Fenêtres intempestives

zecrista Messages postés 43 Date d'inscription   Statut Membre -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour,

Depuis peu, je suis envahi par de nombreuses fenêtres intempestives lorsque je surf sur le net (drive cleaner, dial messenger, spyware secure, casino ect..) J'ai en parcourant le forum tenter diverses formules de nettoyages (adaware, spybot, avg, cc cleaner) ..rien n'empêche ces fenetres de réapparaitre.

Pouvez vous me donner unesolution à ce problème...Déjà merci

Configuration :
Windows XP
anti virus : f-secure
Configuration: Windows XP
Internet Explorer 7.0

5 réponses

  1. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir tout le monde

     (drive cleaner, dial messenger, spyware secure, casino ect..)


    il faut télécharger comme demandé plus haut F SECURE BLACKLIGHT dans un premier temps afin de virer l'infection
    1
  2. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour,

    * Télécharge Blacklight
    https://europe.f-secure.com/exclude/blacklight/index.shtml
    (de F-Secure)
    (le premier de la page)

    Enregistre le sur ton Bureau.
    Double-clique blbeta.exe
    Clique sur "I ACCEPT" .
    clique Scan puis Next<*gras>

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
    sur ton Bureau, nommé <gras>fsbl.xxxxxxx.log
    (les xxxxxxx sont des chiffres).

    Copie et colle le contenu de ce rapport dans ta prochaine réponse.
    NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
    car des fichiers légitimes peuvent être présents, tel wbemtest.exe
    0
    1. zecrista Messages postés 43 Date d'inscription   Statut Membre 1
       
      voici le rapport (merci pour ton aide aide )

      03/28/07 20:19:40 [Info]: BlackLight Engine 1.0.55 initialized
      03/28/07 20:19:40 [Info]: OS: 5.1 build 2600 (Service Pack 2)
      03/28/07 20:19:40 [Note]: 7019 4
      03/28/07 20:19:40 [Note]: 7005 0
      03/28/07 20:19:42 [Note]: 7006 0
      03/28/07 20:19:42 [Note]: 7011 520
      03/28/07 20:19:42 [Note]: 7026 0
      03/28/07 20:19:42 [Note]: 7026 0
      03/28/07 20:19:42 [Note]: 7024 3
      03/28/07 20:19:42 [Info]: Hidden process: C:\windows\system32\rubwqnlhxe.exe
      03/28/07 20:19:47 [Note]: FSRAW library version 1.7.1021
      03/28/07 20:26:48 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\rubwqnlhxe.dat
      03/28/07 20:26:48 [Note]: 10002 1
      03/28/07 20:26:48 [Info]: Hidden file: C:\windows\system32\rubwqnlhxe.exe
      03/28/07 20:26:48 [Note]: 10002 1
      03/28/07 20:26:49 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\rubwqnlhxe_nav.dat
      03/28/07 20:26:49 [Note]: 10002 1
      03/28/07 20:26:50 [Info]: Hidden file: c:\WINDOWS\SYSTEM32\rubwqnlhxe_navps.dat
      03/28/07 20:26:50 [Note]: 10002 1
      03/28/07 20:30:58 [Note]: 7007 0
      0
      1. philae83 Messages postés 12854 Statut Contributeur sécurité 206 > zecrista Messages postés 43 Date d'inscription   Statut Membre
         
        bonsoir,

        désolée, mais j'avais pas vu ton post parmis tous les autres
        on continue

        ces manips sont à faire dans l'ordre stp, imprime car il te faudra les faire en mode sans échec

        * Télécharge CCleaner

        http://www.filehippo.com/download_ccleaner.html

        ("Download Latest Version", sur la droite).

        Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

        aide en image pour la suite (ne pas tenir compte des noms, c'est juste à titre indicatif)
        ICI
        https://forum.pcastuces.com/default.asp

        à la lettre N ) Installer Brute Force Uninstaller

        * télécharge Brute Force Uninstaller

        http://www.merijn.org/files/bfu.zip


        * FAIS UN CLIC-DROIT sur le lien ci dessous

        http://metallica.geekstogo.com/EGDACCESS.bfu

        et choisis "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..")

        afin de télécharger EGDACCESS.bfu, Type "Tous les fichiers".

