Sheang
-
Compteur de contenus
64 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Sheang
-
Ok, je vais de ce pas télécharger les codes de Sun et essayer. Je te tiens au courant pour la suite. A+
-
Bonjour Jack et tous les contributeurs, D'abord bonne année 2006 à l'ensemble des membres et modérateurs de ce site fort sympathique, solidaire, et Utile. Non je n'ai pas installé Java Sun au vu de mon post précédent et également parce que Fdjeux recommande explicitement de désactiver Java Sun car leurs applets requierent JM de microsoft. Aurais tu une méthode de comparaison d'environnement entre la session Admin et ma session User pour voir la différence ? (Certainement dans la base de registre USR ) car si c'est dans local machine, je n'aurais pas accès non plus sous Admin ? Partages tu mon abnalyse ? A+
-
Re Bonjour, Ca y est, je suis de nouveau en ligne, Après une heure de prise de tête avec FDJEUX, j'ai fais l'expérience suivante : J'ai ouvert une session sous Administrateur Je me suis connecté sur FDJEUX, et là tout se passe bien , transaction sécurisé et tout et tout. Je reviens sous mon Username, là bloquage. C'est à ne pas y comprendre grand chose. Aurais tu des pistes d'investigation ? Cordialement
-
Hello Jack, Je vais opter pour Zone Alarm Free pour le moment. Pour répondre à ta question, oui, j'ai un dysfonctionnement, je ne peux plus jouer en ligne sur le site de FDJEUX, tant pis, je vais au Tabac pour essayer de toucher le Jack Pot d'Euro Millions (d'illusions). FD jeux considère que ma VM Java n'est pas la bonne, je télécharge le leur, et recommence, cela ne change rien ! Bon, le téléchargement de ZA est terminé, je vais suivre le tuto pour l'install et les paramètrages. Moi, qui naïvement croyait que le Pare Feu de Windows XP était suffisant. (encore une illusion) A+
-
D'abord un très grand merci à la hauteur de mon très grand soulagement. J'ai Viré Norton pour Antivir. Dis moi comment faire le reste de ménage, en effet il est collant le bestiau. Je regarde les consignes de sécurité et reviens vers toi. Dis moi le quel choisir ? Merci encore A+
-
Ci après le nouveau rapport après exécution des instructions ci dessus. Logfile of HijackThis v1.99.1 Scan saved at 09:58:20, on 30/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\HijackThis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - C:\WINDOWS\web\OpenFrame.htm O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{A579E2CC-1296-4CC7-8DAB-DC734512B802}: NameServer = 193.252.19.4,193.252.19.6 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = notes.alstom.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = notes.alstom.com O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
-
Bonjour, Oh que cela fait du bien, Je peux enfin poster sans au moins 5 Pop up !!! Ci après les deux rapport demandés. L2mFix : L2mfix Beta 122705 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINDOWS\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 508 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 764 'winlogon.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 3256 'explorer.exe' Killing PID 3256 'explorer.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1724 'rundll32.exe' Killing PID 1368 'rundll32.exe' Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! moving: C:\WINDOWS\system32\cbedui.dll Successfully Moved: C:\WINDOWS\system32\cbedui.dll moving: C:\WINDOWS\system32\dimsadsn.dll Successfully Moved: C:\WINDOWS\system32\dimsadsn.dll moving: C:\WINDOWS\system32\disrslvr.dll Successfully Moved: C:\WINDOWS\system32\disrslvr.dll moving: C:\WINDOWS\system32\dncpcsvc.dll Successfully Moved: C:\WINDOWS\system32\dncpcsvc.dll moving: C:\WINDOWS\system32\g2400chmef4a0.dll Successfully Moved: C:\WINDOWS\system32\g2400chmef4a0.dll