adoums

Whouai tu m'etonnes ...mais bon nous y sommes arrivés .... !

oui chef ! ! ! dernier intruction ( Termine le néttoyage du registre,par EasyCleaner ) execute avec succes attnds prochaines instruction et recommandation ...

non même pas je t'assure ...je me serrais pas permis ..quand je connais pas je bidouille pas ( c'est ma devise ... ) en tout cas c'est claire je prefere ça !

Ok en tout cas merci infiniment ... est c'est pas une longue nuit mais une bonne nuit que je vais passer ... passe une bonn fin de soiré en encore merci ... à plus tard ....

au fait ça m'a supprimer mes historiques mes raccourcis et tout ça ...c'est normale ? je crois que oui mais je pose quand même la question histoire d'etre sur ...

Youpy .... ! plus de probleme ( apparent en tout cas ... ) j'ai pu récupérer mon fond d'ecran sans probléme ( halala ... ) plus de fenetre firefox intempestive tout est nickel quoi ... au fait c'etait quoi le probléme si tu peux m'expliquer ? même brievement ( c'est comme ça que ça s'ecrit ??? ) PS : en tout cas merci à toi et à toute l'equipe pour ce que vous faite ...

Voila c'est fais ... ! pour le log HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 00:27:16, on 01/05/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\sstray.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\e-Carte Bleue\CL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe H:\Picasa\Picasa2\PicasaMediaDetector.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Recuperation\Zebulon\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.190.135/?to=FED&from=start_page&type=start_page R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.31.244.172:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ArcSoft\opware32.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [eCarteBleue-CLEO] "C:\Program Files\e-Carte Bleue\CL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [Picasa Media Detector] H:\Picasa\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - Global Startup: SATARaid.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\Office\1036\phdintl.dll/phdContext.htm O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Microsoft AntiSpyware helper - {8941D485-83E3-47B4-A9C1-6097B09DAD11} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8941D485-83E3-47B4-A9C1-6097B09DAD11} - (no file) (HKCU) O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O18 - Protocol: msell - {E90F00EC-3694-11D2-99FE-00104B2D62CC} - C:\PROGRA~1\FICHIE~1\MICROS~1\REFERE~1\MSELL.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe et pour le log de SilentRunners : "Silent Runners.vbs", revision 36, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Program Files\Messenger\MSMSGS.EXE" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nForce Tray Options" = "sstray.exe /r" ["NVIDIA Corporation"] "PinnacleDriverCheck" = "C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg" [empty string] "PrinTray" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" ["Lexmark"] "LXSUPMON" = "C:\WINDOWS\System32\LXSUPMON.EXE RUN" ["Lexmark"] "Omnipage" = "C:\Program Files\ArcSoft\opware32.exe" ["ScanSoft, Inc"] "SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [null data] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "eCarteBleue-CLEO" = ""C:\Program Files\e-Carte Bleue\CL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards" ["Orbiscom Ltd. All rights reserved."] "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."] "Picasa Media Detector" = "H:\Picasa\Picasa2\PicasaMediaDetector.exe" [null data] "DiskeeperSystray" = ""C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"" ["Executive Software International, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++} "Flag" = 2 [file not found] "Register Homesite+.exe" = ""C:\Program Files\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER" ["Macromedia, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {2E03C0FD-4C48-43A7-9A54-00240C70FF16}\(Default) = "e-Carte Bleue Browser Helper Object" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\BhoECart.dll" ["Orbiscom Ltd. All rights reserved."] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de bureau" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Co., Ltd."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}" = "Macromedia FTP & RDS" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\CfShellFtpRds.dll" ["Macromedia, Inc."] "{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string] "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string] "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS] Startup items in "Adoum" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "SATARaid" -> shortcut to: "C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe" ["Silicon Image, Inc."] "InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string] "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {CLSID}\(Default) = "&Google" -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {CLSID}\(Default) = "&Google" -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {CLSID}\(Default) = "&Google" -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ (Default) = "&Rechercher" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {8941D485-83E3-47B4-A9C1-6097B09DAD11}\ "ButtonText" = "Microsoft AntiSpyware helper" "MenuText" = "Microsoft AntiSpyware helper" HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherche" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."] Diskeeper, Diskeeper, "C:\Program Files\Executive Software\Diskeeper\DkService.exe" ["Executive Software International, Inc."] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. ---------- Voili voilou Môsieur !

Au fait toute les manip que je fais ne concerne que le disc " C" n'est ce pas ?

