cool web site popup & about:blank! comment enlever??
Forum Sécurité - Virus : cool web site popup & about:blank! comment enlever??
Bonjour - premier forum après qqs mois de bataille avec les bestiaux aka about:blank & cws.
J'ai essayé cws, xoftspy, about buster, etc - mais il me reste des choses qui se renoment. J'ai également fait une verification du log de hijackthis sur www.highjackthis.de, mais les lignes de R1 reviens en changeant de dll. Ci-dessous le log de hijackthis avant verif & après avoir faire une verif et fix:
Logfile of HijackThis v1.99.1
Scan saved at 17:43:58, on 15/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\SYSTEM\MMTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\SPYCATCHER\DELETESATELLITE.EXE
C:\PROGRAM FILES\XOFTSPY\XOFTSPY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER_2_6.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\BUREAU\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.free.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.free.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [iamapp] c:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] c:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\PROGRAM FILES\SPYCATCHER\DeleteSatellite.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\PROGRAM FILES\SPYCATCHER\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [XoftSpy] C:\PROGRAM FILES\XOFTSPY\XoftSpy.exe -s
O4 - HKLM\..\Run: [Adware Agent] "C:\PROGRAM FILES\ADWARE AGENT\ADWARE AGENT.EXE"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [nisserv] c:\Program Files\Norton Internet Security\NISSERV.EXE
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ISSVC] "c:\Program Files\Norton Internet Security\ISSVC.exe"
O4 - HKLM\..\RunServices: [ccProxy] c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [IPJB32.EXE] C:\WINDOWS\SYSTEM\IPJB32.EXE /s
O4 - HKLM\..\RunServices: [IPHA32.EXE] C:\WINDOWS\IPHA32.EXE /s
O4 - HKLM\..\RunServices: [ATLVS32.EXE] C:\WINDOWS\SYSTEM\ATLVS32.EXE /s
O4 - HKLM\..\RunServices: [MSOB.EXE] C:\WINDOWS\MSOB.EXE /s
O4 - HKLM\..\RunServices: [SYSHD32.EXE] C:\WINDOWS\SYSTEM\SYSHD32.EXE /s
O4 - HKLM\..\RunServices: [IPEF32.EXE] C:\WINDOWS\SYSTEM\IPEF32.EXE /s
O4 - HKLM\..\RunServices: [IPBV32.EXE] C:\WINDOWS\IPBV32.EXE /s
O4 - HKLM\..\RunServices: [SYSCY32.EXE] C:\WINDOWS\SYSTEM\SYSCY32.EXE /s
O4 - HKLM\..\RunServices: [IPUY32.EXE] C:\WINDOWS\IPUY32.EXE /s
O4 - HKLM\..\RunServices: [ADDGC32.EXE] C:\WINDOWS\ADDGC32.EXE /s
O4 - HKLM\..\RunServices: [APITU.EXE] C:\WINDOWS\APITU.EXE /s
O4 - HKLM\..\RunServices: [MSWW32.EXE] C:\WINDOWS\MSWW32.EXE /s
O4 - HKLM\..\RunServices: [JAVAYW.EXE] C:\WINDOWS\SYSTEM\JAVAYW.EXE /s
O4 - HKLM\..\RunServices: [ADDTG32.EXE] C:\WINDOWS\SYSTEM\ADDTG32.EXE /s
O4 - HKLM\..\RunServices: [MSEE.EXE] C:\WINDOWS\SYSTEM\MSEE.EXE /s
