Danger : soyware

ftkchester Messages postés 52 Statut Membre -  
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
salut tout le monde. alors voila, j'ai un pitit probleme de virus. Je suppose que tout le monde le connait : DANGER : SPYWARE. C'est la page rouge qui se met en fond d'écran avec un ti carré noir au mileu et marker plein de truc dedans. j'ai vu qu'il y avait beaucoup de post sur ce forum , et beaucoup, tellement qu'on si embrouille. j'ai beaucoup de facon afin de réparer ce probleme, sur différents forums , mais aucune ne paru clair et qui marchait a 100% . On ma fait toucher au registre, a desktop.htlm bref a tout. Mais y-a-t-il une solution qui marche réelement , parcque je suis toujours avec ce probleme . Merci pour toute vos rep.
Tchao :)

46 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Problème majeur : un spyware détecté, potentiellement un virus, affiche une page rouge et bloque l'accès à Internet, compliquant les tentatives de restauration via le registre et les outils. Des réponses suggèrent d'utiliser HijackThis pour repérer les entrées indésirables et d'éditer des clés du registre, notamment celles liées à Explorer et au chemin du Bureau, afin de rétablir l'emplacement. Plusieurs interventions évoquent la restauration du chemin d'accès au Bureau dans HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders et la suppression de fichiers .exe malveillants repérés dans System32, avec redémarrage nécessaire. En cas d'impossibilité d'accès au web, les solutions passent par des transferts hors ligne ou l'utilisation d'un autre PC pour appliquer les corrections et vérifier leurs effets après redémarrage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. ftkchester Messages postés 52 Statut Membre
     
    ouaip merci , mas j'aimerais savoir pourquoi quand je change les valeurs dans le regedit, et que j'y retourne ,e elles sont derevenu comme avant
    0
  2. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  3. moe
     
