Danger : soyware
Fermé
ftkchester
Messages postés
52
Date d'inscription
samedi 30 avril 2005
Statut
Membre
Dernière intervention
4 mai 2005
-
30 avril 2005 à 18:55
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 - 1 mai 2005 à 15:33
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 - 1 mai 2005 à 15:33
46 réponses
Fisherprice
Messages postés
1428
Date d'inscription
dimanche 15 août 2004
Statut
Contributeur
Dernière intervention
17 août 2019
484
30 avril 2005 à 19:08
30 avril 2005 à 19:08
Salut!
oui, on s'en sort
=>http://www.commentcamarche.net/faq/484
Plus ici pour se protèger
=>http://sebsauvage.net/safehex.html
:-)
oui, on s'en sort
=>http://www.commentcamarche.net/faq/484
Plus ici pour se protèger
=>http://sebsauvage.net/safehex.html
:-)
ftkchester
Messages postés
52
Date d'inscription
samedi 30 avril 2005
Statut
Membre
Dernière intervention
4 mai 2005
30 avril 2005 à 19:44
30 avril 2005 à 19:44
ok merci. mais j'ai vu un autre pose http://www.commentcamarche.net/forum/affich-1336043-spyware-SLIMSHIELD ou gérard explique bien. je fais ca mais lorsque je redémare le pc, toutes les keys ke j'ai changer redévienne comme avant. Comment y faut faire ,
salut
telecharge hijackthis:
http://www.merijn.org/files/hijackthis.zip
Dezippe le dans un dossier prévu a cet effet.
Par exemple C:\hijack
et surtout pas dans un dossier temporaire (temp)
lance le puis:
clic sur "do a system scan and save logfile" et pas autre chose
fais un copier coller du log entier ici.
http://assiste.free.fr/p/internet_utilitaires/hijackthis_faire_un_log.php
a+
telecharge hijackthis:
http://www.merijn.org/files/hijackthis.zip
Dezippe le dans un dossier prévu a cet effet.
Par exemple C:\hijack
et surtout pas dans un dossier temporaire (temp)
lance le puis:
clic sur "do a system scan and save logfile" et pas autre chose
fais un copier coller du log entier ici.
http://assiste.free.fr/p/internet_utilitaires/hijackthis_faire_un_log.php
a+
ftkchester
Messages postés
52
Date d'inscription
samedi 30 avril 2005
Statut
Membre
Dernière intervention
4 mai 2005
30 avril 2005 à 20:04
30 avril 2005 à 20:04
ouaip merci , mas j'aimerais savoir pourquoi quand je change les valeurs dans le regedit, et que j'y retourne ,e elles sont derevenu comme avant
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
parce que le trojan est toujours là
redemarre ton pc et poste un log hijack
a+
redemarre ton pc et poste un log hijack
a+
ftkchester
Messages postés
52
Date d'inscription
samedi 30 avril 2005
Statut
Membre
Dernière intervention
4 mai 2005
30 avril 2005 à 20:16
30 avril 2005 à 20:16
Logfile of HijackThis v1.99.1
Scan saved at 20:14:02, on 30/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Ahead\NeroNET\NeroNET.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mfcyv32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\WINDOWS\system32\syseb32.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\temp\salm.exe
C:\WINDOWS\System32\Rhc.exe
C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 1 pour framxpro.zip\FreeRAM XP Pro 1.40.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\vxh8jkdq6.exe
C:\WINDOWS\System32\8591.exe
C:\WINDOWS\System32\vxh8jkdq7.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DENISD~1\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D499E362-734F-CEC4-2D6B-48286CEBB4B1} - C:\WINDOWS\system32\apiyv32.dll
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [PROXY PHONE MEOW ERROR] C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONE\01software.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ltsqon] c:\windows\system32\ltsqon.exe
O4 - HKLM\..\Run: [syseb32.exe] C:\WINDOWS\system32\syseb32.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.3.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroNETTrayIcon] C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [mswspl] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [kxmdir] C:\WINDOWS\System32\ltsqon.exe
O4 - HKLM\..\Run: [Killer.MAX] C:\PROGRA~1\Killer.MAX\KILLER~1.EXE
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Program Files\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [2 Stupid Find Proc] C:\Documents and Settings\All Users\Application Data\AmokScr2Stupid\BoldAce.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe
O4 - HKLM\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe
O4 - HKLM\..\RunOnce: [mfcyv32.exe] C:\WINDOWS\system32\mfcyv32.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 1 pour framxpro.zip\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Bore Funk] C:\DOCUME~1\DENISD~1\APPLIC~1\DRIVEL~1\MOVESIZESITE.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Uurc] C:\Documents and Settings\Denis de MAROUSSEM\Application Data\y?if.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Rmtt] C:\Documents and Settings\Denis de MAROUSSEM\Application Data\t?ps.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\8591.exe
O4 - HKCU\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe
O4 - HKCU\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - DefaultPrefix: http://web.all-find.org/best.php?url=
O13 - WWW Prefix: http://web.all-find.org/best.php?url=
O13 - Home Prefix: http://web.all-find.org/best.php?url=
O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.vxiframe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.vxiframe.biz (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 66.197.161.149