O4 - HKLM\..\RunServices: [D3CX.EXE] C:\WINDOWS\SYSTEM\D3CX.EXE /s
O4 - HKLM\..\RunServices: [NETJV.EXE] C:\WINDOWS\SYSTEM\NETJV.EXE /s
O4 - HKLM\..\RunServices: [MSYK32.EXE] C:\WINDOWS\SYSTEM\MSYK32.EXE /s
O4 - HKLM\..\RunServices: [APPQV.EXE] C:\WINDOWS\APPQV.EXE /s
O4 - HKLM\..\RunServices: [IEEE32.EXE] C:\WINDOWS\IEEE32.EXE /s
O4 - HKLM\..\RunServices: [IPFH.EXE] C:\WINDOWS\SYSTEM\IPFH.EXE /s
O4 - HKLM\..\RunServices: [MFCNY32.EXE] C:\WINDOWS\MFCNY32.EXE /s
O4 - HKLM\..\RunServices: [APPJO32.EXE] C:\WINDOWS\APPJO32.EXE /s
O4 - HKLM\..\RunServices: [ADDVV32.EXE] C:\WINDOWS\SYSTEM\ADDVV32.EXE /s
O4 - HKLM\..\RunServices: [SYSAN.EXE] C:\WINDOWS\SYSAN.EXE /s
O4 - HKLM\..\RunServices: [MSHH32.EXE] C:\WINDOWS\MSHH32.EXE /s
O4 - HKLM\..\RunServices: [D3TH32.EXE] C:\WINDOWS\SYSTEM\D3TH32.EXE /s
O4 - HKLM\..\RunServices: [CRLS.EXE] C:\WINDOWS\CRLS.EXE /s
O4 - HKLM\..\RunServices: [SDKWU32.EXE] C:\WINDOWS\SDKWU32.EXE /s
O4 - HKLM\..\RunServices: [IEWB32.EXE] C:\WINDOWS\SYSTEM\IEWB32.EXE /s
O4 - HKLM\..\RunServices: [IPGU32.EXE] C:\WINDOWS\IPGU32.EXE /s
O4 - HKLM\..\RunServices: [WINWF32.EXE] C:\WINDOWS\SYSTEM\WINWF32.EXE /s
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/S [...] /cabsa.cab
O18 - Protocol: offline-8876480 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL
hijackthis log après fix checked sur www.highjackthis.de:
Logfile of HijackThis v1.99.1
Scan saved at 18:10:29, on 15/07/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\SYSTEM\MMTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\SPYCATCHER\DELETESATELLITE.EXE
C:\PROGRAM FILES\XOFTSPY\XOFTSPY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER_2_6.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\BUREAU\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.free.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.free.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [iamapp] c:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [LVComs] c:\windows\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] c:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\PROGRAM FILES\SPYCATCHER\DeleteSatellite.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\PROGRAM FILES\SPYCATCHER\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [XoftSpy] C:\PROGRAM FILES\XOFTSPY\XoftSpy.exe -s
O4 - HKLM\..\Run: [Adware Agent] "C:\PROGRAM FILES\ADWARE AGENT\ADWARE AGENT.EXE"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [nisserv] c:\Program Files\Norton Internet Security\NISSERV.EXE
O4 - HKLM\..\RunServices: [ccSetMgr] "c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ISSVC] "c:\Program Files\Norton Internet Security\ISSVC.exe"
O4 - HKLM\..\RunServices: [ccProxy] c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [IPJB32.EXE] C:\WINDOWS\SYSTEM\IPJB32.EXE /s
O4 - HKLM\..\RunServices: [IPHA32.EXE] C:\WINDOWS\IPHA32.EXE /s