    parce que le trojan est toujours là

    redemarre ton pc et poste un log hijack

    a+
    0
    1. ftkchester Messages postés 52 Statut Membre
       
      Logfile of HijackThis v1.99.1
      Scan saved at 20:14:02, on 30/04/2005
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.exe
      C:\Program Files\Ahead\NeroNET\NeroNET.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\system32\mfcyv32.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\System32\TFNF5.exe
      C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
      C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
      C:\WINDOWS\system32\syseb32.exe
      C:\WINDOWS\System32\kernels32.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Media Access\MediaAccK.exe
      C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe
      C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
      C:\WINDOWS\LTSMMSG.exe
      C:\WINDOWS\System32\00THotkey.exe
      C:\temp\salm.exe
      C:\WINDOWS\System32\Rhc.exe
      C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 1 pour framxpro.zip\FreeRAM XP Pro 1.40.exe
      C:\Program Files\Media Access\MediaAccess.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\WINDOWS\System32\vxh8jkdq6.exe
      C:\WINDOWS\System32\8591.exe
      C:\WINDOWS\System32\vxh8jkdq7.exe
      C:\WINDOWS\System32\TPSBattM.exe
      C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE
      C:\WINDOWS\System32\wbem\wmiapsrv.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
      R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org
      R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DENISD~1\LOCALS~1\Temp\sp.dll/sp.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - Default URLSearchHook is missing
      F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
      O1 - Hosts: auto.search.msn.com 127.0.0.1
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: (no name) - {D499E362-734F-CEC4-2D6B-48286CEBB4B1} - C:\WINDOWS\system32\apiyv32.dll
      O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
      O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
      O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
      O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
      O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
      O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
      O4 - HKLM\..\Run: [PROXY PHONE MEOW ERROR] C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONE\01software.exe
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [ltsqon] c:\windows\system32\ltsqon.exe
      O4 - HKLM\..\Run: [syseb32.exe] C:\WINDOWS\system32\syseb32.exe
      O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
      O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.3.0\WeatherOnTray.exe
      O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
      O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
      O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
      O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NeroNETTrayIcon] C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [mswspl] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [kxmdir] C:\WINDOWS\System32\ltsqon.exe
      O4 - HKLM\..\Run: [Killer.MAX] C:\PROGRA~1\Killer.MAX\KILLER~1.EXE
      O4 - HKLM\..\Run: [EnergyPlugIn] C:\Program Files\EnergyPlugIn\EnergyPlugin.exe
      O4 - HKLM\..\Run: [2 Stupid Find Proc] C:\Documents and Settings\All Users\Application Data\AmokScr2Stupid\BoldAce.exe
      O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
      O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE
      O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
      O4 - HKLM\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe
      O4 - HKLM\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe
      O4 - HKLM\..\RunOnce: [mfcyv32.exe] C:\WINDOWS\system32\mfcyv32.exe
      O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 1 pour framxpro.zip\FreeRAM XP Pro 1.40.exe" -win
      O4 - HKCU\..\Run: [Bore Funk] C:\DOCUME~1\DENISD~1\APPLIC~1\DRIVEL~1\MOVESIZESITE.exe
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [Uurc] C:\Documents and Settings\Denis de MAROUSSEM\Application Data\y?if.exe
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
      O4 - HKCU\..\Run: [Rmtt] C:\Documents and Settings\Denis de MAROUSSEM\Application Data\t?ps.exe
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess
      O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\8591.exe
      O4 - HKCU\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe
      O4 - HKCU\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe
      O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
      O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O13 - DefaultPrefix: http://web.all-find.org/best.php?url=
      O13 - WWW Prefix: http://web.all-find.org/best.php?url=
      O13 - Home Prefix: http://web.all-find.org/best.php?url=
      O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=
      O15 - Trusted Zone: *.awmdabest.com
      O15 - Trusted Zone: *.blazefind.com
      O15 - Trusted Zone: *.clickspring.net
      O15 - Trusted Zone: *.flingstone.com
      O15 - Trusted Zone: *.frame.crazywinnings.com
      O15 - Trusted Zone: *.mt-download.com
      O15 - Trusted Zone: *.my-internet.info
      O15 - Trusted Zone: *.searchbarcash.com
      O15 - Trusted Zone: *.searchmiracle.com
      O15 - Trusted Zone: *.skoobidoo.com
      O15 - Trusted Zone: *.slotch.com
      O15 - Trusted Zone: *.slotchbar.com
      O15 - Trusted Zone: *.vxiframe.biz
      O15 - Trusted Zone: *.windupdates.com
      O15 - Trusted Zone: *.xxxtoolbar.com
      O15 - Trusted Zone: *.ysbweb.com
      O15 - Trusted Zone: *.blazefind.com (HKLM)
      O15 - Trusted Zone: *.clickspring.net (HKLM)
      O15 - Trusted Zone: *.flingstone.com (HKLM)
      O15 - Trusted Zone: *.mt-download.com (HKLM)
      O15 - Trusted Zone: *.my-internet.info (HKLM)
      O15 - Trusted Zone: *.searchbarcash.com (HKLM)
      O15 - Trusted Zone: *.searchmiracle.com (HKLM)
      O15 - Trusted Zone: *.skoobidoo.com (HKLM)
      O15 - Trusted Zone: *.slotch.com (HKLM)
      O15 - Trusted Zone: *.slotchbar.com (HKLM)
      O15 - Trusted Zone: *.vxiframe.biz (HKLM)
      O15 - Trusted Zone: *.windupdates.com (HKLM)
      O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
      O15 - Trusted Zone: *.ysbweb.com (HKLM)
      O15 - Trusted IP range: 66.197.161.149
      O15 - Trusted IP range: 66.197.161.149 (HKLM)
      O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
      O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_sky.exe
      O16 - DPF: {0D9590E8-D4E9-4822-954B-784CDAF94F2D} (vdiewer control) - http://www.tunacash.com/build/adultViewerCab02.cab
      O16 - DPF: {11311111-1551-1661-1771-000000000000} - http://www.all-find.org/mih2/web.exe
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c420.cab
      O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
      O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
      O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/2dc080c0/enter.cab
      O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
      O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
      O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
      O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} - http://neo-toolbar.com/Inst.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
      O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR_XP.cab
      O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://labo.nomatica.com/XUpload.ocx
      O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/FR175_116.exe
      O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/es/activex_300_es.exe
      O18 - Protocol: bw+0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: offline-8876480 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exe
      O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Network Security Service (NSS) ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\sysgc32.exe (file missing)
      0
  4. moe
     