O15 - Trusted IP range: 66.197.161.149 (HKLM)
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_sky.exe
O16 - DPF: {0D9590E8-D4E9-4822-954B-784CDAF94F2D} (vdiewer control) - http://www.tunacash.com/build/adultViewerCab02.cab
O16 - DPF: {11311111-1551-1661-1771-000000000000} - http://www.all-find.org/mih2/web.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c420.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/2dc080c0/enter.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} - http://neo-toolbar.com/Inst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR_XP.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://labo.nomatica.com/XUpload.ocx
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/FR175_116.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/es/activex_300_es.exe
O18 - Protocol: bw+0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Network Security Service (NSS) ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\sysgc32.exe (file missing)
Scan saved at 20:14:02, on 30/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Ahead\NeroNET\NeroNET.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mfcyv32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\WINDOWS\system32\syseb32.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\temp\salm.exe
C:\WINDOWS\System32\Rhc.exe
C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 1 pour framxpro.zip\FreeRAM XP Pro 1.40.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\vxh8jkdq6.exe
C:\WINDOWS\System32\8591.exe
C:\WINDOWS\System32\vxh8jkdq7.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DENISD~1\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D499E362-734F-CEC4-2D6B-48286CEBB4B1} - C:\WINDOWS\system32\apiyv32.dll
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [PROXY PHONE MEOW ERROR] C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONE\01software.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ltsqon] c:\windows\system32\ltsqon.exe
O4 - HKLM\..\Run: [syseb32.exe] C:\WINDOWS\system32\syseb32.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.3.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroNETTrayIcon] C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [mswspl] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [kxmdir] C:\WINDOWS\System32\ltsqon.exe
O4 - HKLM\..\Run: [Killer.MAX] C:\PROGRA~1\Killer.MAX\KILLER~1.EXE
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Program Files\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [2 Stupid Find Proc] C:\Documents and Settings\All Users\Application Data\AmokScr2Stupid\BoldAce.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe
O4 - HKLM\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe
O4 - HKLM\..\RunOnce: [mfcyv32.exe] C:\WINDOWS\system32\mfcyv32.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 1 pour framxpro.zip\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Bore Funk] C:\DOCUME~1\DENISD~1\APPLIC~1\DRIVEL~1\MOVESIZESITE.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Uurc] C:\Documents and Settings\Denis de MAROUSSEM\Application Data\y?if.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Rmtt] C:\Documents and Settings\Denis de MAROUSSEM\Application Data\t?ps.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\8591.exe
O4 - HKCU\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe
O4 - HKCU\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - DefaultPrefix: http://web.all-find.org/best.php?url=
O13 - WWW Prefix: http://web.all-find.org/best.php?url=
O13 - Home Prefix: http://web.all-find.org/best.php?url=
O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.vxiframe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.vxiframe.biz (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 66.197.161.149
O15 - Trusted IP range: 66.197.161.149 (HKLM)
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_sky.exe
O16 - DPF: {0D9590E8-D4E9-4822-954B-784CDAF94F2D} (vdiewer control) - http://www.tunacash.com/build/adultViewerCab02.cab
O16 - DPF: {11311111-1551-1661-1771-000000000000} - http://www.all-find.org/mih2/web.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c420.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/2dc080c0/enter.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} - http://neo-toolbar.com/Inst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR_XP.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://labo.nomatica.com/XUpload.ocx
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/FR175_116.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/es/activex_300_es.exe
O18 - Protocol: bw+0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Network Security Service (NSS) ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\sysgc32.exe (file missing)
laisse moi quelques minute pour verifier le log
mais apparement tu as pas mal de trucs à virer (vers spys trojans)
a tout de suite
mais apparement tu as pas mal de trucs à virer (vers spys trojans)
a tout de suite
ftkchester
Messages postés
52
Date d'inscription
samedi 30 avril 2005
Statut
Membre
Dernière intervention
4 mai 2005
30 avril 2005 à 20:35
30 avril 2005 à 20:35
okok
ftkchester
Messages postés
52
Date d'inscription
samedi 30 avril 2005
Statut
Membre
Dernière intervention
4 mai 2005
30 avril 2005 à 20:54
30 avril 2005 à 20:54
ya quelqu'un ^^ ?