O4 - HKLM\..\RunServices: [ATLVS32.EXE] C:\WINDOWS\SYSTEM\ATLVS32.EXE /s
O4 - HKLM\..\RunServices: [MSOB.EXE] C:\WINDOWS\MSOB.EXE /s
O4 - HKLM\..\RunServices: [SYSHD32.EXE] C:\WINDOWS\SYSTEM\SYSHD32.EXE /s
O4 - HKLM\..\RunServices: [IPEF32.EXE] C:\WINDOWS\SYSTEM\IPEF32.EXE /s
O4 - HKLM\..\RunServices: [IPBV32.EXE] C:\WINDOWS\IPBV32.EXE /s
O4 - HKLM\..\RunServices: [SYSCY32.EXE] C:\WINDOWS\SYSTEM\SYSCY32.EXE /s
O4 - HKLM\..\RunServices: [IPUY32.EXE] C:\WINDOWS\IPUY32.EXE /s
O4 - HKLM\..\RunServices: [ADDGC32.EXE] C:\WINDOWS\ADDGC32.EXE /s
O4 - HKLM\..\RunServices: [APITU.EXE] C:\WINDOWS\APITU.EXE /s
O4 - HKLM\..\RunServices: [MSWW32.EXE] C:\WINDOWS\MSWW32.EXE /s
O4 - HKLM\..\RunServices: [JAVAYW.EXE] C:\WINDOWS\SYSTEM\JAVAYW.EXE /s
O4 - HKLM\..\RunServices: [ADDTG32.EXE] C:\WINDOWS\SYSTEM\ADDTG32.EXE /s
O4 - HKLM\..\RunServices: [MSEE.EXE] C:\WINDOWS\SYSTEM\MSEE.EXE /s
O4 - HKLM\..\RunServices: [D3CX.EXE] C:\WINDOWS\SYSTEM\D3CX.EXE /s
O4 - HKLM\..\RunServices: [NETJV.EXE] C:\WINDOWS\SYSTEM\NETJV.EXE /s
O4 - HKLM\..\RunServices: [MSYK32.EXE] C:\WINDOWS\SYSTEM\MSYK32.EXE /s
O4 - HKLM\..\RunServices: [APPQV.EXE] C:\WINDOWS\APPQV.EXE /s
O4 - HKLM\..\RunServices: [IEEE32.EXE] C:\WINDOWS\IEEE32.EXE /s
O4 - HKLM\..\RunServices: [IPFH.EXE] C:\WINDOWS\SYSTEM\IPFH.EXE /s
O4 - HKLM\..\RunServices: [MFCNY32.EXE] C:\WINDOWS\MFCNY32.EXE /s
O4 - HKLM\..\RunServices: [APPJO32.EXE] C:\WINDOWS\APPJO32.EXE /s
O4 - HKLM\..\RunServices: [ADDVV32.EXE] C:\WINDOWS\SYSTEM\ADDVV32.EXE /s
O4 - HKLM\..\RunServices: [SYSAN.EXE] C:\WINDOWS\SYSAN.EXE /s
O4 - HKLM\..\RunServices: [MSHH32.EXE] C:\WINDOWS\MSHH32.EXE /s
O4 - HKLM\..\RunServices: [D3TH32.EXE] C:\WINDOWS\SYSTEM\D3TH32.EXE /s
O4 - HKLM\..\RunServices: [CRLS.EXE] C:\WINDOWS\CRLS.EXE /s
O4 - HKLM\..\RunServices: [SDKWU32.EXE] C:\WINDOWS\SDKWU32.EXE /s
O4 - HKLM\..\RunServices: [IEWB32.EXE] C:\WINDOWS\SYSTEM\IEWB32.EXE /s
O4 - HKLM\..\RunServices: [IPGU32.EXE] C:\WINDOWS\IPGU32.EXE /s
O4 - HKLM\..\RunServices: [WINWF32.EXE] C:\WINDOWS\SYSTEM\WINWF32.EXE /s
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/S [...] /cabsa.cab
O18 - Protocol: offline-8876480 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0 - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {EE91887D-B7DC-40D2-8791-0B89C51B21D0} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL
Merci en avance pour tout renseignements possibles!
Bonsoir
Tu as une infection difficile à faire partir. Même si tu as déja utilisé About Buster et CWShredder, tu vas recommencer, mais utilises bien les dernières versions.
Je me sert du rapport avant fixation par HijackThis.de, car après le redémarrage, les pages sont surement réapparues.
HijackThis.de est peu fiable. De plus, fixer les R0 et R1 ne sert à rien, car cela correspond à la conséquence de l'infection, pas à la cause.
