dreamer9

Oui mais alors, après avoir fait tout ça, ça veut dire quoi : C:\SYSTEM VOLUME INFORMATION\_RESTORE{845B8769-D3B1-4ECE-B61B-E60B0CF43302}\RP2\A0000073.EXE Contains signature of the SPR/Processor.20 program ??

oui j'ai fait ça quand après les avoir tous effacé, aux bout de quelques heures, il n'y avait plus d'alerte.

Merci beaucoup Mais je ne comprends pas j'ai fait cet manip hier; est-il possible qu'un virus se soit à nouveau réintroduit, ou bien s'agit-i-il d'un élément qu'Antivir suspecte sans véritable danger??

Salut à tous, c'est encore moi!! voila ce que me dit Antivir aujourd'hui: C:\SYSTEM VOLUME INFORMATION\_RESTORE{845B8769-D3B1-4ECE-B61B-E60B0CF43302}\RP2\A0000073.EXE Contains signature of the SPR/Processor.20 program Que dois-je faire??

Encore merci, et bravo ; il semble que le problème soit résolu.

Merci beaucoup. Je désactive, et je vous tiens au courant plus tard. A +

Du fait que ce sujet soit indiqué "résolu", j'ai rouvert la suite dans un autre sujet du même nom. Merci.

Bonjour à tous, Je relance hélas ce sujet ce matin, car j'ai encore un Trojan qui persiste à apparaître, détecté régulièrement et automatiquement par Antivir Personnal ; C:\SYSTEM VOLUME INFORMATION\_RESTORE{845B8769-D3B1-4ECE-B61B-E60B0CF43302}\RP111\A0028024.EXE Is the Trojan horse TR/Proxy.Agent.AA Ce dossier m'est inaccessible, je coche "delete" à chaque fois, mais il revient sans cesse (ou alors est redetecté sans cesse car non supprimé?)... Voulez-vous bien m'aider encore? Merci. A plus tard.

Bonjour à tous, Les gens à féliciter sont au moins Pollux_63, Stonangel et ipl001, pour leur savoir et leur solidarité. Moi je ne suis comme vous allez le voir encore, qu'un profane aveugle et vulnérable Je relance hélas ce sujet ce matin, car j'ai encore un Trojan qui persiste à apparaître, détecté régulièrement et automatiquement par Antivir Personnal ; C:\SYSTEM VOLUME INFORMATION\_RESTORE{845B8769-D3B1-4ECE-B61B-E60B0CF43302}\RP111\A0028024.EXE Is the Trojan horse TR/Proxy.Agent.AA Ce dossier m'est inaccessible, je coche "delete" à chaque fois, mais il revient sans cesse (ou alors est redetecté sans cesse car non supprimé?)... Voulez-vous bien m'aider encore? Merci. A plus tard.

Bon, ben alors merci, merci beaucoup.

Ok j'ai tout bien noté. Et plus de fenêtre intempestives! Mais alors c'était quoi mon problème??

A bientôt et merci infiniment !!!!

En tout cas merci à tous. Je vous tiens au courant dans un moment si tout est OK. A tout à l'heure.

Non pas de prob en fait pour la zonz de lancement rapide. Apparemment plus de fenetre intempestives??