Ad Aware par contre il me trouve un " critical object " ... pour l'instant

Spybot nickel pas de mouchard .... ( t'inquiet je l'avais mis à jour )

presque fini il me j'en suis à Spybot ......

OK c'est parti mon kiki

ah ok mais je l'avais deja telecharger sur le premier lien ....

deja fais Mo ssieur

un petite question ça => http://www.mvps.org/winhelp2002/restricted.htm j'en fais quoi ? parceque c'est juste une page internet ... c'est une sorte de mode d'emploi ?

Pffff bin dis donc .... ok j'ai tout recuper , et voici le log A reg_look by IMM ---------------------------------------- Handle OK. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows (key has 0 subkeys and 7 value entries - last modified 16:06(UTC) 06/02/2004) [AppInit_DLLs] = "" (REG_SZ) ---------------------------------------- Handle OK. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon (key has 5 subkeys and 31 value entries - last modified 18:25(UTC) 30/04/2005) [userinit] = "C:\WINDOWS\system32\userinit.exe," (REG_SZ) ---------------------------------------- Handle OK. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\boot (key has 0 subkeys and 5 value entries - last modified 16:06(UTC) 06/02/2004) [shell] = "SYS:Microsoft\Windows NT\CurrentVersion\Winlogon" (REG_SZ) ---------------------------------------- merci

Houlala tu me fais peur la !!! vais'je etre obligé de " formater ???

OK !

Bonjour queruak voici le log .... alors docteur c'est grave ???? "Silent Runners.vbs", revision 36, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "MSMSGS" = ""C:\Program Files\Messenger\MSMSGS.EXE" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nForce Tray Options" = "sstray.exe /r" ["NVIDIA Corporation"] "PinnacleDriverCheck" = "C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg" [empty string] "PrinTray" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" ["Lexmark"] "LXSUPMON" = "C:\WINDOWS\System32\LXSUPMON.EXE RUN" ["Lexmark"] "Omnipage" = "C:\Program Files\ArcSoft\opware32.exe" ["ScanSoft, Inc"] "SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [null data] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "eCarteBleue-CLEO" = ""C:\Program Files\e-Carte Bleue\CL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards" ["Orbiscom Ltd. All rights reserved."] "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."] "Picasa Media Detector" = "H:\Picasa\Picasa2\PicasaMediaDetector.exe" [null data] "DiskeeperSystray" = ""C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"" ["Executive Software International, Inc."] "load32" = "C:\WINDOWS\System32\winldra.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\ {++} "Flag" = 2 [file not found] "Register Homesite+.exe" = ""C:\Program Files\Macromedia\HomeSite+\Homesite+.exe" /REGSERVER" ["Macromedia, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {2E03C0FD-4C48-43A7-9A54-00240C70FF16}\(Default) = "e-Carte Bleue Browser Helper Object" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\BhoECart.dll" ["Orbiscom Ltd. All rights reserved."] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de bureau" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Co., Ltd."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{0AC6C6C5-F7A8-11D2-BEF4-00C04F990001}" = "Macromedia FTP & RDS" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\CfShellFtpRds.dll" ["Macromedia, Inc."] "{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll" [empty string] "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll" [empty string] "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"] HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ INFECTION WARNING! "run" = "C:\WINDOWS\inet20013\services.exe" [file not found] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssmypics.scr" [MS] Enabled Wallpaper and Active Desktop: ------------------------------------- Active Desktop is disabled. HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\wp.bmp" Startup items in "Adoum" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "SATARaid" -> shortcut to: "C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe" ["Silicon Image, Inc."] "InterVideo WinCinema Manager" -> shortcut to: "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string] "Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {CLSID}\(Default) = "&Google" -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {CLSID}\(Default) = "&Google" -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {CLSID}\(Default) = "&Google" -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] Dormant Explorer Bars in "View, Explorer Bar" menu HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\ (Default) = "&Rechercher" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {8941D485-83E3-47B4-A9C1-6097B09DAD11}\ "ButtonText" = "Microsoft AntiSpyware helper" "MenuText" = "Microsoft AntiSpyware helper" HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherche" {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS] HOSTS file ---------- C:\WINDOWS\System32\drivers\etc\HOSTS maps: 36 domain names to IP addresses, 1 of the IP addresses is *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."] Diskeeper, Diskeeper, "C:\Program Files\Executive Software\Diskeeper\DkService.exe" ["Executive Software International, Inc."] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] ---------- This report excludes default entries except where indicated. To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. ---------- Merci à toi