1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.
About Buster
http://www.malwarebytes.biz/index.php?page=downloads
Une fois téléchargé,tu le dézippe,et tu mets un raccourci sur le bureau.
Cws-hsa.reg
http://www.bleepingcomputer.com/fo [...] t&id=22927
Installe le sur le Bureau
CWShredder
http://cwshredder.net/bin/CWShredder.exe
Mettre CWShredder dans un répertoire dédié
SpHjfix
http://www.trojaner-info.de/cgi-bi [...] le=sphjfix
Installer dans un répertoire dédié et placer un raccourci sur le bureau
IMPORTANT:
A partir de maintenant, tu fais toutes les corrections HORS CONNEXION. Imprime ou sauvegarde cette page.
2 Lancer SpHjfix.
cliquer sur le bouton "start disinfection"
en cas d'infection sp.exe, l'ordinateur est redémarré
3 Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entrée.
4 Double clique sur About:Buster.
Clique sur Begin Removal
Un scan est exécuté.
Refaire un second scan.
Poste le rapport ici.
5 Double clique sur Cws-hsa.reg
6 Désinstalle ces applications (si tu les trouves) dans Ajout-Suppression de programmes :
XOFTSPY
ADWARE AGENT
Ils sont considèrés tout les deux comme de faux utilitaires.
http://www.spywarewarrior.com/rogu [...] m#products
7 Relance un scan HijackThis et coche les lignes ci-dessous :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about :blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\alvyv.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [XoftSpy] C:\PROGRAM FILES\XOFTSPY\XoftSpy.exe -s
O4 - HKLM\..\Run: [Adware Agent] "C:\PROGRAM FILES\ADWARE AGENT\ADWARE AGENT.EXE"
O4 - HKLM\..\RunServices: [IPJB32.EXE] C:\WINDOWS\SYSTEM\IPJB32.EXE /s
O4 - HKLM\..\RunServices: [IPHA32.EXE] C:\WINDOWS\IPHA32.EXE /s
O4 - HKLM\..\RunServices: [ATLVS32.EXE] C:\WINDOWS\SYSTEM\ATLVS32.EXE /s
O4 - HKLM\..\RunServices: [MSOB.EXE] C:\WINDOWS\MSOB.EXE /s
O4 - HKLM\..\RunServices: [SYSHD32.EXE] C:\WINDOWS\SYSTEM\SYSHD32.EXE /s
O4 - HKLM\..\RunServices: [IPEF32.EXE] C:\WINDOWS\SYSTEM\IPEF32.EXE /s
O4 - HKLM\..\RunServices: [IPBV32.EXE] C:\WINDOWS\IPBV32.EXE /s
O4 - HKLM\..\RunServices: [SYSCY32.EXE] C:\WINDOWS\SYSTEM\SYSCY32.EXE /s
O4 - HKLM\..\RunServices: [IPUY32.EXE] C:\WINDOWS\IPUY32.EXE /s
O4 - HKLM\..\RunServices: [ADDGC32.EXE] C:\WINDOWS\ADDGC32.EXE /s
O4 - HKLM\..\RunServices: [APITU.EXE] C:\WINDOWS\APITU.EXE /s
O4 - HKLM\..\RunServices: [MSWW32.EXE] C:\WINDOWS\MSWW32.EXE /s
O4 - HKLM\..\RunServices: [JAVAYW.EXE] C:\WINDOWS\SYSTEM\JAVAYW.EXE /s