salut
Télécharge ces logiciels et mets les à jours(important):
- CWShredder:
http://cwshredder.net/bin/CWShredder.exe
- Ad-aware:
http://www.lavasoftusa.com/french/support/download/
l'aide:
http://www.ordi-netfr.org/tutorialadaware.php
le patch francais est ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
une fois installé, tu choisis la langue dans les parametres d'ad-aware.
clic sur l'engrenage puis sur interface choisis french et clic sur proceed pour valider
mettre à jours avant de l'utiliser.
ce fichier reg:
http://pageperso.aol.fr/Balltrap34/Background.zip
dezippe le sur ton bureau mais ne l'utilise pas encore
Vide le cache d'Internet Explorer et supprime les cookies:
* Panneau de configuration >> Options internet >> Onglet "Général"
- Clic sur [supprimer les cookies]
- Clic sur [Supprimer les fichiers] en cochant la case "Supprimer tout le contenu hors connexion"
Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
Cocher " afficher les fichiers et dossiers cachés "
Décocher " masquer les extentions des fichiers dont le type est connu
Décocher " masquer les fichiers protégés du système"
Valide
Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
(accepte le redemarrage).
Redémarre en mode sans échec
Laisse passer l'écran du bios, puis tapote sur la touche F8.
Choisis le mode sans échec dans les options et valide avec entrée.
---------------------------------------------
Dans le menu Demarrer>Executer >tape: Services.msc
recherche le service avec cette orthographe exacte:
Network Security Service
Double clic dessus et clic sur [arreter] puis dans :
type de demarrage --> sélectionne désactivé.
Lance hijackthis et Fixe:
cocher la case au début des lignes suivantes:
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DENISD~1\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: (no name) - {D499E362-734F-CEC4-2D6B-48286CEBB4B1} - C:\WINDOWS\system32\apiyv32.dll
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
O4 - HKLM\..\Run: [ltsqon] c:\windows\system32\ltsqon.exe
O4 - HKLM\..\Run: [syseb32.exe] C:\WINDOWS\system32\syseb32.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.3.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [kxmdir] C:\WINDOWS\System32\ltsqon.exe
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Program Files\EnergyPlugIn\EnergyPlugin.exe <- tu connais ce prog ?
O4 - HKLM\..\Run: [2 Stupid Find Proc] C:\Documents and Settings\All Users\Application Data\AmokScr2Stupid\BoldAce.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe
O4 - HKLM\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe
O4 - HKLM\..\RunOnce: [mfcyv32.exe] C:\WINDOWS\system32\mfcyv32.exe
O4 - HKCU\..\Run: [Bore Funk] C:\DOCUME~1\DENISD~1\APPLIC~1\DRIVEL~1\MOVESIZESITE.exe
O4 - HKCU\..\Run: [Uurc] C:\Documents and Settings\Denis de MAROUSSEM\Application Data\y?if.exe
O4 - HKCU\..\Run: [Rmtt] C:\Documents and Settings\Denis de MAROUSSEM\Application Data\t?ps.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\8591.exe
O4 - HKCU\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe
O4 - HKCU\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe
O13 - DefaultPrefix: http://web.all-find.org/best.php?url=
O13 - WWW Prefix: http://web.all-find.org/best.php?url=
O13 - Home Prefix: http://web.all-find.org/best.php?url=
O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.vxiframe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.vxiframe.biz (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 66.197.161.149
O15 - Trusted IP range: 66.197.161.149 (HKLM)
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_sky.exe
O16 - DPF: {0D9590E8-D4E9-4822-954B-784CDAF94F2D} (vdiewer control) - http://www.tunacash.com/build/adultViewerCab02.cab
O16 - DPF: {11311111-1551-1661-1771-000000000000} - http://www.all-find.org/mih2/web.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c420.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/2dc080c0/enter.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} - http://neo-toolbar.com/Inst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR_XP.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://labo.nomatica.com/XUpload.ocx
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/FR175_116.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/es/activex_300_es.exe
O23 - Service: Network Security Service (NSS) ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\sysgc32.exe (file missing)
valider avec [fix checked]
Rechercher et supprimer si présent:
Dans le cas ou tu utiliserais la fonction Rechercher:
Assure toi que dans:
Tous les fichiers et tous les dossiers >> Options avancées
• Rechercher dans les dossiers systemes <- DOIT ETRE COCHE !
