danger : soyware

Question

salut tout le monde. alors voila, j'ai un pitit probleme de virus. Je suppose que tout le monde le connait : DANGER : SPYWARE. C'est la page rouge qui se met en fond d'écran avec un ti carré noir au mileu et marker plein de truc dedans. j'ai vu qu'il y avait beaucoup de post sur ce forum , et beaucoup, tellement qu'on si embrouille. j'ai beaucoup de facon afin de réparer ce probleme, sur différents forums , mais aucune ne paru clair et qui marchait a 100% . On ma fait toucher au registre, a desktop.htlm bref a tout. Mais y-a-t-il une solution qui marche réelement , parcque je suis toujours avec ce probleme . Merci pour toute vos rep.
Tchao :)

Afficher la suite

Fisherprice · Answer

Salut!oui, on s'en sort=>http://www.commentcamarche.net/faq/484Plus ici pour se protèger=>http://sebsauvage.net/safehex.html:-)

ftkchester · Answer

ok merci. mais j'ai vu un autre pose http://www.commentcamarche.net/forum/affich-1336043-spyware-SLIMSHIELD  ou gérard explique bien. je fais ca mais lorsque je redémare le pc, toutes les keys ke j'ai changer redévienne comme avant. Comment y faut faire ,

moe · Answer

saluttelecharge hijackthis:http://www.merijn.org/files/hijackthis.zip Dezippe le dans un dossier prévu a cet effet.Par exemple C:\hijacket surtout pas dans un dossier temporaire (temp)lance le puis:clic sur "do a system scan and save logfile" et pas autre chosefais un copier coller du log entier ici.http://assiste.free.fr/p/internet_utilitaires/hijackthis_faire_un_log.phpa+

ftkchester · Answer

ouaip merci , mas j'aimerais savoir pourquoi quand je change les valeurs dans le regedit, et que j'y retourne ,e elles sont derevenu comme avant

moe · Answer

parce que le trojan est toujours làredemarre ton pc et poste un log hijacka+

moe · Answer

laisse moi quelques minute pour verifier le logmais apparement tu as pas mal de trucs à virer (vers spys trojans)a tout de suite

ftkchester · Answer

okok

ftkchester · Answer

ya quelqu'un ^^ ?

