'UC à 100%.
J'ai installé ce nouvel antivirus, et j'ai fait le scan, voilà le résultat:
------------------------------------
SCAN WINDOWS SYSTEM DIRECTORY :
AntiVir PersonalEdition Classic
Report file date: jeudi, 21. septembre 2006 11:04
Scanning for 506782 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Username: CB
Computer name: PC7
Version information:
AVSCAN.EXE : 7.0.0.47 196648 21.09.2006 05:13:23
AVSCAN.DLL : 7.0.0.45 41000 21.09.2006 05:13:23
LUKE.DLL : 7.0.0.47 110632 21.09.2006 05:13:24
LUKERES.DLL : 7.0.0.47 9256 21.09.2006 05:13:24
ANTIVIR0.VDF : 6.35.0.1 7371264 31.05.2006 05:27:42
ANTIVIR1.VDF : 6.36.0.9 1424384 06.09.2006 05:13:24
ANTIVIR2.VDF : 6.36.0.14 122368 13.09.2006 05:13:24
ANTIVIR3.VDF : 6.36.0.51 84992 20.09.2006 05:13:24
AVEWIN32.DLL : 7.2.0.16 1835520 21.09.2006 05:13:24
AVPREF.DLL : 7.0.0.2 17960 21.09.2006 05:13:23
AVREP.DLL : 6.36.0.5 548904 21.09.2006 05:13:24
AVRPBASE.DLL : 7.0.0.0 1544232 30.03.2006 08:42:44
AVPACK32.DLL : 7.2.0.0 360488 21.09.2006 05:13:24
AVREG.DLL : 6.31.0.90 25128 28.07.2005 10:06:11
NETNT.DLL : 6.32.0.0 6696 27.09.2005 07:56:45
NETNW.DLL : 7.0.0.0 9768 21.09.2006 05:13:24
RCIMAGE.DLL : 7.0.0.74 1642536 21.09.2006 05:13:19
RCTEXT.DLL : 7.0.0.107 77864 21.09.2006 05:13:19
Configuration settings for the scan:
Jobname.......................: Windows System Directory
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\sysdir.avp
Boot sectors..................: C
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 2
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: 0
Primary action................: 1
Secondary action..............: 0
Start of the scan: jeudi, 21. septembre 2006 11:04
The scan of running processes will be started
51 Processes were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( 26 files ).
Starting the file scan:
C:\WINNT\system32\Perflib_Perfdata_428.dat
[WARNING] The file could not be opened!
C:\WINNT\system32\ActiveScan\pskavs.dll
[DETECTION] Contains signature of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to 'bb73d33a.qua'!
C:\WINNT\system32\config\default
[WARNING] The file could not be opened!
C:\WINNT\system32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINNT\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINNT\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINNT\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINNT\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINNT\system32\config\software
[WARNING] The file could not be opened!
C:\WINNT\system32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINNT\system32\config\system
[WARNING] The file could not be opened!
C:\WINNT\system32\config\SYSTEM.ALT
[WARNING] The file could not be opened!
End of the scan: jeudi, 21. septembre 2006 12:22
Used time: 1:18:46 min
The scan has been done completely.
110 Scanning directories
5111 Files were scanned
1 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
5 Archives were scanned
11 Warnings
0 Notes
------------------------------------
SCAN LOCAL HARD DISKS :
AntiVir PersonalEdition Classic
Report file date: jeudi, 21. septembre 2006 12:23
Scanning for 506782 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Username: CB
Computer name: PC7
Version information:
AVSCAN.EXE : 7.0.0.47 196648 21.09.2006 05:13:23
AVSCAN.DLL : 7.0.0.45 41000 21.09.2006 05:13:23
LUKE.DLL : 7.0.0.47 110632 21.09.2006 05:13:24
LUKERES.DLL : 7.0.0.47 9256 21.09.2006 05:13:24
ANTIVIR0.VDF : 6.35.0.1 7371264 31.05.2006 05:27:42
ANTIVIR1.VDF : 6.36.0.9 1424384 06.09.2006 05:13:24
ANTIVIR2.VDF : 6.36.0.14 122368 13.09.2006 05:13:24
ANTIVIR3.VDF : 6.36.0.51 84992 20.09.2006 05:13:24
AVEWIN32.DLL : 7.2.0.16 1835520 21.09.2006 05:13:24
AVPREF.DLL : 7.0.0.2 17960 21.09.2006 05:13:23
AVREP.DLL : 6.36.0.5 548904 21.09.2006 05:13:24
AVRPBASE.DLL : 7.0.0.0 1544232 30.03.2006 08:42:44
AVPACK32.DLL : 7.2.0.0 360488 21.09.2006 05:13:24
AVREG.DLL : 6.31.0.90 25128 28.07.2005 10:06:11
NETNT.DLL : 6.32.0.0 6696 27.09.2005 07:56:45
NETNW.DLL : 7.0.0.0 9768 21.09.2006 05:13:24
RCIMAGE.DLL : 7.0.0.74 1642536 21.09.2006 05:13:19
RCTEXT.DLL : 7.0.0.107 77864 21.09.2006 05:13:19
Configuration settings for the scan:
