Analyse Hijackthis
Argéades
-
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
balltrap34 Messages postés 16241 Statut Contributeur sécurité -
Bonjour,
Suite à des ralentissements de mon PC, j'ai scanné mon PC avec HijackThis.
Merci de m'indiquer ce qu'il est recommandé de fixer.
Logfile of HijackThis v1.98.0
Scan saved at 17:22:09, on 02/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\Drivers\XWMSAPI.EXE
C:\Program Files\Xerox\ControlCentre 2.0\XWCTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\Program Files\XEROX\ControlCentre 2.0\Pagis\Monitor.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\89D4ADA.DLL
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [XWMSUSBAPI] C:\WINDOWS\System32\Drivers\XWMSAPI.EXE
O4 - HKLM\..\Run: [ControlCentreTray] "C:\Program Files\Xerox\ControlCentre 2.0\XWCTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [spywatch] C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [WNSI] C:\WINDOWS\System32\wnscpsu.exe
O4 - HKCU\..\Run: [BPSANTISPY] C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe /STARTUP
O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
O4 - Global Startup: Contrôleur de planification Pagis.lnk = C:\Program Files\XEROX\ControlCentre 2.0\Pagis\Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_FR_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE878B14-312C-4C3E-9590-520BE97C5392}: NameServer = 212.151.136.254 130.244.127.170
Suite à des ralentissements de mon PC, j'ai scanné mon PC avec HijackThis.
Merci de m'indiquer ce qu'il est recommandé de fixer.
Logfile of HijackThis v1.98.0
Scan saved at 17:22:09, on 02/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\Drivers\XWMSAPI.EXE
C:\Program Files\Xerox\ControlCentre 2.0\XWCTray.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\Program Files\XEROX\ControlCentre 2.0\Pagis\Monitor.exe
C:\Program Files\BulletProofSoft.com\SpywareRemover\89D4ADA.DLL
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [XWMSUSBAPI] C:\WINDOWS\System32\Drivers\XWMSAPI.EXE
O4 - HKLM\..\Run: [ControlCentreTray] "C:\Program Files\Xerox\ControlCentre 2.0\XWCTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [spywatch] C:\Program Files\BulletProofSoft.com\SpywareRemover\SpyWatch.exe /STARTUP
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [WNSI] C:\WINDOWS\System32\wnscpsu.exe
O4 - HKCU\..\Run: [BPSANTISPY] C:\Program Files\BulletProofSoft.com\SpywareRemover\Spyware.exe /STARTUP
O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
O4 - Global Startup: Contrôleur de planification Pagis.lnk = C:\Program Files\XEROX\ControlCentre 2.0\Pagis\Monitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_FR_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://www.edipole.fr/kits/WebInstall.dll
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE878B14-312C-4C3E-9590-520BE97C5392}: NameServer = 212.151.136.254 130.244.127.170
A voir également:
- Analyse Hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Échec de l'analyse antivirus. ✓ - Forum Antivirus
10 réponses
a fixer==>
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_FR_XP.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE878B14-312C-4C3E-9590-520BE97C5392}: NameServer = 212.151.136.254 130.244.127.170
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1015_FR_XP.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE878B14-312C-4C3E-9590-520BE97C5392}: NameServer = 212.151.136.254 130.244.127.170
salut
tu as trop de programme au demarrage supprime les du demarrage
perso je ne laisse que mon anti virus mon pare feu
pour cela
tu click sur demarrer executer tu tapes msconfig
tu vas sur l onglet demarrage tu decoche se que tu veut enlever du demarrage et ok tu redemarre une fenetre vas s ouvrir tu coche ne plus afficher se message et ok
la chasse et le balltrap ma vrai passion
http://pageperso.aol.fr/balltrap34/page1.html
tu as trop de programme au demarrage supprime les du demarrage
perso je ne laisse que mon anti virus mon pare feu
pour cela
tu click sur demarrer executer tu tapes msconfig
tu vas sur l onglet demarrage tu decoche se que tu veut enlever du demarrage et ok tu redemarre une fenetre vas s ouvrir tu coche ne plus afficher se message et ok
la chasse et le balltrap ma vrai passion
http://pageperso.aol.fr/balltrap34/page1.html
bonjour
j ai un petit probleme evec ma page web d explorer
blanc : blanc
et page pub
voici la reponce d adeware
Vendor:CoolWebSearch
Category:Malware
Object Type:RegValue
Size:-
Location:SOFTWARE\Microsoft\Internet Explorer\Main\
Last Activity:03-07-2004
Risk LevelLow
Comment:"HOMEOldSP"
Description:Malware, Hijacker. Hijacks Browser pages, default search-engine and HOSTS file.Installs unsolicited, runs stealth.(Also known as CWS hijack)
jai scaner avec hijackthis
voici mec log
merci de m aider a solutionner mon probleme
Logfile of HijackThis v1.98.0
Scan saved at 16:08:35, on 03/07/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\DIRECT~1\DUService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\nero cd creation\InCD\InCDsrv.exe