moe · Answer

salut Télécharge ces logiciels et mets les à jours(important): - CWShredder: http://cwshredder.net/bin/CWShredder.exe - Ad-aware: http://www.lavasoftusa.com/french/support/download/ l'aide: http://www.ordi-netfr.org/tutorialadaware.php le patch francais est ici: http://download.lavasoft.de.edgesuite.net/public/pllangs.exe une fois installé, tu choisis la langue dans les parametres d'ad-aware. clic sur l'engrenage puis sur interface choisis french et clic sur proceed pour valider mettre à jours avant de l'utiliser. ce fichier reg: http://pageperso.aol.fr/Balltrap34/Background.zip dezippe le sur ton bureau mais ne l'utilise pas encore Vide le cache d'Internet Explorer et supprime les cookies: * Panneau de configuration >> Options internet >> Onglet "Général" - Clic sur [supprimer les cookies] - Clic sur [Supprimer les fichiers] en cochant la case "Supprimer tout le contenu hors connexion" Rend visible les fichiers cachés et systeme panneau de configuration > options des dossiers > onglet affichage Cocher " afficher les fichiers et dossiers cachés " Décocher " masquer les extentions des fichiers dont le type est connu Décocher " masquer les fichiers protégés du système" Valide Désactive la restauration systéme. Clic droit sur poste de travail > propriétés > onglet restauration système puis cocher "désactiver la restauration système". (accepte le redemarrage). Redémarre en mode sans échec Laisse passer l'écran du bios, puis tapote sur la touche F8. Choisis le mode sans échec dans les options et valide avec entrée. --------------------------------------------- Dans le menu Demarrer>Executer >tape: Services.msc recherche le service avec cette orthographe exacte: Network Security Service Double clic dessus et clic sur [arreter] puis dans : type de demarrage --> sélectionne désactivé. Lance hijackthis et Fixe: cocher la case au début des lignes suivantes: R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\DENISD~1\LOCALS~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe O1 - Hosts: auto.search.msn.com 127.0.0.1 O2 - BHO: (no name) - {D499E362-734F-CEC4-2D6B-48286CEBB4B1} - C:\WINDOWS\system32\apiyv32.dll O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32 ibs3.exe O4 - HKLM\..\Run: [ltsqon] c:\windows\system32\ltsqon.exe O4 - HKLM\..\Run: [syseb32.exe] C:\WINDOWS\system32\syseb32.exe O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.3.0\WeatherOnTray.exe O4 - HKLM\..\Run: [kxmdir] C:\WINDOWS\System32\ltsqon.exe O4 - HKLM\..\Run: [EnergyPlugIn] C:\Program Files\EnergyPlugIn\EnergyPlugin.exe <- tu connais ce prog ? O4 - HKLM\..\Run: [2 Stupid Find Proc] C:\Documents and Settings\All Users\Application Data\AmokScr2Stupid\BoldAce.exe O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE O4 - HKLM\..\Run: [salm] c: emp\salm.exe O4 - HKLM\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe O4 - HKLM\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe O4 - HKLM\..\RunOnce: [mfcyv32.exe] C:\WINDOWS\system32\mfcyv32.exe O4 - HKCU\..\Run: [Bore Funk] C:\DOCUME~1\DENISD~1\APPLIC~1\DRIVEL~1\MOVESIZESITE.exe O4 - HKCU\..\Run: [Uurc] C:\Documents and Settings\Denis de MAROUSSEM\Application Data\y?if.exe O4 - HKCU\..\Run: [Rmtt] C:\Documents and Settings\Denis de MAROUSSEM\Application Data ?ps.exe O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess O4 - HKCU\..\Run: [Apwheel] C:\WINDOWS\System32\8591.exe O4 - HKCU\..\Run: [Obq] C:\WINDOWS\System32\Rhc.exe O4 - HKCU\..\Run: [Sca] C:\WINDOWS\System32\Qdr.exe O13 - DefaultPrefix: http://web.all-find.org/best.php?url= O13 - WWW Prefix: http://web.all-find.org/best.php?url= O13 - Home Prefix: http://web.all-find.org/best.php?url= O13 - Mosaic Prefix: http://web.all-find.org/best.php?url= O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.vxiframe.biz O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.vxiframe.biz (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted IP range: 66.197.161.149 O15 - Trusted IP range: 66.197.161.149 (HKLM) O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_sky.exe O16 - DPF: {0D9590E8-D4E9-4822-954B-784CDAF94F2D} (vdiewer control) - http://www.tunacash.com/build/adultViewerCab02.cab O16 - DPF: {11311111-1551-1661-1771-000000000000} - http://www.all-find.org/mih2/web.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c420.cab O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/2dc080c0/enter.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A7F82252-EF7F-4E46-8595-84AE76D5FE03} - http://neo-toolbar.com/Inst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylomgames.com/activex/zylomgamesplayer.cab O16 - DPF: {DDF44FD9-749F-4761-89BB-E8A59339E459} - http://akamai.downloadv3.com/binaries/LiveService/LiveService_9_FR_XP.cab O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://labo.nomatica.com/XUpload.ocx O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/FR175_116.exe O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/es/activex_300_es.exe O23 - Service: Network Security Service (NSS) ( 6QÔõ'ª´ÆÐ8) - Unknown owner - C:\WINDOWS\sysgc32.exe (file missing) valider avec [fix checked] Rechercher et supprimer si présent: Dans le cas ou tu utiliserais la fonction Rechercher: Assure toi que dans: Tous les fichiers et tous les dossiers >> Options avancées • Rechercher dans les dossiers systemes <- DOIT ETRE COCHE ! • Rechercher dans les fichiers et les dossiers cachés <- DOIT ETRE COCHE ! • Rechercher dans les sous-dossiers <- DOIT ETRE COCHE ! C:\destop C:\WINDOWS\popup.html. C:\WINDOWS\desktop.html C: emp\salm.exe C:\WINDOWS\system32\apiyv32.dll C:\WINDOWS\sysgc32.exe C:\WINDOWS\system32 ibs3.exe C:\WINDOWS\system32\mfcyv32.exe C:\WINDOWS\system32\syseb32.exe C:\WINDOWS\System32\kernels32.exe C:\WINDOWS\System32\vxh8jkdq6.exe C:\WINDOWS\System32\8591.exe C:\WINDOWS\System32\vxh8jkdq7.exe C:\WINDOWS\System32\Services\{C2748BDF-27F9-4F4E-BCBC-935D4C2FECA9}\SVCHOST.EXE c:\windows\system32\ltsqon.exe C:\WINDOWS\System32\Rhc.exe C:\WINDOWS\System32\Qdr.exe C:\Documents and Settings\Denis de MAROUSSEM\Application Data ?ps.exe C:\Documents and Settings\Denis de MAROUSSEM\Application Data\y?if.exe p2esocks_1012.dll supprime ces dossiers: C:\Documents and Settings\Denis de MAROUSSEM\Application Data\DRIVEL C:\Documents and Settings\All Users\Application Data\AmokScr2Stupid C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONE C:\Program Files\Admanager Controller C:\Program Files\Hotbar C:\Program Files\Media Access -------------------- Supprimer les fichiers temporaires: * C:\Documents and Settings on compte\Local Settings\Temp * C:\Documents and Settings ous les autres comptes\Local Settings\Temp * C:\Temp * C:\Windows\Temp vider tout le contenu des dossiers en gras. Le contenu du dossier prefetch: * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini * Ne pas oublier de vider la corbeille ! ------------------- puis lance cwshredder(clic sur fix) lance ad-aware et supprime tout ce qu'il trouve Redemarre normalement, et double clic sur Background.reg (tu devrais de nouveau pouvoir changer de wallpaper, retrouver le clic droit,) il devrait faire effet de suite sinon redemarre. et ensuite fais un scan AV ici: http://www.ravantivirus.com/scan/ Clic sur "To continue without subscribing click here" Lorsque "Ready" est affiché dans "status", clic sur "Scan my PC". A la fin de l'analyse, copier/coller le rapport ici + un nouveau rapport hijackthis a+