        Sauvegarde dans le dossier créé (c:\BFU)


        * FAIS UN CLIC-DROIT sur le lien ci dessous

        http://perso.numericable.fr/~altshift/Info/Fichiers/Winsoftware.bfu

        et choisis "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..")

        afin de télécharger Winsoftware.bfu, Type "Tous les fichiers".

        Sauvegarde dans le dossier créé (c:\BFU)


        * télécharge Navipromo.zip (par lazzzy)

        http://perso.numericable.fr/~altshift/Info/Fichiers/Navipromo07H.zip
        et décompresse-le sur ton bureau

        * Copie la suite des instructions dans un fichier texte, sur ton bureau. et redémarre en mode sans échec comme indiqué ici

        https://forum.pcastuces.com/default.asp#haut

        à la lettre C

        Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou autre.


        * lance le fichier Navipromo.bat qui se trouve dans le dossier Navipromo, sur ton bureau.
        * Sélectionne l'option "Recherche et suppression automatique". Patiente.
        S'il trouve quelque chose, tu verras défiler des lignes dans la fenêtre de commande et au bout de quelques instants, il faudra que tu appuies sur une touche pour que le nettoyage soit lancé. Lorsqu'il a terminé, ferme le rapport qui s'est ouvert

        * Relance l'outil, Sélectionne l'option "Suppression Heuristique", et patiente quelques minutes.
        Lorsqu'il a terminé, ferme le rapport qui s'est ouvert

        * Démarre le "Brute Force Uninstaller" en double-cliquant sur BFU.exe.
        Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : EGDACCESS.bfu
        - Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
        Clique sur "Execute" et laisse-le faire son travail.
        Attendre que "Complete script execution" apparaîsse et clique sur OK.
        Clique exit pour fermer le programme BFU.
        Recommence encore une fois.

        * Démarre encore le "Brute Force Uninstaller" en double-cliquant sur BFU.exe.
        * Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : Winsoftware.bfu
        - Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Winsoftware.bfu
        * Clique sur "Execute" et laisse-le faire son travail.
        Attendre que "Complete script execution" apparaîsse et clique sur OK.
        * Clique exit pour fermer le programme BFU.
        Recommence encore une fois


        * Démarrer -> panneau de configuration -> options internet

        Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :

        electronic-group - egroup - Montorgueil - VIP - "Sunny Day Design Ltd"

        => Supprime-les tous

        * lance Ccleaner pour un nettoyage complet.

        * redémarre normalement et poste le contenu du fichier Navipromo.txt qui se trouve dans Poste de travail > disque C:\

        Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
        0
      2. zecrista Messages postés 43 Date d'inscription   Statut Membre 1 > philae83 Messages postés 12854 Statut Contributeur sécurité
         
        désolé pour le retard, voici le rapport navipromo

        Rapport Navipromo.bat 0.71 effectué le dim. 01/04/2007 à 12:32:47,62
        L'opération se déroule en mode sans échec sous le compte "Utilisateur"

        ** Recherche...

        1/ rubwqnlhxe trouvé, recherche de rubwqnlhxe*
        C:\WINDOWS\SYSTEM32\rubwqnlhxe.dat
        C:\WINDOWS\SYSTEM32\rubwqnlhxe.exe
        C:\WINDOWS\SYSTEM32\rubwqnlhxe_nav.dat
        C:\WINDOWS\SYSTEM32\rubwqnlhxe_navps.dat
        C:\WINDOWS\prefetch\RUBWQNLHXE.EXE-0589B6AC.pf

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        rubwqnlhxe REG_SZ c:\windows\system32\rubwqnlhxe.exe rubwqnlhxe

        ------------------
        Fin du rapport de recherche
        Adware Navipromo trouvé 1 fois avec cette méthode

        ################################################

        ** Nettoyage...

        1/ Déplacement de rubwqnlhxe* vers C:\Navipromo\Backups...
        C:\WINDOWS\System32\rubwqnlhxe* déplacé avec succès !
        C:\WINDOWS\prefetch\rubwqnlhxe* déplacé avec succès