D:\configuration routeur di 624+\SCANER LAN\LANguard Network Security Scanner 3\sscansvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\Program Files\nero cd creation\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DirectUpdate\DUControl.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\Program Files\flowprotector\flowprotector.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Luc Guillaume.PC-LGUILLAUME\Local Settings\Temp\HijackThis.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://cploving.awmhost.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://google.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://google.be
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.2:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINNT\dpe.dll
O2 - BHO: (no name) - {8B2B46D3-FDDB-4651-8B53-3A00B5A6DA6F} - C:\WINNT\system32\bgnj.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [InCD] C:\Program Files\nero cd creation\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LaunchList] H:\video pinacle 8 12 2003\LaunchList.exe
O4 - HKLM\..\Run: [DUControl] C:\Program Files\DirectUpdate\DUControl.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shps] C:\Documents and Settings\Luc Guillaume.PC-LGUILLAUME\Application Data\csrh.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Startup: FlowProtector_Plus.lnk = C:\Program Files\flowprotector\flowprotector.exe
O4 - Startup: ZoneAlarm Pro.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .ssc: C:\WINNT\Downloaded Program Files\Ubizen\SmartStart\NPSmartStart32.dll
O13 - DefaultPrefix:
O13 - WWW Prefix: http://www.google.be
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/plugins/fr_FR/DjVuControl_fr_FR.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\bla.MHT!http://216.115.95.98//38ble.chm::/wincfgid.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - file://C:\Program Files\Internet Explorer\Q330994.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1027.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.terra.es/personal7/grandmama25/op/tray.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - http://www.checkspy.com/fr/FlowScan.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{579E6642-270C-448D-8549-19FA4FFC3DB2}: NameServer = 192.168.0.2,194.119.232.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{A77CFA47-CD3A-4A34-9038-AF2888EE3938}: NameServer = 192.168.0.2,195.95.30.176
O18 - Filter: text/html - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
O18 - Filter: text/plain - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
j ai un petit probleme evec ma page web d explorer
blanc : blanc
et page pub
voici la reponce d adeware
Vendor:CoolWebSearch
Category:Malware
Object Type:RegValue
Size:-
Location:SOFTWARE\Microsoft\Internet Explorer\Main\
Last Activity:03-07-2004
Risk LevelLow
Comment:"HOMEOldSP"
Description:Malware, Hijacker. Hijacks Browser pages, default search-engine and HOSTS file.Installs unsolicited, runs stealth.(Also known as CWS hijack)
jai scaner avec hijackthis
voici mec log
merci de m aider a solutionner mon probleme
Logfile of HijackThis v1.98.0
Scan saved at 16:08:35, on 03/07/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\DIRECT~1\DUService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\nero cd creation\InCD\InCDsrv.exe
D:\configuration routeur di 624+\SCANER LAN\LANguard Network Security Scanner 3\sscansvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\Program Files\nero cd creation\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DirectUpdate\DUControl.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\Program Files\flowprotector\flowprotector.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Luc Guillaume.PC-LGUILLAUME\Local Settings\Temp\HijackThis.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://cploving.awmhost.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://google.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://google.be
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.2:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINNT\dpe.dll
O2 - BHO: (no name) - {8B2B46D3-FDDB-4651-8B53-3A00B5A6DA6F} - C:\WINNT\system32\bgnj.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [InCD] C:\Program Files\nero cd creation\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LaunchList] H:\video pinacle 8 12 2003\LaunchList.exe
O4 - HKLM\..\Run: [DUControl] C:\Program Files\DirectUpdate\DUControl.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shps] C:\Documents and Settings\Luc Guillaume.PC-LGUILLAUME\Application Data\csrh.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Startup: FlowProtector_Plus.lnk = C:\Program Files\flowprotector\flowprotector.exe
O4 - Startup: ZoneAlarm Pro.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .ssc: C:\WINNT\Downloaded Program Files\Ubizen\SmartStart\NPSmartStart32.dll
O13 - DefaultPrefix:
O13 - WWW Prefix: http://www.google.be