ftkchester · Answer

a bon j'ai du boulot alors . Merci beaucoup . je fais toutes ces manip et je te tiens au courant :)

moe · Answer

oui, si tu savais pas quoi faire ce soir...a+

ftkchester · Answer

salut moe ! Alors voila : j'ai réussi a faire la plupart des manip mais pas toutes. En effet, j'ai pas trouver certains dossier a supprimer. Ensuite,je n'ai pas bien compri ce qu'il fallait faire des fichiers temps (faut-il les supprimer  et vider les dossier en gras du dernier temps ? ). Enfin je n'ai réussi a supprimer des .exe que je ne pouvais pas supprimer avant, que lorsque j'ai redémarer le pc (ex : C:\WINDOWS\System32\vxh8jkdq6.exe  et C:\WINDOWS\System32\vxh8jkdq7.exe ). Ensuite, certaine ligne a cocher dans hijackthis ni étaient pas . Pour finir, sur cet ordi, le spyware  me bloquent l'acces internet ,et je ne peux donc pas faire les mises a jours de ad aware, et cwshredder...que dois-je faire ?en tout cas merci pourr ton aide :Dps : je n'ai pasnon plus trouver le background.reg

balltrap34 · Answer

saluttu dit que tu na pas acces a internet comment vient tu icier refait un hijack stp

ftkchester · Answer

salut  :) . alors en faite j'ai un petit réseau de 3 pc chez moi ... sur l'ordinateur qui ne marche pas ( portable) le connexion avec les autres pc  marche pour le partage de fichier de temps en temps . Donc je peux transférer le résultat. Sinon hop une disquette , et le petit fichier blocnote desssus et tout va bien :)