• Rechercher dans les fichiers et les dossiers cachés <- DOIT ETRE COCHE !
• Rechercher dans les sous-dossiers <- DOIT ETRE COCHE !
C:\destop
C:\WINDOWS\popup.html.
C:\WINDOWS\desktop.html
C:\temp\salm.exe
C:\WINDOWS\system32\apiyv32.dll
C:\WINDOWS\sysgc32.exe
C:\WINDOWS\system32\tibs3.exe
C:\WINDOWS\system32\mfcyv32.exe
C:\WINDOWS\system32\syseb32.exe
C:\WINDOWS\System32\kernels32.exe
C:\WINDOWS\System32\vxh8jkdq6.exe
C:\WINDOWS\System32\8591.exe
C:\WINDOWS\System32\vxh8jkdq7.exe
C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE
c:\windows\system32\ltsqon.exe
C:\WINDOWS\System32\Rhc.exe
C:\WINDOWS\System32\Qdr.exe
C:\Documents and Settings\Denis de MAROUSSEM\Application Data\t?ps.exe
C:\Documents and Settings\Denis de MAROUSSEM\Application Data\y?if.exe
p2esocks_1012.dll
supprime ces dossiers:
C:\Documents and Settings\Denis de MAROUSSEM\Application Data\DRIVEL
C:\Documents and Settings\All Users\Application Data\AmokScr2Stupid
C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONE
C:\Program Files\Admanager Controller
C:\Program Files\Hotbar
C:\Program Files\Media Access
--------------------
Supprimer les fichiers temporaires:
* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Temp
* C:\Windows\Temp
vider tout le contenu des dossiers en gras.
Le contenu du dossier prefetch:
* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini
* Ne pas oublier de vider la corbeille !
-------------------
puis lance cwshredder(clic sur fix)
lance ad-aware et supprime tout ce qu'il trouve
Redemarre normalement, et double clic sur Background.reg (tu devrais de nouveau pouvoir changer de wallpaper, retrouver le clic droit,)
il devrait faire effet de suite sinon redemarre.
et ensuite fais un scan AV ici:
http://www.ravantivirus.com/scan/
Clic sur "To continue without subscribing click here"
Lorsque "Ready" est affiché dans "status", clic sur "Scan my PC".
A la fin de l'analyse, copier/coller le rapport ici + un nouveau rapport hijackthis
a+
Télécharge ces logiciels et mets les à jours(important):
- CWShredder:
http://cwshredder.net/bin/CWShredder.exe
- Ad-aware:
http://www.lavasoftusa.com/french/support/download/
l'aide:
http://www.ordi-netfr.org/tutorialadaware.php
le patch francais est ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
une fois installé, tu choisis la langue dans les parametres d'ad-aware.
clic sur l'engrenage puis sur interface choisis french et clic sur proceed pour valider
mettre à jours avant de l'utiliser.
ce fichier reg:
http://pageperso.aol.fr/Balltrap34/Background.zip
dezippe le sur ton bureau mais ne l'utilise pas encore
Vide le cache d'Internet Explorer et supprime les cookies:
* Panneau de configuration >> Options internet >> Onglet "Général"
- Clic sur [supprimer les cookies]
- Clic sur [Supprimer les fichiers] en cochant la case "Supprimer tout le contenu hors connexion"
Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
Cocher " afficher les fichiers et dossiers cachés "
Décocher " masquer les extentions des fichiers dont le type est connu
Décocher " masquer les fichiers protégés du système"
Valide
Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
(accepte le redemarrage).
Redémarre en mode sans échec
Laisse passer l'écran du bios, puis tapote sur la touche F8.
Choisis le mode sans échec dans les options et valide avec entrée.
---------------------------------------------
Dans le menu Demarrer>Executer >tape: Services.msc
recherche le service avec cette orthographe exacte:
Network Security Service
Double clic dessus et clic sur [arreter] puis dans :
type de demarrage --> sélectionne désactivé.