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/plugins/fr_FR/DjVuControl_fr_FR.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\bla.MHT!http://216.115.95.98//38ble.chm::/wincfgid.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - file://C:\Program Files\Internet Explorer\Q330994.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1027.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.terra.es/personal7/grandmama25/op/tray.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - http://www.checkspy.com/fr/FlowScan.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{579E6642-270C-448D-8549-19FA4FFC3DB2}: NameServer = 192.168.0.2,194.119.232.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{A77CFA47-CD3A-4A34-9038-AF2888EE3938}: NameServer = 192.168.0.2,195.95.30.176
O18 - Filter: text/html - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
O18 - Filter: text/plain - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
fixe les lignes suivantes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F0 - system.ini: Shell=
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O13 - DefaultPrefix:
O13 - WWW Prefix: http://www.google.be
O17 - HKLM\System\CCS\Services\Tcpip\..\{579E6642-270C-448D-8549-19FA4FFC3DB2}: NameServer = 192.168.0.2,194.119.232.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{A77CFA47-CD3A-4A34-9038-AF2888EE3938}: NameServer = 192.168.0.2,195.95.30.176
O18 - Filter: text/html - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
O18 - Filter: text/plain - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F0 - system.ini: Shell=
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O13 - DefaultPrefix:
O13 - WWW Prefix: http://www.google.be
O17 - HKLM\System\CCS\Services\Tcpip\..\{579E6642-270C-448D-8549-19FA4FFC3DB2}: NameServer = 192.168.0.2,194.119.232.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{A77CFA47-CD3A-4A34-9038-AF2888EE3938}: NameServer = 192.168.0.2,195.95.30.176
O18 - Filter: text/html - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
O18 - Filter: text/plain - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
resalut
comme tu peux le voir j ai beau fixer les ligne que tu me dis mais elle revienne meme apres avoir rebooter et effacer dans le config de explorer le blanc blanc
veux tu bien encore plancher dessus une fois
merci
tiens
c est normal de voir google partous
??
Logfile of HijackThis v1.98.0
Scan saved at 18:10:20, on 03/07/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\DIRECT~1\DUService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\nero cd creation\InCD\InCDsrv.exe
D:\configuration routeur di 624+\SCANER LAN\LANguard Network Security Scanner 3\sscansvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\Program Files\nero cd creation\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DirectUpdate\DUControl.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\Program Files\flowprotector\flowprotector.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\telechargement luc\Hijackthis netoyage explorer et ordi\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://cploving.awmhost.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://google.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://google.be
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.2:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINNT\dpe.dll
O2 - BHO: (no name) - {8B2B46D3-FDDB-4651-8B53-3A00B5A6DA6F} - C:\WINNT\system32\bgnj.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [InCD] C:\Program Files\nero cd creation\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LaunchList] H:\video pinacle 8 12 2003\LaunchList.exe
O4 - HKLM\..\Run: [DUControl] C:\Program Files\DirectUpdate\DUControl.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shps] C:\Documents and Settings\Luc Guillaume.PC-LGUILLAUME\Application Data\csrh.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Startup: FlowProtector_Plus.lnk = C:\Program Files\flowprotector\flowprotector.exe
O4 - Startup: ZoneAlarm Pro.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .ssc: C:\WINNT\Downloaded Program Files\Ubizen\SmartStart\NPSmartStart32.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/plugins/fr_FR/DjVuControl_fr_FR.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\bla.MHT!http://216.115.95.98//38ble.chm::/wincfgid.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - file://C:\Program Files\Internet Explorer\Q330994.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1027.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.terra.es/personal7/grandmama25/op/tray.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - http://www.checkspy.com/fr/FlowScan.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{579E6642-270C-448D-8549-19FA4FFC3DB2}: NameServer = 192.168.0.2,194.119.232.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{A77CFA47-CD3A-4A34-9038-AF2888EE3938}: NameServer = 192.168.0.2,195.95.30.176
O18 - Filter: text/html - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
O18 - Filter: text/plain - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
comme tu peux le voir j ai beau fixer les ligne que tu me dis mais elle revienne meme apres avoir rebooter et effacer dans le config de explorer le blanc blanc
veux tu bien encore plancher dessus une fois
merci
tiens
c est normal de voir google partous
??