ftkchester · Answer

Logfile of HijackThis v1.99.1Scan saved at 11:55:01, on 01/05/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Ahead\NeroNET\NeroNET.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exeC:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Ahead\NeroNET\NNServiceCtrl.exeC:\WINDOWS\System32\TPSBattM.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\WINDOWS\System32\00THotkey.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\WINDOWS\Eso.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.orgR1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.orgR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.orgR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.orgR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.orgR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.orgR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.orgR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.orgO1 - Hosts: auto.search.msn.com 127.0.0.1O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXEO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exeO4 - HKLM\..\Run: [PROXY PHONE MEOW ERROR] C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONE\01software.exeO4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NeroNETTrayIcon] C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [mswspl] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exeO4 - HKLM\..\Run: [Nfh] C:\WINDOWS\Eso.exeO4 - HKLM\..\Run: [Ffh] C:\WINDOWS\System32\Iod.exeO4 - HKLM\..\Run: [Sfb] C:\WINDOWS\System32\Sac.exeO4 - HKLM\..\Run: [Vmq] C:\WINDOWS\Ptn.exeO4 - HKLM\..\Run: [Mff] C:\WINDOWS\Nmr.exeO4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 1 pour framxpro.zip\FreeRAM XP Pro 1.40.exe" -winO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exeO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - HKCU\..\Run: [Mff] C:\WINDOWS\Nmr.exeO4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXTO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO13 - DefaultPrefix: http://web.all-find.org/best.php?url=O13 - WWW Prefix: http://web.all-find.org/best.php?url=O13 - Home Prefix: http://web.all-find.org/best.php?url=O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=O15 - Trusted Zone: *.frame.crazywinnings.comO15 - Trusted IP range: 66.197.161.149O15 - Trusted IP range: 66.197.161.149 (HKLM)O18 - Protocol: bw+0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exej'ai limpression qu'il y a les meme problemes :(

balltrap34 · Answer

salutregarde dans ajout suppr de prog si tu trouve ceci et desinstal [Spyware Vanisher] imprime ceci pour ne rien oublier et tous fairetous faire dans l ordre imperativement-------------------------tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encoreadaware (1)spyboot (2)       (ici)               http://www.florensac-chasse-trap.com/   section viruset aussi ceciCleanUp312.exe (3)et encore ceciAbout:Buster.  Tu le télécharges sur :   http://www.majorgeeks.com/download4289.htmlclik "Check for updates". telecharge les mises a jour referme leont l utiliseras plus tard----------------demarre en mode sans echecmode sans echec pour cela tu tapote la touche f8 des le debut de l allumage du pc sans t arreter une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5------------------------- desactive ta restauration systeme pour ça tu fais clic droit sur poste de travail propriété tu clique sur onglet restauration système tu coche la case désactiver la restauration et applique ------------ assure toi de ceci Affiche tous les fichiers et dossiers : cliquer sur démarrer/panneau de configuration/option des dossiers/affichage Cocher afficher les dossiers cacher Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" Décocher masquer les extensions dont le type est connu Puis fais «Ok» pour valider les changements. Et appliquer ----------------------vide tes fichiers temps et tempory internet file sur tous les utilisateur utilise ceci pour le faire http://pageperso.aol.fr/Balltrap34/CleanUp312.exe   --------------------relance hijack coche ces lignes et  ensuite clik sur fixR1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org O1 - Hosts: auto.search.msn.com 127.0.0.1 O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE O4 - HKLM\..\Run: [mswspl] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Ffh] C:\WINDOWS\System32\Iod.exe O4 - HKLM\..\Run: [Sfb] C:\WINDOWS\System32\Sac.exe O4 - HKLM\..\Run: [Vmq] C:\WINDOWS\Ptn.exe O4 - HKLM\..\Run: [Mff] C:\WINDOWS\Nmr.exe O4 - HKCU\..\Run: [Mff] C:\WINDOWS\Nmr.exe O13 - DefaultPrefix: http://web.all-find.org/best.php?url= O13 - WWW Prefix: http://web.all-find.org/best.php?url= O13 - Home Prefix: http://web.all-find.org/best.php?url= O13 - Mosaic Prefix: http://web.all-find.org/best.php?url= O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted IP range: 66.197.161.149 O15 - Trusted IP range: 66.197.161.149 (HKLM) ----------------------recherche et suppr ceciattention seulement les fichiers C:\WINDOWS\Nmr.exeC:\WINDOWS\Ptn.exe  C:\WINDOWS\System32\Sac.exeC:\WINDOWS\System32\Iod.exe ---------------passe deux fois de suite about buster--------------passe  adaware et vire tous se qu il trouve    ---------- passe spy boot et vire tous se qu il trouvent-------------tu vide ta poubelle et tu redemarre en mode normal et refait un hijack et precise ou en sont tes soucis--

ftkchester · Answer

salut, voila j'ai tout fait, mais ya encore un pb : je peux faire clique droit, changer de wallpaper, mais je ne retrouve pas mes icones de bureau , je devrais normalement les changer la :HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.Attention au cas particulier %USERPROFILE%\Bureau keske veut dire  %USERPROFILE%\Bureau