        ------------------
        * Suppression clés et valeurs de registre
        1 entrées de registre netttoyées


        * Backups :

        C:\Navipromo\Backups\ARPCache.reg
        C:\Navipromo\Backups\HKCURun.reg
        C:\Navipromo\Backups\HKLMRun.reg
        C:\Navipromo\Backups\pack.epk
        C:\Navipromo\Backups\rubwqnlhxe.dat
        C:\Navipromo\Backups\rubwqnlhxe.exe
        C:\Navipromo\Backups\RUBWQNLHXE.EXE-0589B6AC.pf
        C:\Navipromo\Backups\rubwqnlhxe_nav.dat
        C:\Navipromo\Backups\rubwqnlhxe_navps.dat
        C:\Navipromo\Backups\Uninstall.reg

        Ajout d'extension .off aux backups

        ## Fin du rapport de Suppression
        0
      3. philae83 Messages postés 12854 Statut Contributeur sécurité 206 > zecrista Messages postés 43 Date d'inscription   Statut Membre
         
        bonsoir,

        * Télécharge HijackThis et poste le rapport stp

        http://pchelpbordeaux.free.fr/logiciels.html
        Tutorial
        http://pchelpbordeaux.free.fr/tuto.html
        Démo en image
        http://pageperso.aol.fr/balltrap34/demohijack.htm
        0
      4. zecrista Messages postés 43 Date d'inscription   Statut Membre 1 > philae83 Messages postés 12854 Statut Contributeur sécurité
         
        Logfile of HijackThis v1.99.1
        Scan saved at 0:48:34, on 2/04/2007
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16414)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Windows Defender\MsMpEng.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
        C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
        C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
        C:\WINDOWS\system32\CTsvcCDA.EXE
        C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
        C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
        C:\Program Files\F-Secure\Common\FSMA32.EXE
        C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
        C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\F-Secure\Common\FSMB32.EXE
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\F-Secure\Common\FCH32.EXE
        C:\Program Files\F-Secure\Common\FAMEH32.EXE
        C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
        C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
        C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
        C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
        C:\WINDOWS\system32\CTHELPER.EXE
        C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
        C:\Program Files\Dell\Media Experience\DMXLauncher.exe
        C:\WINDOWS\system32\dla\tfswctrl.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\F-Secure\Common\FSM32.EXE
        C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
        C:\Program Files\Icons\SetIcon.exe
        C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\Program Files\Makro Offline Software\Agent.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Windows Defender\MSASCui.exe
        C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
        C:\Program Files\F-Secure\Common\FNRB32.EXE
        C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
        C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        C:\Program Files\AVerTV USB 2.0 Plus\QuickTV.exe
        C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
        C:\Program Files\F-Secure\Common\FIH32.EXE
        C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\Logitech\SetPoint\KEM.exe
        C:\WINDOWS\SCMain.exe
        C:\WINDOWS\WCMain.exe
        C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
        C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/content/public/choosecountry.aspx?c=us&l=en&s=gen
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        N3 - Netscape 7: user_pref("browser.startup.homepage", ""); (C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Profiles\default\t1sj9twz.slt\prefs.js)
        N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CNetscape_France.src"); (C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Profiles\default\t1sj9twz.slt\prefs.js)
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
        O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
        O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
        O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
        O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
        O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
        O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
        O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
        O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
        O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
        O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
        O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
        O4 - HKLM\..\Run: [Sun ONE Synchronization - PocketPC] C:\Program Files\Fichiers communs\XCPCSync\Translators\PocketPC\AutoDetect.exe
        O4 - HKLM\..\Run: [Sun ONE Synchronization - MSWinCE2] C:\Program Files\Fichiers communs\XCPCSync\Translators\MSWinCE2\AutoDetect.exe
        O4 - HKLM\..\Run: [Sun ONE Synchronization - iPlanet] C:\Program Files\Fichiers communs\XCPCSync\Translators\iPlanet\iPlanetTray.exe
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
        O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] C:\Program Files\Makro Offline Software\Agent.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
        O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
        O4 - Global Startup: AVerTV USB 2.0.lnk = C:\Program Files\AVerTV USB 2.0 Plus\QuickTV.exe
        O4 - Global Startup: BTTray.lnk = ?
        O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
        O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
        O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
        O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = C:\WINDOWS\SCMain.exe
        O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = C:\WINDOWS\WCMain.exe
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
        O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
        O9 - Extra button: Unibet Fr Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Program Files\mrbookmakerfrMPP\MPPoker.exe
        O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
        O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
        O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
        O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
        O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
        O9 - Extra button: Golden Riviera Poker - {85BFB6E0-96F9-4424-8819-1D67E9F78D33} - C:\Program Files\goldenrivieraMPP\MPPoker.exe
        O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
        O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
        O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
        O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
        O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O11 - Options group: [INTERNATIONAL] International*
        O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0719a800677a3538c622/netzip/RdxIE601_fr.cab
        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
        O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
        O16 - DPF: {8E7E8EAE-71FF-11D3-B4D2-0060086460F0} (ElementMisterCash1 Class) - https://pay.banxafe.be/cab/ElementMisterCash.cab
        O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.com/clients/ImageUploader3.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
        O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp01.photoprintit.de/microsite/1456/defaults/activex/IPSUploader.cab
        O18 - Protocol: bw+0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw+0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw-0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw-0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw00 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw00s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw10 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw10s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw20 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw20s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw30 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw30s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw40 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw40s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw50 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw50s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw60 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw60s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw70 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw70s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw80 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw80s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw90 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bw90s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwa0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwa0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwb0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwb0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwc0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwc0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwd0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwd0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwe0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwe0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwf0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwf0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
        O18 - Protocol: bwg0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwg0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwh0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwh0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwi0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwi0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwj0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwj0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwk0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwk0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwl0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwl0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwm0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwm0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwn0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwn0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwo0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwo0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwp0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwp0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwq0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwq0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwr0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwr0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bws0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bws0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwt0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwt0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwu0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwu0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwv0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwv0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bww0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bww0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwx0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwx0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwy0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwy0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwz0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: bwz0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O18 - Protocol: offline-8876480 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
        O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
        O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
        O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
        O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
        O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
        O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
        O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
        O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
        O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
        O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
        O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
        0
  3. flyppi10 Messages postés 42 Statut Membre 2
     