Logfile of HijackThis v1.98.0
Scan saved at 18:10:20, on 03/07/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\DIRECT~1\DUService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\nero cd creation\InCD\InCDsrv.exe
D:\configuration routeur di 624+\SCANER LAN\LANguard Network Security Scanner 3\sscansvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dslagent.exe
C:\Program Files\nero cd creation\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DirectUpdate\DUControl.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
C:\Program Files\flowprotector\flowprotector.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\telechargement luc\Hijackthis netoyage explorer et ordi\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://cploving.awmhost.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.be
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://google.be
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\LUCGUI~1.PC-\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://google.be
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://google.be
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://google.be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.2:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.3 boards.cexx.org
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.22 lavasoft.de
O1 - Hosts: 127.0.0.23 lavasoftusa.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.76 www.lavasoft.de
O1 - Hosts: 127.0.0.77 www.lavasoftusa.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINNT\dpe.dll
O2 - BHO: (no name) - {8B2B46D3-FDDB-4651-8B53-3A00B5A6DA6F} - C:\WINNT\system32\bgnj.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [InCD] C:\Program Files\nero cd creation\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LaunchList] H:\video pinacle 8 12 2003\LaunchList.exe
O4 - HKLM\..\Run: [DUControl] C:\Program Files\DirectUpdate\DUControl.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shps] C:\Documents and Settings\Luc Guillaume.PC-LGUILLAUME\Application Data\csrh.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [a²] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O4 - Startup: FlowProtector_Plus.lnk = C:\Program Files\flowprotector\flowprotector.exe
O4 - Startup: ZoneAlarm Pro.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &iSearch The Web - res://C:\WINNT\system32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .ssc: C:\WINNT\Downloaded Program Files\Ubizen\SmartStart\NPSmartStart32.dll
O13 - DefaultPrefix:
O13 - WWW Prefix:
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/plugins/fr_FR/DjVuControl_fr_FR.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\MAIN.MHT!http://213.159.117.236/buka.chm::/x.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://C:\bla.MHT!http://216.115.95.98//38ble.chm::/wincfgid.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - file://C:\Program Files\Internet Explorer\Q330994.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1027.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.terra.es/personal7/grandmama25/op/tray.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) - http://www.checkspy.com/fr/FlowScan.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by2fd.bay2.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{579E6642-270C-448D-8549-19FA4FFC3DB2}: NameServer = 192.168.0.2,194.119.232.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{A77CFA47-CD3A-4A34-9038-AF2888EE3938}: NameServer = 192.168.0.2,195.95.30.176
O18 - Filter: text/html - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
O18 - Filter: text/plain - {15B65A12-A608-436A-9367-CBB0D31B2149} - C:\WINNT\system32\bgnj.dll
non, je ne replanche pas dessus désolé
télécharge CWShredder.exe et nettoie ton pc avec
http://209.133.47.12/~merijn/files/CWShredder.exe
télécharge aussi spybot et nettoie aussi ton pc avec
http://kujoe.com/freeware/spybotsd13.exe
une fois les nettoyages effectués, fixe a nouveau les lignes que je t'ai indiqué.