balltrap34 · Answer

reutilse ceci pour tous retrouverpour remettre bureau en etathttp://pageperso.aol.fr/Balltrap34/Background.zipdouble clik dessus et confirme ensuite tu redemarre

ftkchester · Answer

ouaip c'est ce que j'ai fait, mais seulement le clique droit et le wallpaper reviennent...lorsque je change HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.Attention au cas particulier %USERPROFILE%\Bureau , celui revient comme avant, avec le desktop ki est redirigé vers c:\desktop

balltrap34 · Answer

pourquoi fait tu cela il faut juste utiliser le prog redemarrer et ensuite dans les proprietre du bureau tu remet ton fond

moe · Answer

il est peut etre encore infecté..

balltrap34 · Answer

peut etre et en + il ne ma pas remis un hijack

ftkchester · Answer

ah. bon je refais hijack. j'ai utiliser ton prog balltrap et ca ma parfaitement remi  clique droit et fond décran

balltrap34 · Answer

et dit moi  si tu as encore des soucis

ftkchester · Answer

Logfile of HijackThis v1.99.1Scan saved at 12:57:25, on 01/05/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Ahead\NeroNET\NeroNET.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exeC:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Ahead\NeroNET\NNServiceCtrl.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\Eso.exeC:\WINDOWS\System32\TPSBattM.exeC:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\WINDOWSegedit.exeC:\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.orgR1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.orgR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.orgR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.orgR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.orgR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.orgR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.orgR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.orgO1 - Hosts: auto.search.msn.com 127.0.0.1O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXEO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exeO4 - HKLM\..\Run: [PROXY PHONE MEOW ERROR] C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONE\01software.exeO4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NeroNETTrayIcon] C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [mswspl] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exeO4 - HKLM\..\Run: [Nfh] C:\WINDOWS\Eso.exeO4 - HKLM\..\Run: [Ffh] C:\WINDOWS\System32\Iod.exeO4 - HKLM\..\Run: [Sfb] C:\WINDOWS\System32\Sac.exeO4 - HKLM\..\Run: [Vmq] C:\WINDOWS\Ptn.exeO4 - HKLM\..\Run: [Mff] C:\WINDOWS\Nmr.exeO4 - HKLM\..\Run: [Buu] C:\WINDOWS\Kjg.exeO4 - HKLM\..\Run: [Ugd] C:\WINDOWS\System32\Kul.exeO4 - HKLM\..\Run: [Phn] C:\WINDOWS\Uen.exeO4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 1 pour framxpro.zip\FreeRAM XP Pro 1.40.exe" -winO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exeO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - HKCU\..\Run: [Mff] C:\WINDOWS\Nmr.exeO4 - HKCU\..\Run: [Buu] C:\WINDOWS\Kjg.exeO4 - HKCU\..\Run: [Ugd] C:\WINDOWS\System32\Kul.exeO4 - HKCU\..\Run: [Phn] C:\WINDOWS\Uen.exeO4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXTO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO13 - DefaultPrefix: http://web.all-find.org/best.php?url=O13 - WWW Prefix: http://web.all-find.org/best.php?url=O13 - Home Prefix: http://web.all-find.org/best.php?url=O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=O15 - Trusted Zone: *.frame.crazywinnings.comO15 - Trusted IP range: 66.197.161.149O15 - Trusted IP range: 66.197.161.149 (HKLM)O18 - Protocol: bw+0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe j'ai l'impression que c'est toujours au meme stade !quand je vous parle de changer la key dans le registre, je fais référence au post de gérard ici : http://www.commentcamarche.net/forum/affich-1336043-spyware-SLIMSHIELD

balltrap34 · Answer

tu as bien suivi toutes la procedure que je t ai mis plus haut(mode sans echec/suppression des exe etc etc)

ftkchester · Answer

oui mais je ne peux faire les mises a jour, car je n'ai pas internet sur cet ordi