Bien. J'ai donc lancé L2Mfix en mode normal : RAPPORT RUN FIND LOG L2MFIX find log 1.03b These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\nith.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{24D7C705-FE96-AB7E-E9CB-84EF57B649A2}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79307-84BE-11CE-9641-444553540000}"="WinZip" "{46005977-4E62-454E-BDA6-3C88E7E03858}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{46005977-4E62-454E-BDA6-3C88E7E03858}] @="" [HKEY_CLASSES_ROOT\CLSID\{46005977-4E62-454E-BDA6-3C88E7E03858}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{46005977-4E62-454E-BDA6-3C88E7E03858}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{46005977-4E62-454E-BDA6-3C88E7E03858}\InprocServer32] @="C:\\WINDOWS\\system32\\ghedit.dll" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ avferror.dll Mon 15 Aug 2005 14:34:56 ..S.R 417 792 408,00 K cqmcat.dll Mon 15 Aug 2005 14:28:50 ..S.R 417 792 408,00 K dmiman32.dll Mon 11 Jul 2005 12:05:34 ..S.R 417 792 408,00 K dtdim.dll Fri 8 Jul 2005 14:41:48 ..S.R 417 792 408,00 K dyd8thk.dll Fri 8 Jul 2005 14:41:54 ..S.R 417 792 408,00 K fulemgmt.dll Wed 13 Jul 2005 10:24:48 ..S.R 417 792 408,00 K ghedit.dll Mon 15 Aug 2005 15:00:06 ..S.R 417 792 408,00 K gwfspi~1.dll Wed 3 Aug 2005 10:33:38 A.... 23 304 22,76 K ifrop.dll Tue 12 Jul 2005 15:00:20 ..S.R 417 792 408,00 K nith.dll Mon 15 Aug 2005 11:32:38 ..S.R 417 792 408,00 K npapi32.dll Tue 12 Jul 2005 1:47:06 ..S.R 417 792 408,00 K ny4_disp.dll Mon 15 Aug 2005 10:27:22 ..S.R 417 792 408,00 K sqmsg.dll Mon 15 Aug 2005 14:45:40 ..S.R 417 792 408,00 K vrs_ps.dll Wed 13 Jul 2005 10:11:02 ..S.R 417 792 408,00 K wbnfax.dll Fri 22 Jul 2005 8:44:00 ..S.R 417 792 408,00 K whaueng.dll Tue 12 Jul 2005 10:46:30 ..S.R 417 792 408,00 K wqw32.dll Wed 13 Jul 2005 12:52:52 ..S.R 417 792 408,00 K 17 items found: 17 files (16 H/S), 0 directories. Total of file sizes: 6 707 976 bytes 6,39 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Tue 12 Jul 2005 9:00:12 ..S.R 417 792 408,00 K 1 item found: 1 file (1 H/S), 0 directories. Total of file sizes: 417 792 bytes 408,00 K ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 28BD-E2E4 R‚pertoire de C:\WINDOWS\System32 15/08/2005 15:00 417ÿ792 ghedit.dll 15/08/2005 14:45 417ÿ792 sqmsg.dll 15/08/2005 14:34 417ÿ792 avferror.dll 15/08/2005 14:28 417ÿ792 cqmcat.dll 15/08/2005 11:32 417ÿ792 nith.dll 15/08/2005 10:27 417ÿ792 ny4_disp.dll 13/08/2005 21:01 <REP> dllcache 22/07/2005 08:43 417ÿ792 wbnfax.dll 13/07/2005 12:52 417ÿ792 wqw32.dll 13/07/2005 10:24 417ÿ792 fulemgmt.dll 13/07/2005 10:11 417ÿ792 vrs_ps.dll 12/07/2005 15:00 417ÿ792 ifrop.dll 12/07/2005 10:46 417ÿ792 whaueng.dll 12/07/2005 09:00 417ÿ792 guard.tmp 12/07/2005 01:47 417ÿ792 npapi32.dll 11/07/2005 12:05 417ÿ792 dmiman32.dll 08/07/2005 14:41 417ÿ792 dYd8thk.dll 08/07/2005 14:41 417ÿ792 dTdim.dll 02/03/1999 11:54 <REP> Microsoft 17 fichier(s) 7ÿ102ÿ464 octets 2 R‚p(s) 72ÿ613ÿ986ÿ304 octets libres RAPPORT RUN FIX L2Mfix 1.03b Running From: C:\Documents and Settings\asco\Bureau\l2mfix RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de'>http://www.heysoft.de'>http://www.heysoft.de'>http://www.heysoft.de'>http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-NI) ALLOW Read BUILTIN\Utilisateurs (ID-IO) ALLOW Read BUILTIN\Utilisateurs (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-NI) ALLOW Full access BUILTIN\Administrateurs (ID-IO) ALLOW Full access BUILTIN\Administrateurs (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE Setting registry permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Denying C(CI) access for predefined group "Administrators" - adding new ACCESS DENY entry Registry Permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (CI) DENY --C------- BUILTIN\Administrateurs (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-NI) ALLOW Read BUILTIN\Utilisateurs (ID-IO) ALLOW Read BUILTIN\Utilisateurs (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-NI) ALLOW Full access BUILTIN\Administrateurs (ID-IO) ALLOW Full access BUILTIN\Administrateurs (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE Setting up for Reboot Starting Reboot! C:\Documents and Settings\asco\Bureau\l2mfix System Rebooted! Running From: C:\Documents and Settings\asco\Bureau\l2mfix killing explorer and rundll32.exe Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1144 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1848 'rundll32.exe' Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! Backing Up: C:\WINDOWS\system32\avferror.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\avferror.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\cqmcat.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\cqmcat.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dmiman32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dmiman32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dTdim.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dTdim.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dYd8thk.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\dYd8thk.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\fulemgmt.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\fulemgmt.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ghedit.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ghedit.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ifrop.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ifrop.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\nith.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\nith.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\npapi32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\npapi32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ny4_disp.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\ny4_disp.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\sqmsg.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\sqmsg.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\vrs_ps.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\vrs_ps.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\wbnfax.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\wbnfax.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\whaueng.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\whaueng.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\wqvdmod.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\wqvdmod.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\wqw32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\wqw32.dll 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\guard.tmp 1 fichier(s) copi‚(s). Backing Up: C:\WINDOWS\system32\guard.tmp 1 fichier(s) copi‚(s). deleting: C:\WINDOWS\system32\avferror.dll Successfully Deleted: C:\WINDOWS\system32\avferror.dll deleting: C:\WINDOWS\system32\avferror.dll Successfully Deleted: C:\WINDOWS\system32\avferror.dll deleting: C:\WINDOWS\system32\cqmcat.dll Successfully Deleted: C:\WINDOWS\system32\cqmcat.dll deleting: C:\WINDOWS\system32\cqmcat.dll Successfully Deleted: C:\WINDOWS\system32\cqmcat.dll deleting: C:\WINDOWS\system32\dmiman32.dll Successfully Deleted: C:\WINDOWS\system32\dmiman32.dll deleting: C:\WINDOWS\system32\dmiman32.dll Successfully Deleted: C:\WINDOWS\system32\dmiman32.dll deleting: C:\WINDOWS\system32\dTdim.dll Successfully Deleted: C:\WINDOWS\system32\dTdim.dll deleting: C:\WINDOWS\system32\dTdim.dll Successfully Deleted: C:\WINDOWS\system32\dTdim.dll deleting: C:\WINDOWS\system32\dYd8thk.dll Successfully Deleted: C:\WINDOWS\system32\dYd8thk.dll deleting: C:\WINDOWS\system32\dYd8thk.dll Successfully Deleted: C:\WINDOWS\system32\dYd8thk.dll deleting: C:\WINDOWS\system32\fulemgmt.dll Successfully Deleted: C:\WINDOWS\system32\fulemgmt.dll deleting: C:\WINDOWS\system32\fulemgmt.dll Successfully Deleted: C:\WINDOWS\system32\fulemgmt.dll