Lance hijackthis et Fixe:
cocher la case au début des lignes suivantes:
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DENISD~1\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: (no name) - {D499E362-734F-CEC4-2D6B-48286CEBB4B1} - C:\WINDOWS\system32\apiyv32.dll
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
O4 - HKLM\..\Run: [ltsqon] c:\windows\system32\ltsqon.exe
O4 - HKLM\..\Run: [syseb32.exe] C:\WINDOWS\system32\syseb32.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.3.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [kxmdir] C:\WINDOWS\System32\ltsqon.exe
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Program Files\EnergyPlugIn\EnergyPlugin.exe <- tu connais ce prog ?
O4 - HKLM\..\Run: [2 Stupid Find Proc] C:\Documents and Settings\All Users\Application Data\AmokScr2Stupid\BoldAce.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe
O4 - HKLM\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe
O4 - HKLM\..\RunOnce: [mfcyv32.exe] C:\WINDOWS\system32\mfcyv32.exe
O4 - HKCU\..\Run: [Bore Funk] C:\DOCUME~1\DENISD~1\APPLIC~1\DRIVEL~1\MOVESIZESITE.exe
O4 - HKCU\..\Run: [Uurc] C:\Documents and Settings\Denis de MAROUSSEM\Application Data\y?if.exe
O4 - HKCU\..\Run: [Rmtt] C:\Documents and Settings\Denis de MAROUSSEM\Application Data\t?ps.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess
O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\8591.exe
O4 - HKCU\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe
O4 - HKCU\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe
O13 - DefaultPrefix: http://web.all-find.org/best.php?url=
O13 - WWW Prefix: http://web.all-find.org/best.php?url=
O13 - Home Prefix: http://web.all-find.org/best.php?url=
O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.vxiframe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.vxiframe.biz (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 66.197.161.149
O15 - Trusted IP range: 66.197.161.149 (HKLM)
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_sky.exe
O16 - DPF: {0D9590E8-D4E9-4822-954B-784CDAF94F2D} (vdiewer control) - http://www.tunacash.com/build/adultViewerCab02.cab
O16 - DPF: {11311111-1551-1661-1771-000000000000} - http://www.all-find.org/mih2/web.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c420.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/2dc080c0/enter.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} - http://neo-toolbar.com/Inst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR_XP.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://labo.nomatica.com/XUpload.ocx
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/FR175_116.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/es/activex_300_es.exe
O23 - Service: Network Security Service (NSS) ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\sysgc32.exe (file missing)
valider avec [fix checked]
Rechercher et supprimer si présent:
Dans le cas ou tu utiliserais la fonction Rechercher:
Assure toi que dans:
Tous les fichiers et tous les dossiers >> Options avancées
• Rechercher dans les dossiers systemes <- DOIT ETRE COCHE !
• Rechercher dans les fichiers et les dossiers cachés <- DOIT ETRE COCHE !
• Rechercher dans les sous-dossiers <- DOIT ETRE COCHE !
C:\destop
C:\WINDOWS\popup.html.
C:\WINDOWS\desktop.html
C:\temp\salm.exe
C:\WINDOWS\system32\apiyv32.dll
C:\WINDOWS\sysgc32.exe
C:\WINDOWS\system32\tibs3.exe
C:\WINDOWS\system32\mfcyv32.exe
C:\WINDOWS\system32\syseb32.exe
C:\WINDOWS\System32\kernels32.exe
C:\WINDOWS\System32\vxh8jkdq6.exe
C:\WINDOWS\System32\8591.exe
C:\WINDOWS\System32\vxh8jkdq7.exe
C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE
c:\windows\system32\ltsqon.exe
C:\WINDOWS\System32\Rhc.exe
C:\WINDOWS\System32\Qdr.exe
C:\Documents and Settings\Denis de MAROUSSEM\Application Data\t?ps.exe
C:\Documents and Settings\Denis de MAROUSSEM\Application Data\y?if.exe
p2esocks_1012.dll
supprime ces dossiers:
C:\Documents and Settings\Denis de MAROUSSEM\Application Data\DRIVEL
C:\Documents and Settings\All Users\Application Data\AmokScr2Stupid
C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONE
C:\Program Files\Admanager Controller
C:\Program Files\Hotbar
C:\Program Files\Media Access
--------------------
Supprimer les fichiers temporaires:
* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Temp
* C:\Windows\Temp
vider tout le contenu des dossiers en gras.