ps: la prochaine fois poste tes messages dans ton propre post et non pas dans celui d'un autre par politesse pour celui qui l'a crée et pour éviter les surcharges etc...
télécharge CWShredder.exe et nettoie ton pc avec
http://209.133.47.12/~merijn/files/CWShredder.exe
télécharge aussi spybot et nettoie aussi ton pc avec
http://kujoe.com/freeware/spybotsd13.exe
une fois les nettoyages effectués, fixe a nouveau les lignes que je t'ai indiqué.
ps: la prochaine fois poste tes messages dans ton propre post et non pas dans celui d'un autre par politesse pour celui qui l'a crée et pour éviter les surcharges etc...
salut
si tu est sous xp ou 2000 fait ceci et ensuite refait un hijack et met le rapport
alors action numero 1
telecharger ce fichier : a retelecharger chaque fois que vous vouler l utiliser
ftp://www.renonce.com/pub/renonce/Rimouveur.exe
Action numero 2 :o)
Demarrer en mode sans echec :
tapotter sur la touche F8 sans arret desque tu allume ton PC
et si ca ne marche pas utiliser la touche f5 a la place
Appliquer le fichier dans le mode sans echec
le PC redemarre a la fin si c'est pas le cas tu fais un reboot tu ne touche plus a F8 et le PC reviendra tout seul en mode normal sans les virus
Action numero 3
copier ici le contenu du fichier resulata.txt qui se trouve au redemarrage du pc
la chasse et le balltrap ma vrai passion
http://pageperso.aol.fr/balltrap34/page1.html
si tu est sous xp ou 2000 fait ceci et ensuite refait un hijack et met le rapport
alors action numero 1
telecharger ce fichier : a retelecharger chaque fois que vous vouler l utiliser
ftp://www.renonce.com/pub/renonce/Rimouveur.exe
Action numero 2 :o)
Demarrer en mode sans echec :
tapotter sur la touche F8 sans arret desque tu allume ton PC
et si ca ne marche pas utiliser la touche f5 a la place
Appliquer le fichier dans le mode sans echec
le PC redemarre a la fin si c'est pas le cas tu fais un reboot tu ne touche plus a F8 et le PC reviendra tout seul en mode normal sans les virus
Action numero 3
copier ici le contenu du fichier resulata.txt qui se trouve au redemarrage du pc
la chasse et le balltrap ma vrai passion
http://pageperso.aol.fr/balltrap34/page1.html
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
boujour, j'ai egalement un probleme lors de mon demarrage de ie
mon adresse de demarrage n'existe plus et j'ai comme adresse :about:blank et s'affiche une page de search,
malgré les scan avec ad aware et ayant supprimé les fichiers de ma base de registre comme SP.html et autres fichiers identiques sur ma base de registre que celles trouvé sur les autres posts, cela ne marche pas.
voici mon log avec hijackthis
merci d'avance
Logfile of HijackThis v1.98.0
Scan saved at 17:28:50, on 03/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\DelFax\WFXMOD32.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Desktop\vsserv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
C:\Program Files\Softwin\BitDefender Desktop\bdoesrv.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\PROGRA~1\DelFax\WFXSWTCH.exe
C:\Program Files\Softwin\BitDefender Desktop\bdswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\benoit\Bureau\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {40B3F31F-79A5-4DAC-8B94-797F56321768} - C:\WINDOWS\System32\enafi.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {A86B5A09-DB50-4E7B-999F-76E0087E63F2} - C:\WINDOWS\System32\enafi.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C10290AE-D80B-4367-8763-B4240FA5C4BC} - C:\WINDOWS\System32\enafi.dll
O2 - BHO: (no name) - {E59128AF-A6AE-4F4C-8093-6C24F7C83BA0} - C:\WINDOWS\System32\enafi.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\fr\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender Desktop\\bdoesrv.exe
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\Minitel\Watch.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\DelFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [ConfiggLoader] cart322.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Desktop\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Desktop\bdnagent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [ConfiggLoader] cart322.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} - (no file)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O18 - Filter: text/html - {94150903-8C9B-4E34-999E-E5153D2A4470} - C:\WINDOWS\System32\enafi.dll
O18 - Filter: text/plain - {94150903-8C9B-4E34-999E-E5153D2A4470} - C:\WINDOWS\System32\enafi.dll
O20 - AppInit_DLLs: sockspy.dll
mon adresse de demarrage n'existe plus et j'ai comme adresse :about:blank et s'affiche une page de search,
malgré les scan avec ad aware et ayant supprimé les fichiers de ma base de registre comme SP.html et autres fichiers identiques sur ma base de registre que celles trouvé sur les autres posts, cela ne marche pas.