Jobname.......................: Local Hard Disks
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp
Boot sectors..................: C,H
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 2
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: 0
Primary action................: 1
Secondary action..............: 0
Start of the scan: jeudi, 21. septembre 2006 12:23
The scan of running processes will be started
51 Processes were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( 26 files ).
Starting the file scan:
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\BT\Ordinateurs\Logiciels\Compaq\Compaq Proliant 1600\Power Management Software\Multiplatforme V1.81A\INSIGHT\ENG\UNINST.EXE
[DETECTION] Is the Trojan horse TR/FlashKiller
[WARNING] The file was ignored!
C:\BT\Ordinateurs\Logiciels\Compaq\Compaq Proliant 1600\Power Management Software\Multiplatforme V1.81A\INSIGHT\JPN\UNINST.EXE
[DETECTION] Is the Trojan horse TR/FlashKiller
[WARNING] The file was ignored!
End of the scan: jeudi, 21. septembre 2006 15:52
Used time: 3:29:32 min
The scan has been canceled!
967 Scanning directories
55392 Files were scanned
2 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
635 Archives were scanned
3 Warnings
11 Notes
Voilà, et maintenant, que dois-je faire ?
------------------------------------
SCAN WINDOWS SYSTEM DIRECTORY :
AntiVir PersonalEdition Classic
Report file date: jeudi, 21. septembre 2006 11:04
Scanning for 506782 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Username: CB
Computer name: PC7
Version information:
AVSCAN.EXE : 7.0.0.47 196648 21.09.2006 05:13:23
AVSCAN.DLL : 7.0.0.45 41000 21.09.2006 05:13:23
LUKE.DLL : 7.0.0.47 110632 21.09.2006 05:13:24
LUKERES.DLL : 7.0.0.47 9256 21.09.2006 05:13:24
ANTIVIR0.VDF : 6.35.0.1 7371264 31.05.2006 05:27:42
ANTIVIR1.VDF : 6.36.0.9 1424384 06.09.2006 05:13:24
ANTIVIR2.VDF : 6.36.0.14 122368 13.09.2006 05:13:24
ANTIVIR3.VDF : 6.36.0.51 84992 20.09.2006 05:13:24
AVEWIN32.DLL : 7.2.0.16 1835520 21.09.2006 05:13:24
AVPREF.DLL : 7.0.0.2 17960 21.09.2006 05:13:23
AVREP.DLL : 6.36.0.5 548904 21.09.2006 05:13:24
AVRPBASE.DLL : 7.0.0.0 1544232 30.03.2006 08:42:44
AVPACK32.DLL : 7.2.0.0 360488 21.09.2006 05:13:24
AVREG.DLL : 6.31.0.90 25128 28.07.2005 10:06:11
NETNT.DLL : 6.32.0.0 6696 27.09.2005 07:56:45
NETNW.DLL : 7.0.0.0 9768 21.09.2006 05:13:24
RCIMAGE.DLL : 7.0.0.74 1642536 21.09.2006 05:13:19
RCTEXT.DLL : 7.0.0.107 77864 21.09.2006 05:13:19
Configuration settings for the scan:
Jobname.......................: Windows System Directory
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\sysdir.avp
Boot sectors..................: C
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 2
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: 0
Primary action................: 1
Secondary action..............: 0
Start of the scan: jeudi, 21. septembre 2006 11:04
The scan of running processes will be started
51 Processes were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( 26 files ).
Starting the file scan:
C:\WINNT\system32\Perflib_Perfdata_428.dat
[WARNING] The file could not be opened!