Le contenu du dossier prefetch:
* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini
* Ne pas oublier de vider la corbeille !
-------------------
puis lance cwshredder(clic sur fix)
lance ad-aware et supprime tout ce qu'il trouve
Redemarre normalement, et double clic sur Background.reg (tu devrais de nouveau pouvoir changer de wallpaper, retrouver le clic droit,)
il devrait faire effet de suite sinon redemarre.
et ensuite fais un scan AV ici:
http://www.ravantivirus.com/scan/
Clic sur "To continue without subscribing click here"
Lorsque "Ready" est affiché dans "status", clic sur "Scan my PC".
A la fin de l'analyse, copier/coller le rapport ici + un nouveau rapport hijackthis
a+
ftkchester
Messages postés
52
Date d'inscription
samedi 30 avril 2005
Statut
Membre
Dernière intervention
4 mai 2005
30 avril 2005 à 21:01
30 avril 2005 à 21:01
a bon j'ai du boulot alors . Merci beaucoup . je fais toutes ces manip et je te tiens au courant :)
ftkchester
Messages postés
52
Date d'inscription
samedi 30 avril 2005
Statut
Membre
Dernière intervention
4 mai 2005
1 mai 2005 à 11:38
1 mai 2005 à 11:38
salut moe !
Alors voila : j'ai réussi a faire la plupart des manip mais pas toutes. En effet, j'ai pas trouver certains dossier a supprimer. Ensuite,je n'ai pas bien compri ce qu'il fallait faire des fichiers temps (faut-il les supprimer et vider les dossier en gras du dernier temps ? ). Enfin je n'ai réussi a supprimer des .exe que je ne pouvais pas supprimer avant, que lorsque j'ai redémarer le pc (ex : C:\WINDOWS\System32\vxh8jkdq6.exe et C:\WINDOWS\System32\vxh8jkdq7.exe ). Ensuite, certaine ligne a cocher dans hijackthis ni étaient pas . Pour finir, sur cet ordi, le spyware me bloquent l'acces internet ,et je ne peux donc pas faire les mises a jours de ad aware, et cwshredder...
que dois-je faire ?
en tout cas merci pourr ton aide :D
ps : je n'ai pasnon plus trouver le background.reg
Alors voila : j'ai réussi a faire la plupart des manip mais pas toutes. En effet, j'ai pas trouver certains dossier a supprimer. Ensuite,je n'ai pas bien compri ce qu'il fallait faire des fichiers temps (faut-il les supprimer et vider les dossier en gras du dernier temps ? ). Enfin je n'ai réussi a supprimer des .exe que je ne pouvais pas supprimer avant, que lorsque j'ai redémarer le pc (ex : C:\WINDOWS\System32\vxh8jkdq6.exe et C:\WINDOWS\System32\vxh8jkdq7.exe ). Ensuite, certaine ligne a cocher dans hijackthis ni étaient pas . Pour finir, sur cet ordi, le spyware me bloquent l'acces internet ,et je ne peux donc pas faire les mises a jours de ad aware, et cwshredder...
que dois-je faire ?