    laisse moi quelques minute pour verifier le log

    mais apparement tu as pas mal de trucs à virer (vers spys trojans)

    a tout de suite
    0
  5. ftkchester Messages postés 52 Statut Membre
     
    okok
    0
  6. ftkchester Messages postés 52 Statut Membre
     
    ya quelqu'un ^^ ?
    0
  7. moe
     
    salut

    Télécharge ces logiciels et mets les à jours(important):

    - CWShredder:
    http://cwshredder.net/bin/CWShredder.exe

    - Ad-aware:
    http://www.lavasoftusa.com/french/support/download/
    l'aide:
    http://www.ordi-netfr.org/tutorialadaware.php
    le patch francais est ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    une fois installé, tu choisis la langue dans les parametres d'ad-aware.
    clic sur l'engrenage puis sur interface choisis french et clic sur proceed pour valider

    mettre à jours avant de l'utiliser.

    ce fichier reg:
    http://pageperso.aol.fr/Balltrap34/Background.zip
    dezippe le sur ton bureau mais ne l'utilise pas encore

    Vide le cache d'Internet Explorer et supprime les cookies:

    * Panneau de configuration >> Options internet >> Onglet "Général"
    - Clic sur [supprimer les cookies]
    - Clic sur [Supprimer les fichiers] en cochant la case "Supprimer tout le contenu hors connexion"

    Rend visible les fichiers cachés et systeme
    panneau de configuration > options des dossiers > onglet affichage
    Cocher " afficher les fichiers et dossiers cachés "
    Décocher " masquer les extentions des fichiers dont le type est connu
    Décocher " masquer les fichiers protégés du système"
    Valide

    Désactive la restauration systéme.
    Clic droit sur poste de travail > propriétés > onglet restauration système
    puis cocher "désactiver la restauration système".
    (accepte le redemarrage).

    Redémarre en mode sans échec
    Laisse passer l'écran du bios, puis tapote sur la touche F8.
    Choisis le mode sans échec dans les options et valide avec entrée.

    ---------------------------------------------

    Dans le menu Demarrer>Executer >tape: Services.msc
    recherche le service avec cette orthographe exacte:
    Network Security Service
    Double clic dessus et clic sur [arreter] puis dans :
    type de demarrage --> sélectionne désactivé.

    Lance hijackthis et Fixe:
    cocher la case au début des lignes suivantes:

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DENISD~1\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
    O1 - Hosts: auto.search.msn.com 127.0.0.1
    O2 - BHO: (no name) - {D499E362-734F-CEC4-2D6B-48286CEBB4B1} - C:\WINDOWS\system32\apiyv32.dll

    O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
    O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
    O4 - HKLM\..\Run: [ltsqon] c:\windows\system32\ltsqon.exe
    O4 - HKLM\..\Run: [syseb32.exe] C:\WINDOWS\system32\syseb32.exe
    O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.3.0\WeatherOnTray.exe
    O4 - HKLM\..\Run: [kxmdir] C:\WINDOWS\System32\ltsqon.exe

    O4 - HKLM\..\Run: [EnergyPlugIn] C:\Program Files\EnergyPlugIn\EnergyPlugin.exe <- tu connais ce prog ?