C:\WINNT\system32\ActiveScan\pskavs.dll
[DETECTION] Contains signature of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to 'bb73d33a.qua'!
C:\WINNT\system32\config\default
[WARNING] The file could not be opened!
C:\WINNT\system32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINNT\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINNT\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINNT\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINNT\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINNT\system32\config\software
[WARNING] The file could not be opened!
C:\WINNT\system32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINNT\system32\config\system
[WARNING] The file could not be opened!
C:\WINNT\system32\config\SYSTEM.ALT
[WARNING] The file could not be opened!
End of the scan: jeudi, 21. septembre 2006 12:22
Used time: 1:18:46 min
The scan has been done completely.
110 Scanning directories
5111 Files were scanned
1 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
5 Archives were scanned
11 Warnings
0 Notes
------------------------------------
SCAN LOCAL HARD DISKS :
AntiVir PersonalEdition Classic
Report file date: jeudi, 21. septembre 2006 12:23
Scanning for 506782 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Username: CB
Computer name: PC7
Version information:
AVSCAN.EXE : 7.0.0.47 196648 21.09.2006 05:13:23
AVSCAN.DLL : 7.0.0.45 41000 21.09.2006 05:13:23
LUKE.DLL : 7.0.0.47 110632 21.09.2006 05:13:24
LUKERES.DLL : 7.0.0.47 9256 21.09.2006 05:13:24
ANTIVIR0.VDF : 6.35.0.1 7371264 31.05.2006 05:27:42
ANTIVIR1.VDF : 6.36.0.9 1424384 06.09.2006 05:13:24
ANTIVIR2.VDF : 6.36.0.14 122368 13.09.2006 05:13:24
ANTIVIR3.VDF : 6.36.0.51 84992 20.09.2006 05:13:24
AVEWIN32.DLL : 7.2.0.16 1835520 21.09.2006 05:13:24
AVPREF.DLL : 7.0.0.2 17960 21.09.2006 05:13:23
AVREP.DLL : 6.36.0.5 548904 21.09.2006 05:13:24
AVRPBASE.DLL : 7.0.0.0 1544232 30.03.2006 08:42:44
AVPACK32.DLL : 7.2.0.0 360488 21.09.2006 05:13:24
AVREG.DLL : 6.31.0.90 25128 28.07.2005 10:06:11
NETNT.DLL : 6.32.0.0 6696 27.09.2005 07:56:45
NETNW.DLL : 7.0.0.0 9768 21.09.2006 05:13:24
RCIMAGE.DLL : 7.0.0.74 1642536 21.09.2006 05:13:19
RCTEXT.DLL : 7.0.0.107 77864 21.09.2006 05:13:19
Configuration settings for the scan:
Jobname.......................: Local Hard Disks
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp
Boot sectors..................: C,H
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 2
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: 0
Primary action................: 1
Secondary action..............: 0
Start of the scan: jeudi, 21. septembre 2006 12:23
The scan of running processes will be started
51 Processes were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( 26 files ).
Starting the file scan:
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\BT\Ordinateurs\Logiciels\Compaq\Compaq Proliant 1600\Power Management Software\Multiplatforme V1.81A\INSIGHT\ENG\UNINST.EXE
[DETECTION] Is the Trojan horse TR/FlashKiller
[WARNING] The file was ignored!
C:\BT\Ordinateurs\Logiciels\Compaq\Compaq Proliant 1600\Power Management Software\Multiplatforme V1.81A\INSIGHT\JPN\UNINST.EXE
[DETECTION] Is the Trojan horse TR/FlashKiller
[WARNING] The file was ignored!
End of the scan: jeudi, 21. septembre 2006 15:52
Used time: 3:29:32 min
The scan has been canceled!
967 Scanning directories
55392 Files were scanned
2 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
635 Archives were scanned
3 Warnings
11 Notes
Voilà, et maintenant, que dois-je faire ?
Je crois que je suis finalement arrivé à me débarasser
de l'apparition de ses satanées fenêtres de pub NSIS ...
Pour ça, j'ai fait une restauration de mon système d'exploitation
à partir de mon CD Windows 2000.
Suite à cette restauration, j'ai le programme de désinstallation
de NSIS qui est réapparu (par miracle ?) dans la liste des programmes installés.
J'ai procédé à sa désinstallation, redémarré le PC,
et du coup je ne vois plus ces fenêtres apparaître.