Pierre · Answer

telecharge  spysweeper (version 45j) le +efficace antispyet scanne en rpofondeur.Tu vas voir la merde et les dégats sur ton pc@+Pierre

moe · Answer

essaye en faisant ceci: Rend visible les fichiers cachés et systeme panneau de configuration > options des dossiers > onglet affichage Cocher " afficher les fichiers et dossiers cachés "Décocher " masquer les extentions des fichiers dont le type est connu Décocher " masquer les fichiers protégés du système"Valide Lance hijackthis et Fixe:cocher la case au début des lignes suivantes:R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.org R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.org R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.org R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.org O1 - Hosts: auto.search.msn.com 127.0.0.1 O4 - HKLM\..\Run: [PROXY PHONE MEOW ERROR] C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONE\01software.exe O4 - HKLM\..\Run: [Nfh] C:\WINDOWS\Eso.exe O4 - HKLM\..\Run: [Ffh] C:\WINDOWS\System32\Iod.exe O4 - HKLM\..\Run: [Sfb] C:\WINDOWS\System32\Sac.exe O4 - HKLM\..\Run: [Vmq] C:\WINDOWS\Ptn.exe O4 - HKLM\..\Run: [Mff] C:\WINDOWS\Nmr.exe O4 - HKLM\..\Run: [Buu] C:\WINDOWS\Kjg.exe O4 - HKLM\..\Run: [Ugd] C:\WINDOWS\System32\Kul.exe O4 - HKLM\..\Run: [Phn] C:\WINDOWS\Uen.exe O4 - HKCU\..\Run: [Mff] C:\WINDOWS\Nmr.exe O4 - HKCU\..\Run: [Buu] C:\WINDOWS\Kjg.exe O4 - HKCU\..\Run: [Ugd] C:\WINDOWS\System32\Kul.exe O4 - HKCU\..\Run: [Phn] C:\WINDOWS\Uen.exe valider avec [fix checked]redemarre en mode sans echecs et va dans:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runverifie s'il reste des entrées de ce type:Sfb  C:\WINDOWS\System32\Sac.exe Vmq  C:\WINDOWS\Ptn.exesi oui, tu les supprimes mais en ayant noté le chemin des fichiers pour chaques entrées.supprime:C:\Documents and Settings\All Users\Application Data\OKAY FLAG PROXY PHONEC:\WINDOWS\popup.html.C:\WINDOWS\desktop.html.C:\WINDOWS\Eso.exe C:\WINDOWS\System32\Iod.exe C:\WINDOWS\System32\Sac.exe C:\WINDOWS\Ptn.exe C:\WINDOWS\Nmr.exe C:\WINDOWS\Kjg.exe C:\WINDOWS\System32\Kul.exe C:\WINDOWS\Uen.exe C:\Desktop <- tout le dossier+ ceux que tu as notésredemarre normalement et relance background.regensuite reposte un loga+

ftkchester · Answer

je vais me tirer une ball je sens . Ya plin de petit .exe que vous me dites de supprimer, mais qui réapparaisent apres, yen a ca fai 5 fois que je les supprime :( voici le nouveau log :Logfile of HijackThis v1.99.1Scan saved at 13:39:45, on 01/05/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeC:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeC:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Ahead\NeroNET\NeroNET.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Norton AntiVirus
avapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32
vsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exeC:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\WINDOWS\System32\TPSBattM.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Ahead\NeroNET\NNServiceCtrl.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\WINDOWS\System32\00THotkey.exeC:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.all-find.orgR1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.orgR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.orgR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.all-find.orgR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://web.all-find.orgR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.orgR1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.orgR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://web.all-find.orgR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.all-find.orgO1 - Hosts: auto.search.msn.com 127.0.0.1O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exeO4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [TPSMain] TPSMain.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [NeroNETTrayIcon] C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exeO4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Denis de MAROUSSEM\Local Settings\Temp\Répertoire temporaire 1 pour framxpro.zip\FreeRAM XP Pro 1.40.exe" -winO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exeO4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exeO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXTO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXEO13 - DefaultPrefix: http://web.all-find.org/best.php?url=O13 - WWW Prefix: http://web.all-find.org/best.php?url=O13 - Home Prefix: http://web.all-find.org/best.php?url=O13 - Mosaic Prefix: http://web.all-find.org/best.php?url=O15 - Trusted Zone: *.frame.crazywinnings.comO15 - Trusted IP range: 66.197.161.149O15 - Trusted IP range: 66.197.161.149 (HKLM)O18 - Protocol: bw+0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: offline-8876480 - {179A6525-E825-403E-B1A1-84988532DD35} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus
avapsvc.exeO23 - Service: NeroNET - Ahead Software AG - C:\Program Files\Ahead\NeroNET\NeroNET.exeO23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exevous voyez ya encore des lignes R1 R0 ... lorsque je scan directement apres avoir fait fix, elles n'y sont plus, lorsque je hijackthis elles réapparaissent

ftkchester · Answer

a oui aussi , lorsque je vais dans HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.
avant j'avais pour desktop c:\desktop, maintenant j'ai c:\documents and settings\mon nom\desktop , je ne devrais pa avoir plutot c:\documents and settings\mon nom\bureau ?