    O4 - HKLM\..\Run: [2 Stupid Find Proc] C:\Documents and Settings\All Users\Application Data\AmokScr2Stupid\BoldAce.exe
    O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe
    O4 - HKLM\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe
    O4 - HKLM\..\RunOnce: [mfcyv32.exe] C:\WINDOWS\system32\mfcyv32.exe
    O4 - HKCU\..\Run: [Bore Funk] C:\DOCUME~1\DENISD~1\APPLIC~1\DRIVEL~1\MOVESIZESITE.exe
    O4 - HKCU\..\Run: [Uurc] C:\Documents and Settings\Denis de MAROUSSEM\Application Data\y?if.exe
    O4 - HKCU\..\Run: [Rmtt] C:\Documents and Settings\Denis de MAROUSSEM\Application Data\t?ps.exe
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess
    O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\8591.exe
    O4 - HKCU\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe
    O4 - HKCU\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe

    O13 - DefaultPrefix: http://web.all-find.org/best.php?url=
    O13 - WWW Prefix: http://web.all-find.org/best.php?url=
    O13 - Home Prefix: http://web.all-find.org/best.php?url=
    O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.skoobidoo.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.slotchbar.com
    O15 - Trusted Zone: *.vxiframe.biz
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.blazefind.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
    O15 - Trusted Zone: *.skoobidoo.com (HKLM)
    O15 - Trusted Zone: *.slotch.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted Zone: *.vxiframe.biz (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted IP range: 66.197.161.149
    O15 - Trusted IP range: 66.197.161.149 (HKLM)

    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_sky.exe
    O16 - DPF: {0D9590E8-D4E9-4822-954B-784CDAF94F2D} (vdiewer control) - http://www.tunacash.com/build/adultViewerCab02.cab
    O16 - DPF: {11311111-1551-1661-1771-000000000000} - http://www.all-find.org/mih2/web.exe
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c420.cab
    O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
    O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/2dc080c0/enter.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} - http://neo-toolbar.com/Inst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
    O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR_XP.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://labo.nomatica.com/XUpload.ocx
    O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/FR175_116.exe
    O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/es/activex_300_es.exe

    O23 - Service: Network Security Service (NSS) ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\sysgc32.exe (file missing)

    valider avec [fix checked]

    Rechercher et supprimer si présent:

    Dans le cas ou tu utiliserais la fonction Rechercher:
    Assure toi que dans:
    Tous les fichiers et tous les dossiers >> Options avancées
    • Rechercher dans les dossiers systemes <- DOIT ETRE COCHE !
    • Rechercher dans les fichiers et les dossiers cachés <- DOIT ETRE COCHE !
    • Rechercher dans les sous-dossiers <- DOIT ETRE COCHE !

    C:\destop
    C:\WINDOWS\popup.html.
    C:\WINDOWS\desktop.html
    C:\temp\salm.exe
    C:\WINDOWS\system32\apiyv32.dll
    C:\WINDOWS\sysgc32.exe
    C:\WINDOWS\system32\tibs3.exe
    C:\WINDOWS\system32\mfcyv32.exe
    C:\WINDOWS\system32\syseb32.exe
    C:\WINDOWS\System32\kernels32.exe
    C:\WINDOWS\System32\vxh8jkdq6.exe
    C:\WINDOWS\System32\8591.exe
    C:\WINDOWS\System32\vxh8jkdq7.exe
    C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE
    c:\windows\system32\ltsqon.exe
    C:\WINDOWS\System32\Rhc.exe
    C:\WINDOWS\System32\Qdr.exe
    C:\Documents and Settings\Denis de MAROUSSEM\Application Data\t?ps.exe
    C:\Documents and Settings\Denis de MAROUSSEM\Application Data\y?if.exe
    p2esocks_1012.dll

    supprime ces dossiers:
    C:\Documents and Settings\Denis de MAROUSSEM\Application Data\DRIVEL
    C:\Documents and Settings\All Users\Application Data\AmokScr2Stupid
    C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONE
    C:\Program Files\Admanager Controller
    C:\Program Files\Hotbar
    C:\Program Files\Media Access

    --------------------

    Supprimer les fichiers temporaires:

    * C:\Documents and Settings\ton compte\Local Settings\Temp
    * C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
    * C:\Temp
    * C:\Windows\Temp
    vider tout le contenu des dossiers en gras.

    Le contenu du dossier prefetch:

    * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

    * Ne pas oublier de vider la corbeille !