Cependant, j'ai toujours ces petits ****.Exe (apparence de l'icône en forme de chien)
qui arrivent dans mon dossier C:\Winnt\Temp, mais ils sont bloqués par mon firewall,
et ça ne semble pas porter préjudice à mon PC.
Je n'ai plus non plus mon UC à 100%, je n'ai plus de bug avec Internet Explorer
qui plantait et redémarrait sans arrêt, plus de processus explorer.exe à double,
donc Youpiie !!!
Si je refais des scan avec mon (mes trop nombreux !!!) antivirus et antispyware,
tout est toujours OK comme quand il y avait ce problème.
Je me pose donc des questions sur le bien-fondé d'installer tous ces utilitaires
qui n'ont rien trouvé dans mon cas et sur toutes ces heures passées,
entre mode sans échec, scans interminables et autres exécutions de scripts divers
qui ne font finalement peut-être que rajouter d'autres problèmes
ou qui pourraient j'imagine amener d'autres merdes sur le PC.
Suite à ça, je peux avec soulagement désinstaller la pluspart d'entre-eux.
J'ai gardé Spybot - Search & Destroy, Ewido et Spyware Doctor.
Merci à ceux qui m'ont aidés sur ce forum et sur d'autres,
Angeldark par exemple.
de l'apparition de ses satanées fenêtres de pub NSIS ...
Pour ça, j'ai fait une restauration de mon système d'exploitation
à partir de mon CD Windows 2000.
Suite à cette restauration, j'ai le programme de désinstallation
de NSIS qui est réapparu (par miracle ?) dans la liste des programmes installés.
J'ai procédé à sa désinstallation, redémarré le PC,
et du coup je ne vois plus ces fenêtres apparaître.
Cependant, j'ai toujours ces petits ****.Exe (apparence de l'icône en forme de chien)
qui arrivent dans mon dossier C:\Winnt\Temp, mais ils sont bloqués par mon firewall,
et ça ne semble pas porter préjudice à mon PC.
Je n'ai plus non plus mon UC à 100%, je n'ai plus de bug avec Internet Explorer
qui plantait et redémarrait sans arrêt, plus de processus explorer.exe à double,
donc Youpiie !!!
Si je refais des scan avec mon (mes trop nombreux !!!) antivirus et antispyware,
tout est toujours OK comme quand il y avait ce problème.
Je me pose donc des questions sur le bien-fondé d'installer tous ces utilitaires
qui n'ont rien trouvé dans mon cas et sur toutes ces heures passées,
entre mode sans échec, scans interminables et autres exécutions de scripts divers
qui ne font finalement peut-être que rajouter d'autres problèmes
ou qui pourraient j'imagine amener d'autres merdes sur le PC.
Suite à ça, je peux avec soulagement désinstaller la pluspart d'entre-eux.
J'ai gardé Spybot - Search & Destroy, Ewido et Spyware Doctor.
Merci à ceux qui m'ont aidés sur ce forum et sur d'autres,
Angeldark par exemple.
Bonjour à tous,
Ayant ce pb depuis plusieurs mois, je viens de découvrir un site en anglais qui propose un petit logiciel à charger et à exécuter sur les PC infectés. Je l'ai exécuter chez moi et le problème semble résolu.
A vous d'essayer : http://kichik.net/
Pour ce qui ne lise pas l'anglais, voici le lien direct pour charger le programme : http://kichik.net/nsis/NSIS%20Media%20Remover.exe
Bonne Chance
Ayant ce pb depuis plusieurs mois, je viens de découvrir un site en anglais qui propose un petit logiciel à charger et à exécuter sur les PC infectés. Je l'ai exécuter chez moi et le problème semble résolu.
A vous d'essayer : http://kichik.net/
Pour ce qui ne lise pas l'anglais, voici le lien direct pour charger le programme : http://kichik.net/nsis/NSIS%20Media%20Remover.exe
Bonne Chance
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumImpossible creer dossier, media protege
- ForumImpossible de lire avec media player
- solutionsImpossible de graver windows media
- ForumImpossible d'instaler windows media player
- ForumImpossible windows media centre
- ForumImpossible de lire avec windows media
- ForumImpossible utiliser windows media player
- solutionsImpossible de telecharger vlc media player
- ForumWindows media player, lecture impossible
- ForumImpossible installer windows media player
- Voir plus