deleting: C:\WINDOWS\system32\ghedit.dll Successfully Deleted: C:\WINDOWS\system32\ghedit.dll deleting: C:\WINDOWS\system32\ghedit.dll Successfully Deleted: C:\WINDOWS\system32\ghedit.dll deleting: C:\WINDOWS\system32\ifrop.dll Successfully Deleted: C:\WINDOWS\system32\ifrop.dll deleting: C:\WINDOWS\system32\ifrop.dll Successfully Deleted: C:\WINDOWS\system32\ifrop.dll deleting: C:\WINDOWS\system32\nith.dll Successfully Deleted: C:\WINDOWS\system32\nith.dll deleting: C:\WINDOWS\system32\nith.dll Successfully Deleted: C:\WINDOWS\system32\nith.dll deleting: C:\WINDOWS\system32\npapi32.dll Successfully Deleted: C:\WINDOWS\system32\npapi32.dll deleting: C:\WINDOWS\system32\npapi32.dll Successfully Deleted: C:\WINDOWS\system32\npapi32.dll deleting: C:\WINDOWS\system32\ny4_disp.dll Successfully Deleted: C:\WINDOWS\system32\ny4_disp.dll deleting: C:\WINDOWS\system32\ny4_disp.dll Successfully Deleted: C:\WINDOWS\system32\ny4_disp.dll deleting: C:\WINDOWS\system32\sqmsg.dll Successfully Deleted: C:\WINDOWS\system32\sqmsg.dll deleting: C:\WINDOWS\system32\sqmsg.dll Successfully Deleted: C:\WINDOWS\system32\sqmsg.dll deleting: C:\WINDOWS\system32\vrs_ps.dll Successfully Deleted: C:\WINDOWS\system32\vrs_ps.dll deleting: C:\WINDOWS\system32\vrs_ps.dll Successfully Deleted: C:\WINDOWS\system32\vrs_ps.dll deleting: C:\WINDOWS\system32\wbnfax.dll Successfully Deleted: C:\WINDOWS\system32\wbnfax.dll deleting: C:\WINDOWS\system32\wbnfax.dll Successfully Deleted: C:\WINDOWS\system32\wbnfax.dll deleting: C:\WINDOWS\system32\whaueng.dll Successfully Deleted: C:\WINDOWS\system32\whaueng.dll deleting: C:\WINDOWS\system32\whaueng.dll Successfully Deleted: C:\WINDOWS\system32\whaueng.dll deleting: C:\WINDOWS\system32\wqvdmod.dll Successfully Deleted: C:\WINDOWS\system32\wqvdmod.dll deleting: C:\WINDOWS\system32\wqvdmod.dll Successfully Deleted: C:\WINDOWS\system32\wqvdmod.dll deleting: C:\WINDOWS\system32\wqw32.dll Successfully Deleted: C:\WINDOWS\system32\wqw32.dll deleting: C:\WINDOWS\system32\wqw32.dll Successfully Deleted: C:\WINDOWS\system32\wqw32.dll deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp deleting: C:\WINDOWS\system32\guard.tmp Successfully Deleted: C:\WINDOWS\system32\guard.tmp Zipping up files for submission: adding: avferror.dll (164 bytes security) (deflated 48%) adding: cqmcat.dll (164 bytes security) (deflated 48%) adding: dmiman32.dll (164 bytes security) (deflated 48%) adding: dTdim.dll (164 bytes security) (deflated 48%) adding: dYd8thk.dll (164 bytes security) (deflated 48%) adding: fulemgmt.dll (164 bytes security) (deflated 48%) adding: ghedit.dll (164 bytes security) (deflated 48%) adding: ifrop.dll (164 bytes security) (deflated 48%) adding: nith.dll (164 bytes security) (deflated 48%) adding: npapi32.dll (164 bytes security) (deflated 48%) adding: ny4_disp.dll (164 bytes security) (deflated 48%) adding: sqmsg.dll (164 bytes security) (deflated 48%) adding: vrs_ps.dll (164 bytes security) (deflated 48%) adding: wbnfax.dll (164 bytes security) (deflated 48%) adding: whaueng.dll (164 bytes security) (deflated 48%) adding: wqvdmod.dll (164 bytes security) (deflated 48%) adding: wqw32.dll (164 bytes security) (deflated 48%) adding: guard.tmp (164 bytes security) (deflated 48%) adding: clear.reg (164 bytes security) (deflated 22%) adding: echo.reg (164 bytes security) (deflated 9%) adding: direct.txt (164 bytes security) (stored 0%) adding: lo2.txt (164 bytes security) (deflated 88%) adding: readme.txt (164 bytes security) (deflated 50%) adding: report.txt (164 bytes security) (deflated 65%) adding: report1.txt (164 bytes security) (deflated 65%) adding: test.txt (164 bytes security) (deflated 89%) adding: test2.txt (164 bytes security) (stored 0%) adding: test3.txt (164 bytes security) (stored 0%) adding: test5.txt (164 bytes security) (stored 0%) adding: xfind.txt (164 bytes security) (deflated 86%) adding: backregs/46005977-4E62-454E-BDA6-3C88E7E03858.reg (164 bytes security) (deflated 70%) adding: backregs/notibac.reg (164 bytes security) (deflated 87%) adding: backregs/shell.reg (164 bytes security) (deflated 74%) Restoring Registry Permissions: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Revoking access for predefined group "Administrators" Inherited ACE can not be revoked here! Inherited ACE can not be revoked here! Registry permissions set too: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (NI) ALLOW Full access AUTORITE NT\SYSTEM (IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-NI) ALLOW Read BUILTIN\Utilisateurs (ID-IO) ALLOW Read BUILTIN\Utilisateurs (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir (ID-NI) ALLOW Full access BUILTIN\Administrateurs (ID-IO) ALLOW Full access BUILTIN\Administrateurs (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332 deleting local copy: avferror.dll deleting local copy: avferror.dll deleting local copy: cqmcat.dll deleting local copy: cqmcat.dll deleting local copy: dmiman32.dll deleting local copy: dmiman32.dll deleting local copy: dTdim.dll deleting local copy: dTdim.dll deleting local copy: dYd8thk.dll deleting local copy: dYd8thk.dll deleting local copy: fulemgmt.dll deleting local copy: fulemgmt.dll deleting local copy: ghedit.dll deleting local copy: ghedit.dll deleting local copy: ifrop.dll deleting local copy: ifrop.dll deleting local copy: nith.dll deleting local copy: nith.dll deleting local copy: npapi32.dll deleting local copy: npapi32.dll deleting local copy: ny4_disp.dll deleting local copy: ny4_disp.dll deleting local copy: sqmsg.dll deleting local copy: sqmsg.dll deleting local copy: vrs_ps.dll deleting local copy: vrs_ps.dll deleting local copy: wbnfax.dll deleting local copy: wbnfax.dll deleting local copy: whaueng.dll deleting local copy: whaueng.dll deleting local copy: wqvdmod.dll deleting local copy: wqvdmod.dll deleting local copy: wqw32.dll deleting local copy: wqw32.dll deleting local copy: guard.tmp deleting local copy: guard.tmp The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 The following are the files found: **************************************************************************** C:\WINDOWS\system32\avferror.dll C:\WINDOWS\system32\avferror.dll C:\WINDOWS\system32\cqmcat.dll C:\WINDOWS\system32\cqmcat.dll C:\WINDOWS\system32\dmiman32.dll C:\WINDOWS\system32\dmiman32.dll C:\WINDOWS\system32\dTdim.dll C:\WINDOWS\system32\dTdim.dll C:\WINDOWS\system32\dYd8thk.dll C:\WINDOWS\system32\dYd8thk.dll C:\WINDOWS\system32\fulemgmt.dll C:\WINDOWS\system32\fulemgmt.dll C:\WINDOWS\system32\ghedit.dll C:\WINDOWS\system32\ghedit.dll C:\WINDOWS\system32\ifrop.dll C:\WINDOWS\system32\ifrop.dll C:\WINDOWS\system32\nith.dll C:\WINDOWS\system32\nith.dll C:\WINDOWS\system32\npapi32.dll C:\WINDOWS\system32\npapi32.dll C:\WINDOWS\system32\ny4_disp.dll C:\WINDOWS\system32\ny4_disp.dll C:\WINDOWS\system32\sqmsg.dll C:\WINDOWS\system32\sqmsg.dll C:\WINDOWS\system32\vrs_ps.dll C:\WINDOWS\system32\vrs_ps.dll C:\WINDOWS\system32\wbnfax.dll C:\WINDOWS\system32\wbnfax.dll C:\WINDOWS\system32\whaueng.dll C:\WINDOWS\system32\whaueng.dll C:\WINDOWS\system32\wqvdmod.dll C:\WINDOWS\system32\wqvdmod.dll C:\WINDOWS\system32\wqw32.dll C:\WINDOWS\system32\wqw32.dll C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{46005977-4E62-454E-BDA6-3C88E7E03858}"=- [-HKEY_CLASSES_ROOT\CLSID\{46005977-4E62-454E-BDA6-3C88E7E03858}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** RAPPORT HJT en mode sans echec : Logfile of HijackThis v1.99.1 Scan saved at 15:33:05, on 15/08/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\9 Telecom\modem ADSL USB Comtrend CT-350\DSLMON.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7270E1-2A8F-40AD-9A02-4B418FC01216}: NameServer = 194.117.200.10 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe (file missing) PS : Je n'ai plus de boutons de lancement rapide dans barre d'outils. A plus tard