en tout cas merci pourr ton aide :D
ps : je n'ai pasnon plus trouver le background.reg
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
1 mai 2005 à 11:44
1 mai 2005 à 11:44
salut
tu dit que tu na pas acces a internet comment vient tu ici
er refait un hijack stp
tu dit que tu na pas acces a internet comment vient tu ici
er refait un hijack stp
ftkchester
Messages postés
52
Date d'inscription
samedi 30 avril 2005
Statut
Membre
Dernière intervention
4 mai 2005
1 mai 2005 à 11:50
1 mai 2005 à 11:50
salut :) . alors en faite j'ai un petit réseau de 3 pc chez moi ... sur l'ordinateur qui ne marche pas ( portable) le connexion avec les autres pc marche pour le partage de fichier de temps en temps . Donc je peux transférer le résultat. Sinon hop une disquette , et le petit fichier blocnote desssus et tout va bien :)
ftkchester
Messages postés
52
Date d'inscription
samedi 30 avril 2005
Statut
Membre
Dernière intervention
4 mai 2005
1 mai 2005 à 11:57
1 mai 2005 à 11:57
Logfile of HijackThis v1.99.1
Scan saved at 11:55:01, on 01/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\NeroNET\NeroNET.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\Eso.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [PROXY PHONE MEOW ERROR] C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONE\01software.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroNETTrayIcon] C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [mswspl] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Nfh] C:\WINDOWS\Eso.exe
O4 - HKLM\..\Run: [Ffh] C:\WINDOWS\System32\Iod.exe
O4 - HKLM\..\Run: [Sfb] C:\WINDOWS\System32\Sac.exe
O4 - HKLM\..\Run: [Vmq] C:\WINDOWS\Ptn.exe
O4 - HKLM\..\Run: [Mff] C:\WINDOWS\Nmr.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 1 pour framxpro.zip\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Mff] C:\WINDOWS\Nmr.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - DefaultPrefix: http://web.all-find.org/best.php?url=
O13 - WWW Prefix: http://web.all-find.org/best.php?url=
O13 - Home Prefix: http://web.all-find.org/best.php?url=
O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted IP range: 66.197.161.149
O15 - Trusted IP range: 66.197.161.149 (HKLM)
O18 - Protocol: bw+0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
j'ai limpression qu'il y a les meme problemes :(
Scan saved at 11:55:01, on 01/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\NeroNET\NeroNET.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\Eso.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
O1 - Hosts: auto.search.msn.com 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [PROXY PHONE MEOW ERROR] C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONE\01software.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroNETTrayIcon] C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [mswspl] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [Nfh] C:\WINDOWS\Eso.exe
O4 - HKLM\..\Run: [Ffh] C:\WINDOWS\System32\Iod.exe
O4 - HKLM\..\Run: [Sfb] C:\WINDOWS\System32\Sac.exe
O4 - HKLM\..\Run: [Vmq] C:\WINDOWS\Ptn.exe
O4 - HKLM\..\Run: [Mff] C:\WINDOWS\Nmr.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 1 pour framxpro.zip\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Mff] C:\WINDOWS\Nmr.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - DefaultPrefix: http://web.all-find.org/best.php?url=
O13 - WWW Prefix: http://web.all-find.org/best.php?url=
O13 - Home Prefix: http://web.all-find.org/best.php?url=
O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted IP range: 66.197.161.149
O15 - Trusted IP range: 66.197.161.149 (HKLM)
O18 - Protocol: bw+0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
j'ai limpression qu'il y a les meme problemes :(
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
1 mai 2005 à 12:14
1 mai 2005 à 12:14
salut
regarde dans ajout suppr de prog si tu trouve ceci et desinstal
[Spyware Vanisher]
imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore
adaware (1)
spyboot (2)
(ici) http://www.florensac-chasse-trap.com/ section virus
et aussi ceci
CleanUp312.exe (3)
et encore ceci
About:Buster.
Tu le télécharges sur :
http://www.majorgeeks.com/download4289.html
clik "Check for updates".
telecharge les mises a jour
referme le
ont l utiliseras plus tard
----------------
demarre en mode sans echec
mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
-------------------------
desactive ta restauration systeme
pour ça tu fais clic droit sur poste de travail
propriété tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------
assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
----------------------
vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
--------------------
relance hijack coche ces lignes et ensuite clik sur fix
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
O1 - Hosts: auto.search.msn.com 127.0.0.1
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [mswspl] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ffh] C:\WINDOWS\System32\Iod.exe
O4 - HKLM\..\Run: [Sfb] C:\WINDOWS\System32\Sac.exe
O4 - HKLM\..\Run: [Vmq] C:\WINDOWS\Ptn.exe
O4 - HKLM\..\Run: [Mff] C:\WINDOWS\Nmr.exe
O4 - HKCU\..\Run: [Mff] C:\WINDOWS\Nmr.exe
O13 - DefaultPrefix: http://web.all-find.org/best.php?url=
O13 - WWW Prefix: http://web.all-find.org/best.php?url=
O13 - Home Prefix: http://web.all-find.org/best.php?url=
O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted IP range: 66.197.161.149
O15 - Trusted IP range: 66.197.161.149 (HKLM)
----------------------
recherche et suppr ceci
attention seulement les fichiers
C:\WINDOWS\Nmr.exe
C:\WINDOWS\Ptn.exe
C:\WINDOWS\System32\Sac.exe
C:\WINDOWS\System32\Iod.exe
---------------
passe deux fois de suite about buster
--------------
passe adaware et vire tous se qu il trouve
----------
passe spy boot et vire tous se qu il trouvent
-------------
tu vide ta poubelle et tu redemarre en mode normal et refait un hijack
et precise ou en sont tes soucis
--
regarde dans ajout suppr de prog si tu trouve ceci et desinstal
[Spyware Vanisher]
imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
-------------------------
tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore
adaware (1)
spyboot (2)
(ici) http://www.florensac-chasse-trap.com/ section virus
et aussi ceci
CleanUp312.exe (3)
et encore ceci
About:Buster.