moe · Answer

est ce que tout est normal au niveau du bureau ?

ftkchester · Answer

hé bien non . Depuis que j'ai fait des manip, j'ai retrouver des icones qui ni étaient plus : norton et acrobat. Mais toutes les icones normalement présentes n'y sont pas , mais ce trouvent dans c:\documents and settings\...\bureau. j'ai donc changer la key du registre et redémarer, mais rien a faire ellles ne reviennents pas.

moe · Answer

reessaye de modifier HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

en mettant

C:\Documents and Settings\ton nom\Bureau

fais attention de respecter les espaces et les majuscules et minuscules.

ftkchester · Answer

ouais, alors j'ai vérifier un truc, lorsque je met mes icones du dossier bureau dans desktop, elles se retrouvent enfin sur mon bureau. Mais lorsque je fais clique droit , nouveau dossier, il faut que j'aille chercher le dossier dans : c:\documents and settings..\desktop. Je ne peux pas mettre c:\documents ...\Bureau , car il change quelque seconde apres et revients a desktop. Je pense que je suis encore infecté, car aparement ce virus bloque l'acces a internet ,et je ne peux me connecter au réseau avec cet ordi

ftkchester · Answer

je pense que le poste de gérard peut m'aider , mais je ne sais pas a quoi il fait allusion quand il dit : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders.
Attention au cas particulier %USERPROFILE%\Bureau

http://www.commentcamarche.net/forum/affich-1336043-spyware-SLIMSHIELD

j'avais marquer %USERPROFILE%/Bureau tout a l'heure , donc je pense que c'est mon cas.

moe · Answer

va sur
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

dans la fenetre de droite double clic sur desktop
mais ceci comme valeur >%USERPROFILE%\Bureau

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur User shell folders
dans la fenetre de droite double clic sur Desktop

à la place mettre comme valeur: %USERPROFILE%\Bureau

va sur

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur User shell folders
Desktop doit avoir pour valeur: %USERPROFILE%\Bureau

ftkchester · Answer

userprofile exactement ou mon nom , enfin où se trouve les icones du bureau ?

moe · Answer

exactement ce qui est en gras y compris le signe %

ftkchester · Answer

voila j'ai tout fai, mais mes icones n'apparaissent toujours pas

moe · Answer

pour les deux derniers, tu avais quelle valeurs avant modif

ftkchester · Answer

va sur
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

dans la fenetre de droite double clic sur desktop
mais ceci comme valeur >%USERPROFILE%\Bureau

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur User shell folders
dans la fenetre de droite double clic sur Desktop

à la place mettre comme valeur: %USERPROFILE%\Bureau

va sur

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur User shell folders
Desktop doit avoir pour valeur: %USERPROFILE%\Bureau

ftkchester · Answer

quel bouffon j'ai rien dit att

ftkchester · Answer

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur User shell folders j'avais :%USERPROFILE%\DesktopHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\clic sur User shell folders j'avais :pareil j'ai bureau

moe · Answer

nonHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User shell folders par contre je viens de vérifier sur mon pc pour:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders chez moi desktop a bien pour valeur :C:\Documents and Settings\mon nom\Bureau donc chez toi tu devrais normalement avoir:C:\Documents and Settings\Denis de MAROUSSEM\Bureaua+

balltrap34 · Answer

salutje vous est abandonner lol et c est pas la grande formefait ceci pour voirtelecharge cecihttp://www.downloads.subratam.org/l2mfix.exedecompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 1attend il vas faire un rapport fait un copier coller de celui cine fait surtout rien d autres--------et aussi ceciTélécharge ceci SilentRunners.  http://www.silentrunners.org/Lance-le Copie/colle-le rapport ici

Danger : soyware

46 réponses

Votre réponse

Newsletters