Ok merci je fais ça des que je peux ,la je ne peux pas je suis au travail ! en attendant je vais voir à quoi peut servir ce fichier

Merci bien

Bonjour en recuperant un fichier sur inter net j'ai du attraper une saloperi depuis j'ai une page internet qui ce lance toutes seul sur firefox ( une pub pour un antivirus ) et je ne peux plus changer mon fond d'ecran . j'ai fais un scanne complet avec AVG/Spybot/Ad aware et Regcleaner ensuite j'ai fais cette procedure 1/démarrer, puis cliquer sur rechercher (jusque là pas difficile...)=> tu recherches "wp", et tu supprimes tout ce qu'il te trouve. 2/démarrer, clquer sur "exécuter", dans la boite de dialogue qui s'ouvre, taper "regedt32". Il t'ouvre le registre. dans le registre, cliquer sur "edition" (à coté de "fichier"), puis cliquer sur "rechercher". dans le boite qui s'ouvre, taper "wp.exe", il te trouve une valeur => supprime-la, pour rechercher la valeur suivante, tu cliques sur F3, il te retrouve une valeur, supprime-la, et ainsi de suite...jusqu'a ce qu"ils te disent "recherche dans le registre terminée" ensuite tu fais la même recherche, mais avec le fichier "wp.bmp". 3/ dans le registre, tu peux voir une collone de gauche avec des clés (avec l'icone d'un dossier)=>clique sur la clé "poste de travail" tout en haut, pour la sélectionner (elle se met en bleu). ferme maintenant le registre, puis r'ouvre le (demarrer, exécuter, taper "regedt32"). Tu peux vois que le registre est rangé. maintenant pour se rendre à la clé indiquée,(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System), tu clique sur le "+" à côté de "HKEY_CURRENT_USER", ça t'ouvre ce qu'il y a dedans, ensuite clique sur le "+" à coté de "software", et même chose avec le reste des clés (entre parenthèses). Uns fois arrivé à "system", il n'y a plus de "+". clique donc une fois sur "system" pour la sélectionner, et à droite tu vois des valeurs marquées. clique droit sur la valeur "WallpaperStyle", puis modifier, et tu entre "00000000" (8 zéro), et vérifie bien, dans cette boite de dialoque, que c'est "hexadécimale" qui est sélectionné. puis tu clique sur "ok". tu fais la même chose avec la valeur "NoDispBackgroundPage" (clik droit, modifier => entre "00000000", sélectionne "hexadécimale", puis ok. maintenant tu peux fermer le registre et tu retrouvera tous tes onglet dans les propriétés de bureau, en cliquant droit sur le bureau, puis "propriétés". mais tous ça n'à rien donné et j'ai toujours le méme probleme sauf que maintennat j'acces à l'onglet BUREAU dans " PROPRIETE D'AFFICHAGE "alors voila je vous demande un coup de main et voici mon log Logfile of HijackThis v1.99.1 Scan saved at 20:36:45, on 28/04/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\sstray.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\WINDOWS\System32\LXSUPMON.EXE C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\e-Carte Bleue\CL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe H:\Picasa\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\System32\winldra.exe C:\WINDOWS\System32\sys004.exe C:\Program Files\Messenger\MSMSGS.EXE C:\wp.exe C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Adoum\LOCALS~1\Temp\Rar$EX00.843\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://69.50.190.135/?to=FED&from=start_page&type=start_page R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.31.244.172:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F3 - REG:win.ini: run=C:\WINDOWS\inet20013\services.exe O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ArcSoft\opware32.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [helpr] C:\Program Files\SETI\helper.exe -loader -nolog O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [eCarteBleue-CLEO] "C:\Program Files\e-Carte Bleue\CL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Picasa Media Detector] H:\Picasa\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [load32] C:\WINDOWS\System32\winldra.exe O4 - HKLM\..\Run: [sys004] C:\WINDOWS\System32\sys004.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - Global Startup: SATARaid.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~1\Office\1036\phdintl.dll/phdContext.htm O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Microsoft AntiSpyware helper - {8941D485-83E3-47B4-A9C1-6097B09DAD11} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8941D485-83E3-47B4-A9C1-6097B09DAD11} - (no file) (HKCU) O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...llInstaller.exe O18 - Protocol: msell - {E90F00EC-3694-11D2-99FE-00104B2D62CC} - C:\PROGRA~1\FICHIE~1\MICROS~1\REFERE~1\MSELL.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe merci bien