    -------------------

    puis lance cwshredder(clic sur fix)
    lance ad-aware et supprime tout ce qu'il trouve

    Redemarre normalement, et double clic sur Background.reg (tu devrais de nouveau pouvoir changer de wallpaper, retrouver le clic droit,)
    il devrait faire effet de suite sinon redemarre.

    et ensuite fais un scan AV ici:
    http://www.ravantivirus.com/scan/
    Clic sur "To continue without subscribing click here"
    Lorsque "Ready" est affiché dans "status", clic sur "Scan my PC".
    A la fin de l'analyse, copier/coller le rapport ici + un nouveau rapport hijackthis

    a+
    0
  8. ftkchester Messages postés 52 Statut Membre
     
    a bon j'ai du boulot alors . Merci beaucoup . je fais toutes ces manip et je te tiens au courant :)
    0
  9. moe
     
    oui, si tu savais pas quoi faire ce soir...

    a+
    0
  10. ftkchester Messages postés 52 Statut Membre
     
    salut moe !
    Alors voila : j'ai réussi a faire la plupart des manip mais pas toutes. En effet, j'ai pas trouver certains dossier a supprimer. Ensuite,je n'ai pas bien compri ce qu'il fallait faire des fichiers temps (faut-il les supprimer et vider les dossier en gras du dernier temps ? ). Enfin je n'ai réussi a supprimer des .exe que je ne pouvais pas supprimer avant, que lorsque j'ai redémarer le pc (ex : C:\WINDOWS\System32\vxh8jkdq6.exe et C:\WINDOWS\System32\vxh8jkdq7.exe ). Ensuite, certaine ligne a cocher dans hijackthis ni étaient pas . Pour finir, sur cet ordi, le spyware me bloquent l'acces internet ,et je ne peux donc pas faire les mises a jours de ad aware, et cwshredder...
    que dois-je faire ?
    en tout cas merci pourr ton aide :D

    ps : je n'ai pasnon plus trouver le background.reg
    0
  11. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    salut
    tu dit que tu na pas acces a internet comment vient tu ici
    er refait un hijack stp
    0
  12. ftkchester Messages postés 52 Statut Membre
     
    salut :) . alors en faite j'ai un petit réseau de 3 pc chez moi ... sur l'ordinateur qui ne marche pas ( portable) le connexion avec les autres pc marche pour le partage de fichier de temps en temps . Donc je peux transférer le résultat. Sinon hop une disquette , et le petit fichier blocnote desssus et tout va bien :)
    0
  13. ftkchester Messages postés 52 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 11:55:01, on 01/05/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Ahead\NeroNET\NeroNET.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
    C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe
    C:\WINDOWS\System32\TPSBattM.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINDOWS\Eso.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
    O1 - Hosts: auto.search.msn.com 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
    O4 - HKLM\..\Run: [PROXY PHONE MEOW ERROR] C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONE\01software.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroNETTrayIcon] C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [mswspl] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [Nfh] C:\WINDOWS\Eso.exe
    O4 - HKLM\..\Run: [Ffh] C:\WINDOWS\System32\Iod.exe
    O4 - HKLM\..\Run: [Sfb] C:\WINDOWS\System32\Sac.exe
    O4 - HKLM\..\Run: [Vmq] C:\WINDOWS\Ptn.exe
    O4 - HKLM\..\Run: [Mff] C:\WINDOWS\Nmr.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 1 pour framxpro.zip\FreeRAM XP Pro 1.40.exe" -win
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Mff] C:\WINDOWS\Nmr.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O13 - DefaultPrefix: http://web.all-find.org/best.php?url=
    O13 - WWW Prefix: http://web.all-find.org/best.php?url=
    O13 - Home Prefix: http://web.all-find.org/best.php?url=
    O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted IP range: 66.197.161.149
    O15 - Trusted IP range: 66.197.161.149 (HKLM)
    O18 - Protocol: bw+0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

    j'ai limpression qu'il y a les meme problemes :(
    0
  14. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    salut
    regarde dans ajout suppr de prog si tu trouve ceci et desinstal
    [Spyware Vanisher]
    imprime ceci pour ne rien oublier et tous faire
    tous faire dans l ordre imperativement
    -------------------------
    tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore
    adaware (1)
    spyboot (2)
    (ici) http://www.florensac-chasse-trap.com/ section virus
    et aussi ceci
    CleanUp312.exe (3)
    et encore ceci