Tu le télécharges sur :
http://www.majorgeeks.com/download4289.html
clik "Check for updates".
telecharge les mises a jour
referme le
ont l utiliseras plus tard
----------------
demarre en mode sans echec
mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
-------------------------
desactive ta restauration systeme
pour ça tu fais clic droit sur poste de travail
propriété tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
------------
assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
----------------------
vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
http://pageperso.aol.fr/Balltrap34/CleanUp312.exe
--------------------
relance hijack coche ces lignes et ensuite clik sur fix
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org
O1 - Hosts: auto.search.msn.com 127.0.0.1
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [mswspl] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ffh] C:\WINDOWS\System32\Iod.exe
O4 - HKLM\..\Run: [Sfb] C:\WINDOWS\System32\Sac.exe
O4 - HKLM\..\Run: [Vmq] C:\WINDOWS\Ptn.exe
O4 - HKLM\..\Run: [Mff] C:\WINDOWS\Nmr.exe
O4 - HKCU\..\Run: [Mff] C:\WINDOWS\Nmr.exe
O13 - DefaultPrefix: http://web.all-find.org/best.php?url=
O13 - WWW Prefix: http://web.all-find.org/best.php?url=
O13 - Home Prefix: http://web.all-find.org/best.php?url=
O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted IP range: 66.197.161.149
O15 - Trusted IP range: 66.197.161.149 (HKLM)
----------------------
recherche et suppr ceci
attention seulement les fichiers
C:\WINDOWS\Nmr.exe
C:\WINDOWS\Ptn.exe
C:\WINDOWS\System32\Sac.exe
C:\WINDOWS\System32\Iod.exe
---------------
passe deux fois de suite about buster
--------------
passe adaware et vire tous se qu il trouve
----------
passe spy boot et vire tous se qu il trouvent
-------------
tu vide ta poubelle et tu redemarre en mode normal et refait un hijack
et precise ou en sont tes soucis
--
ftkchester
Messages postés
52
Date d'inscription
samedi 30 avril 2005
Statut
Membre
Dernière intervention
4 mai 2005
1 mai 2005 à 12:25
1 mai 2005 à 12:25
salut, voila j'ai tout fait, mais ya encore un pb : je peux faire clique droit, changer de wallpaper, mais je ne retrouve pas mes icones de bureau , je devrais normalement les changer la :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.
Attention au cas particulier %USERPROFILE%\Bureau
keske veut dire %USERPROFILE%\Bureau
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.
Attention au cas particulier %USERPROFILE%\Bureau
keske veut dire %USERPROFILE%\Bureau
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
1 mai 2005 à 12:36
1 mai 2005 à 12:36
re
utilse ceci pour tous retrouver
pour remettre bureau en etat
http://pageperso.aol.fr/Balltrap34/Background.zip
double clik dessus et confirme
ensuite tu redemarre
utilse ceci pour tous retrouver
pour remettre bureau en etat
http://pageperso.aol.fr/Balltrap34/Background.zip
double clik dessus et confirme
ensuite tu redemarre
ftkchester
Messages postés
52
Date d'inscription
samedi 30 avril 2005
Statut
Membre
Dernière intervention
4 mai 2005
1 mai 2005 à 12:39
1 mai 2005 à 12:39
ouaip c'est ce que j'ai fait, mais seulement le clique droit et le wallpaper reviennent...
lorsque je change HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.
Attention au cas particulier %USERPROFILE%\Bureau , celui revient comme avant, avec le desktop ki est redirigé vers c:\desktop
lorsque je change HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.
Attention au cas particulier %USERPROFILE%\Bureau , celui revient comme avant, avec le desktop ki est redirigé vers c:\desktop
balltrap34
Messages postés
16240
Date d'inscription
jeudi 8 janvier 2004
Statut
Contributeur sécurité
Dernière intervention
28 novembre 2009
331
1 mai 2005 à 12:41
1 mai 2005 à 12:41
pourquoi fait tu cela il faut juste utiliser le prog redemarrer et ensuite dans les proprietre du bureau tu remet ton fond