voici mon log avec hijackthis
merci d'avance
Logfile of HijackThis v1.98.0
Scan saved at 17:28:50, on 03/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\DelFax\WFXMOD32.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Desktop\vsserv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
C:\Program Files\Softwin\BitDefender Desktop\bdoesrv.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
C:\PROGRA~1\DelFax\WFXSWTCH.exe
C:\Program Files\Softwin\BitDefender Desktop\bdswitch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\benoit\Bureau\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {40B3F31F-79A5-4DAC-8B94-797F56321768} - C:\WINDOWS\System32\enafi.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {A86B5A09-DB50-4E7B-999F-76E0087E63F2} - C:\WINDOWS\System32\enafi.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C10290AE-D80B-4367-8763-B4240FA5C4BC} - C:\WINDOWS\System32\enafi.dll
O2 - BHO: (no name) - {E59128AF-A6AE-4F4C-8093-6C24F7C83BA0} - C:\WINDOWS\System32\enafi.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\fr\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~2\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender Desktop\\bdoesrv.exe
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\Minitel\Watch.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\DelFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [ConfiggLoader] cart322.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Desktop\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Desktop\bdnagent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [ConfiggLoader] cart322.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} - (no file)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O18 - Filter: text/html - {94150903-8C9B-4E34-999E-E5153D2A4470} - C:\WINDOWS\System32\enafi.dll
O18 - Filter: text/plain - {94150903-8C9B-4E34-999E-E5153D2A4470} - C:\WINDOWS\System32\enafi.dll
O20 - AppInit_DLLs: sockspy.dll
a fixer==>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F0 - system.ini: Shell=
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O18 - Filter: text/html - {94150903-8C9B-4E34-999E-E5153D2A4470} - C:\WINDOWS\System32\enafi.dll
O18 - Filter: text/plain - {94150903-8C9B-4E34-999E-E5153D2A4470} - C:\WINDOWS\System32\enafi.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\benoit\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F0 - system.ini: Shell=
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O18 - Filter: text/html - {94150903-8C9B-4E34-999E-E5153D2A4470} - C:\WINDOWS\System32\enafi.dll
O18 - Filter: text/plain - {94150903-8C9B-4E34-999E-E5153D2A4470} - C:\WINDOWS\System32\enafi.dll
Bonjour,
C'est quoi ce sockspy.dll dans appinit_dlls
Je n'ai pas beaucoup d'infos la dessus et ce que j'ai n'est pas clair.
Pierre (aka Terdef)
C'est quoi ce sockspy.dll dans appinit_dlls
Je n'ai pas beaucoup d'infos la dessus et ce que j'ai n'est pas clair.
Pierre (aka Terdef)
Bonjour BallTrap34
T'es là, dans ce thread ?
Je viens de lire ton feedback.
Ben oui, tu vois, je me pose la même question à propos de sockspy.dll. En gros je n'arrive pas à savoir ce que c'est exactement.
J'ai vu à plusieurs reprises qu'il était question de la suprimer lorsqu'il s'agissait de désinstaller complètement un logiciel. Je l'ai vu sur 2 ou 3 logiciels légitmes donc ça me parait un truc légitime. Je n'en sais pas plus.