    About:Buster.
    Tu le télécharges sur :
    http://www.majorgeeks.com/download4289.html

    clik "Check for updates".
    telecharge les mises a jour
    referme le
    ont l utiliseras plus tard

    ----------------

    demarre en mode sans echec
    mode sans echec pour cela tu tapote la touche f8
    des le debut de l allumage du pc sans t arreter
    une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
    une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
    -------------------------
    desactive ta restauration systeme
    pour ça tu fais clic droit sur poste de travail
    propriété tu clique sur onglet restauration système
    tu coche la case désactiver la restauration et applique
    ------------

    assure toi de ceci
    Affiche tous les fichiers et dossiers :
    cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
    Cocher afficher les dossiers cacher

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décocher masquer les extensions dont le type est connu
    Puis fais «Ok» pour valider les changements.

    Et appliquer
    ----------------------
    vide tes fichiers temps et tempory internet file sur tous les utilisateur
    utilise ceci pour le faire
    http://pageperso.aol.fr/Balltrap34/CleanUp312.exe

    --------------------
    relance hijack coche ces lignes et ensuite clik sur fix
    R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org
    R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
    O1 - Hosts: auto.search.msn.com 127.0.0.1
    O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
    O4 - HKLM\..\Run: [mswspl] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Ffh] C:\WINDOWS\System32\Iod.exe
    O4 - HKLM\..\Run: [Sfb] C:\WINDOWS\System32\Sac.exe
    O4 - HKLM\..\Run: [Vmq] C:\WINDOWS\Ptn.exe
    O4 - HKLM\..\Run: [Mff] C:\WINDOWS\Nmr.exe
    O4 - HKCU\..\Run: [Mff] C:\WINDOWS\Nmr.exe
    O13 - DefaultPrefix: http://web.all-find.org/best.php?url=
    O13 - WWW Prefix: http://web.all-find.org/best.php?url=
    O13 - Home Prefix: http://web.all-find.org/best.php?url=
    O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted IP range: 66.197.161.149
    O15 - Trusted IP range: 66.197.161.149 (HKLM)

    ----------------------
    recherche et suppr ceci
    attention seulement les fichiers
    C:\WINDOWS\Nmr.exe
    C:\WINDOWS\Ptn.exe
    C:\WINDOWS\System32\Sac.exe
    C:\WINDOWS\System32\Iod.exe

    ---------------
    passe deux fois de suite about buster
    --------------
    passe adaware et vire tous se qu il trouve
    ----------
    passe spy boot et vire tous se qu il trouvent
    -------------

    tu vide ta poubelle et tu redemarre en mode normal et refait un hijack
    et precise ou en sont tes soucis

    --
    0
  15. ftkchester Messages postés 52 Statut Membre
     
    salut, voila j'ai tout fait, mais ya encore un pb : je peux faire clique droit, changer de wallpaper, mais je ne retrouve pas mes icones de bureau , je devrais normalement les changer la :
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.
    Attention au cas particulier %USERPROFILE%\Bureau
    keske veut dire %USERPROFILE%\Bureau
    0
  16. ftkchester Messages postés 52 Statut Membre
     
    ouaip c'est ce que j'ai fait, mais seulement le clique droit et le wallpaper reviennent...
    lorsque je change HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.
    Attention au cas particulier %USERPROFILE%\Bureau , celui revient comme avant, avec le desktop ki est redirigé vers c:\desktop
    0
  17. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    pourquoi fait tu cela il faut juste utiliser le prog redemarrer et ensuite dans les proprietre du bureau tu remet ton fond
    0
  • 1
  • 2
  • 3