    il y a un bon logiciel c le firewall c des farre et tu demande si tu

    veut des fenétre de pub ou pas!!!!!!!!

    aller A+ et bonne chance
    0
  4. killbin Messages postés 95 Statut Membre 2
     
    Salut

    malheureusement tu ne levera pas tes fenetres de cette manière mais seulement en changeant la politique d'affichage des fenetres et popup dans IE7.

    Un bon parfeu peut aussi faire ce travail pour eviter que tu soit trop polué

    Pour paramatrer IE7 je ne sais pas faire mais avec firefox cela est tres simple (a bon entendeur). Pour le parfeu, zone alarme c debrouille pas mal non plus

    A+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir,

    tu connais
    C:\Program Files\mrbookmakerfrMPP\MPPoker.exe
    C:\Program Files\goldenrivieraMPP\MPPoker.exe
    C:\Program Files\CDPoker\casino.exe
    C:\Program Files\UnibetpokerMPP\MPPoker.exe

    * lance hijackthis pour un "scan seulement" puis coche ces lignes :

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe ---si tu ne t'en sers pas
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Stardust Screen Saver Control 2003.lnk = C:\WINDOWS\SCMain.exe
    O4 - Global Startup: Stardust Wallpaper Control 2003.lnk = C:\WINDOWS\WCMain.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0719a800677a3538c622/netzip/RdxIE601_fr.cab
    O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
    O16 - DPF: {8E7E8EAE-71FF-11D3-B4D2-0060086460F0} (ElementMisterCash1 Class) - https://pay.banxafe.be/cab/ElementMisterCash.cab
    O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.com/clients/ImageUploader3.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp01.photoprintit.de/microsite/1456/defaults/activex/IPSUploader.cab
    O18 - Protocol: bw+0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {1082E0A3-5621-46D4-8C36-5057481488AA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    * ferme toutes les applications ouvertes y compris IE et clique sur "fixer objet"

    reposte un nouveau rapport hijackthis
    0