Recherche google
http://www.google.fr/search?num=100&hl=fr&ie=UTF-8&q=sockspy.dll&btnG=Rechercher&meta=
Apparaît dans la désinstallation de BullGuard - un truc solide et sain.
www.bullguard.com/uninstall.aspx+sockspy.dll&hl=fr' target='_blank'>http://www.google.fr/search?q=cache:hOIy0uz05zIJ:www.bullguard.com/uninstall.aspx+sockspy.dll&hl=fr
Apparaît dans la désinstallation de BitDefender - difficile à mettre en cause
www.bitdefender.com/kb/script_view_document.php%3Fid%3D20%26language%3Dfr+sockspy.dll&hl=fr' target='_blank'>http://www.google.fr/search?q=cache:2M0STMNaTW8J:www.bitdefender.com/kb/script_view_document.php%3Fid%3D20%26language%3Dfr+sockspy.dll&hl=fr
http://www.editions-profil.fr/Faqs.aspx?versionid=1125
D'autre part il existe un projet Sockspy en open source qui serait plutôt utilisé en sécurité pour voir ce qui se passe sur les connexions TCP entre client et serveurs. Est-ce ceci qui serait installé dans BullGuard et BitDefender ?
Y a t'il un bug dans Sockspy.dll ?
http://wiki.tcl.tk/2256
http://sourceforge.net/projects/sockspy/
http://sockspy.sourceforge.net/sockspy.html
Pierre (aka Terdef)
T'es là, dans ce thread ?
Je viens de lire ton feedback.
Ben oui, tu vois, je me pose la même question à propos de sockspy.dll. En gros je n'arrive pas à savoir ce que c'est exactement.
J'ai vu à plusieurs reprises qu'il était question de la suprimer lorsqu'il s'agissait de désinstaller complètement un logiciel. Je l'ai vu sur 2 ou 3 logiciels légitmes donc ça me parait un truc légitime. Je n'en sais pas plus.
Recherche google
http://www.google.fr/search?num=100&hl=fr&ie=UTF-8&q=sockspy.dll&btnG=Rechercher&meta=
Apparaît dans la désinstallation de BullGuard - un truc solide et sain.
www.bullguard.com/uninstall.aspx+sockspy.dll&hl=fr' target='_blank'>http://www.google.fr/search?q=cache:hOIy0uz05zIJ:www.bullguard.com/uninstall.aspx+sockspy.dll&hl=fr
Apparaît dans la désinstallation de BitDefender - difficile à mettre en cause
www.bitdefender.com/kb/script_view_document.php%3Fid%3D20%26language%3Dfr+sockspy.dll&hl=fr' target='_blank'>http://www.google.fr/search?q=cache:2M0STMNaTW8J:www.bitdefender.com/kb/script_view_document.php%3Fid%3D20%26language%3Dfr+sockspy.dll&hl=fr
http://www.editions-profil.fr/Faqs.aspx?versionid=1125
D'autre part il existe un projet Sockspy en open source qui serait plutôt utilisé en sécurité pour voir ce qui se passe sur les connexions TCP entre client et serveurs. Est-ce ceci qui serait installé dans BullGuard et BitDefender ?
Y a t'il un bug dans Sockspy.dll ?
http://wiki.tcl.tk/2256
http://sourceforge.net/projects/sockspy/
http://sockspy.sourceforge.net/sockspy.html
Pierre (aka Terdef)
salut terdef
pour ce qui est d un bug je ne crois pas
tous du moins je n ai j amais tenter une desinstall de bit defender version pro
et je pense que c est lier au rapport envoyer automatiquement
en cas de virus non identifier achez bit defender sans passer par url
la chasse et le balltrap ma vrai passion
pour ce qui est d un bug je ne crois pas
tous du moins je n ai j amais tenter une desinstall de bit defender version pro
et je pense que c est lier au rapport envoyer automatiquement
en cas de virus non identifier achez bit defender sans passer par url
la chasse et le balltrap ma vrai passion
Bonjour
Sockspy.dll
Un contributeur a trouvé ça sur mes forums
http://www.docs.rinet.ru:8083/Plugi/ch24.htm
Le sujet reste ouvert.
Pierre (aka Terdef)
Sockspy.dll
Un contributeur a trouvé ça sur mes forums
http://www.docs.rinet.ru:8083/Plugi/ch24.htm
Le sujet reste ouvert.
Pierre (aka Terdef)