Ok merci

Re PS : Toujours les fenêtres intempestives.....

PS : Logfile of HijackThis v1.99.1 Scan saved at 14:59:03, on 15/08/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\9 Telecom\modem ADSL USB Comtrend CT-350\DSLMON.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7270E1-2A8F-40AD-9A02-4B418FC01216}: NameServer = 194.117.200.10 O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\nith.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Local Security Authority Server (LSA Server) - Unknown owner - C:\WINDOWS\system32\sys.exe (file missing) O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe (file missing)

Re et encore merci. Alors, j'ai fixé les lignes, J'ai désactivé le service sys.exe (mais il n'était pas écrit "file missing"), En revanche, je ne trouve pas "upnpdrv.exe"...???

OK

Bon je veins de repasser en mode sans echec, voici le rapport HJT Logfile of HijackThis v1.99.1 Scan saved at 14:44:26, on 15/08/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\9 Telecom\modem ADSL USB Comtrend CT-350\DSLMON.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7270E1-2A8F-40AD-9A02-4B418FC01216}: NameServer = 194.117.200.10 O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\nith.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Local Security Authority Server (LSA Server) - Unknown owner - C:\WINDOWS\system32\sys.exe (file missing) O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe (file missing) A plus tard. PS : Trs ces satanées fenêtres!

Voila, tout est fait sauf : 1 - la ligne 020................ne se terminait pas par "wbnfax.dll" mais par "nith.dll". Je ne l'ai donc pas cochée. 2 - J'ai trs des fenêtres qui s'ouvrent.... 3 - HijackThis doit-il être trs utilisé en mode sans echec?? A plus atrd, merci

OK, merci

Merci beaucoup pour votre aide. J'ai suivi les instructions, mais avant tout, je précise qu'en me reconnectant, j'ai toujours des fenêtres qui s'ouvrent. Voici le fichier log : Logfile of HijackThis v1.99.1 Scan saved at 13:30:53, on 15/08/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\CleanMgr.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\asco\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [Network Access] winssh.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\RunServices: [xp service pack 2] xpsp2.exe O4 - HKLM\..\RunServices: [Network Access] winssh.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\9 Telecom\modem ADSL USB Comtrend CT-350\DSLMON.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f011.mail.caramail.lycos.fr/app/upl...ileUploader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7270E1-2A8F-40AD-9A02-4B418FC01216}: NameServer = 194.117.200.10 O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\wbnfax.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Local Security Authority Server (LSA Server) - Unknown owner - C:\WINDOWS\system32\sys.exe (file missing) O23 - Service: Universal Plug and Play device driver (upnpdrv) - Unknown owner - C:\WINDOWS\System32\upnpdrv.exe (file missing) A plus tard

Bonjour, Depuis 2 semaines, j'ai des fenetres explorer qui s'ouvrent sans cesse (malgrès l'anti popup de google). Secuser.com detecte le trojan TROJ VLINCE A : TROJ VLINCE A Non Cleanable C:/WINDOWS/system32/kqdic.dll Je demande la suppression, mais à chaque scan, il le retrouve à des endroits différents. Antivirus personnal pro lui detecte deux trojans : TR CleanerA et l'autre j'ai oublié (des qu'il réapparait je le poste, à moins qu'il y est un journal que je n'ai pas trouvé?)! C:\DOCUME~1\ASCO\LOCALS~1\TEMP\C27D8FEF-D7AE-42C0-82E6-F30598265639.EXE Mais ces trojans reviennent sans cesse aussi, malgrès le delete. Après chaque nettoyage (delete), les fenetres intempestives continuent à s'ouvrir (donc le pb est-il bien detecté ou les trojans se reinstallent-ils instantanement?) De plus, mon ordi commence à planter sérieusement; J'ai dû restaurer le système, bref, je m'inquiète de plus en plus. Merci beaucoup à ceux qui voudrons bien se pencher sur mon sort.