O4 - HKLM\..\RunServices: [ADDTG32.EXE] C:\WINDOWS\SYSTEM\ADDTG32.EXE /s
O4 - HKLM\..\RunServices: [MSEE.EXE] C:\WINDOWS\SYSTEM\MSEE.EXE /s
O4 - HKLM\..\RunServices: [D3CX.EXE] C:\WINDOWS\SYSTEM\D3CX.EXE /s
O4 - HKLM\..\RunServices: [NETJV.EXE] C:\WINDOWS\SYSTEM\NETJV.EXE /s
O4 - HKLM\..\RunServices: [MSYK32.EXE] C:\WINDOWS\SYSTEM\MSYK32.EXE /s
O4 - HKLM\..\RunServices: [APPQV.EXE] C:\WINDOWS\APPQV.EXE /s
O4 - HKLM\..\RunServices: [IEEE32.EXE] C:\WINDOWS\IEEE32.EXE /s
O4 - HKLM\..\RunServices: [IPFH.EXE] C:\WINDOWS\SYSTEM\IPFH.EXE /s
O4 - HKLM\..\RunServices: [MFCNY32.EXE] C:\WINDOWS\MFCNY32.EXE /s
O4 - HKLM\..\RunServices: [APPJO32.EXE] C:\WINDOWS\APPJO32.EXE /s
O4 - HKLM\..\RunServices: [ADDVV32.EXE] C:\WINDOWS\SYSTEM\ADDVV32.EXE /s
O4 - HKLM\..\RunServices: [SYSAN.EXE] C:\WINDOWS\SYSAN.EXE /s
O4 - HKLM\..\RunServices: [MSHH32.EXE] C:\WINDOWS\MSHH32.EXE /s
O4 - HKLM\..\RunServices: [D3TH32.EXE] C:\WINDOWS\SYSTEM\D3TH32.EXE /s
O4 - HKLM\..\RunServices: [CRLS.EXE] C:\WINDOWS\CRLS.EXE /s
O4 - HKLM\..\RunServices: [SDKWU32.EXE] C:\WINDOWS\SDKWU32.EXE /s
O4 - HKLM\..\RunServices: [IEWB32.EXE] C:\WINDOWS\SYSTEM\IEWB32.EXE /s
O4 - HKLM\..\RunServices: [IPGU32.EXE] C:\WINDOWS\IPGU32.EXE /s
O4 - HKLM\..\RunServices: [WINWF32.EXE] C:\WINDOWS\SYSTEM\WINWF32.EXE /s
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
8 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer
9 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :
C:\PROGRAM FILES\XOFTSPY
C:\PROGRAM FILES\ADWARE AGENT
C:\WINDOWS\SYSTEM\IPJB32.EXE
C:\WINDOWS\system\alvyv.dll
C:\WINDOWS\SYSTEM\IPFH.EXE
C:\WINDOWS\SYSTEM\ATLVS32.EXE
C:\WINDOWS\SYSTEM\SYSHD32.EXE
C:\WINDOWS\SYSTEM\IPEF32.EXE
C:\WINDOWS\SYSTEM\SYSCY32.EXE
C:\WINDOWS\SYSTEM\JAVAYW.EXE
C:\WINDOWS\SYSTEM\ADDTG32.EXE
C:\WINDOWS\SYSTEM\MSEE.EXE
C:\WINDOWS\SYSTEM\D3CX.EXE
C:\WINDOWS\SYSTEM\NETJV.EXE
C:\WINDOWS\SYSTEM\MSYK32.EXE
C:\WINDOWS\IPHA32.EXE
C:\WINDOWS\MSOB.EXE
C:\WINDOWS\IPBV32.EXE
C:\WINDOWS\IPUY32.EXE
C:\WINDOWS\ADDGC32.EXE
C:\WINDOWS\APITU.EXE
C:\WINDOWS\MSWW32.EXE
C:\WINDOWS\APPQV.EXE
C:\WINDOWS\IEEE32.EXE
C:\WINDOWS\MFCNY32.EXE
C:\WINDOWS\APPJO32.EXE
10 Lancer CWShredder
Fermer toutes les fenêtres
Cliquer sur "Fix".
11 Lance et exécute CCleaner.
12 Redémarre normalement et poste un nouveau log HijackThis afin de voir ce qu'il reste à éliminer.
Il y a 2617 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