moving: C:\WINDOWS\system32\g822lifo182c.dll Successfully Moved: C:\WINDOWS\system32\g822lifo182c.dll moving: C:\WINDOWS\system32\ir0ol5d31.dll Successfully Moved: C:\WINDOWS\system32\ir0ol5d31.dll moving: C:\WINDOWS\system32\itetmib1.dll Successfully Moved: C:\WINDOWS\system32\itetmib1.dll moving: C:\WINDOWS\system32\izakui.dll Successfully Moved: C:\WINDOWS\system32\izakui.dll moving: C:\WINDOWS\system32\jtn0075me.dll Successfully Moved: C:\WINDOWS\system32\jtn0075me.dll moving: C:\WINDOWS\system32\k8pm0i71e8.dll Successfully Moved: C:\WINDOWS\system32\k8pm0i71e8.dll moving: C:\WINDOWS\system32\kedhe220.dll Successfully Moved: C:\WINDOWS\system32\kedhe220.dll moving: C:\WINDOWS\system32\kjdda.dll Successfully Moved: C:\WINDOWS\system32\kjdda.dll moving: C:\WINDOWS\system32\kldusx.dll Successfully Moved: C:\WINDOWS\system32\kldusx.dll moving: C:\WINDOWS\system32\kudnec95.dll Successfully Moved: C:\WINDOWS\system32\kudnec95.dll moving: C:\WINDOWS\system32\lvp8097ue.dll Successfully Moved: C:\WINDOWS\system32\lvp8097ue.dll moving: C:\WINDOWS\system32\lxewa.dll Successfully Moved: C:\WINDOWS\system32\lxewa.dll moving: C:\WINDOWS\system32\m8280ifue8280.dll Successfully Moved: C:\WINDOWS\system32\m8280ifue8280.dll moving: C:\WINDOWS\system32\madtctm.dll Successfully Moved: C:\WINDOWS\system32\madtctm.dll moving: C:\WINDOWS\system32\mdhtml.dll Successfully Moved: C:\WINDOWS\system32\mdhtml.dll moving: C:\WINDOWS\system32\meexch40.dll Successfully Moved: C:\WINDOWS\system32\meexch40.dll moving: C:\WINDOWS\system32\mhweb.dll Successfully Moved: C:\WINDOWS\system32\mhweb.dll moving: C:\WINDOWS\system32\micories.dll Successfully Moved: C:\WINDOWS\system32\micories.dll moving: C:\WINDOWS\system32\mjdtctm.dll Successfully Moved: C:\WINDOWS\system32\mjdtctm.dll moving: C:\WINDOWS\system32\mjjetoledb40.dll Successfully Moved: C:\WINDOWS\system32\mjjetoledb40.dll moving: C:\WINDOWS\system32\mrdimap.dll Successfully Moved: C:\WINDOWS\system32\mrdimap.dll moving: C:\WINDOWS\system32\murating.dll Successfully Moved: C:\WINDOWS\system32\murating.dll moving: C:\WINDOWS\system32\mv20l9fm1.dll Successfully Moved: C:\WINDOWS\system32\mv20l9fm1.dll moving: C:\WINDOWS\system32\mvvcr70.dll Successfully Moved: C:\WINDOWS\system32\mvvcr70.dll moving: C:\WINDOWS\system32\MXJINT35.DLL Successfully Moved: C:\WINDOWS\system32\MXJINT35.DLL moving: C:\WINDOWS\system32\nltapi.dll Successfully Moved: C:\WINDOWS\system32\nltapi.dll moving: C:\WINDOWS\system32\nnprint.dll Successfully Moved: C:\WINDOWS\system32\nnprint.dll moving: C:\WINDOWS\system32\o648lghu1648.dll Successfully Moved: C:\WINDOWS\system32\o648lghu1648.dll moving: C:\WINDOWS\system32\o8pq0i75e8.dll Successfully Moved: C:\WINDOWS\system32\o8pq0i75e8.dll moving: C:\WINDOWS\system32\vs6fr.dll Successfully Moved: C:\WINDOWS\system32\vs6fr.dll moving: C:\WINDOWS\system32\vvpodbc.dll Successfully Moved: C:\WINDOWS\system32\vvpodbc.dll moving: C:\WINDOWS\system32\guard.tmp Successfully Moved: C:\WINDOWS\system32\guard.tmp Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServicesOnce] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\g2400chmef4a0.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" The following are the files found: **************************************************************************** C:\WINDOWS\system32\cbedui.dll C:\WINDOWS\system32\dimsadsn.dll C:\WINDOWS\system32\disrslvr.dll C:\WINDOWS\system32\dncpcsvc.dll C:\WINDOWS\system32\g2400chmef4a0.dll C:\WINDOWS\system32\g822lifo182c.dll C:\WINDOWS\system32\ir0ol5d31.dll C:\WINDOWS\system32\itetmib1.dll C:\WINDOWS\system32\izakui.dll C:\WINDOWS\system32\jtn0075me.dll C:\WINDOWS\system32\k8pm0i71e8.dll C:\WINDOWS\system32\kedhe220.dll C:\WINDOWS\system32\kjdda.dll C:\WINDOWS\system32\kldusx.dll C:\WINDOWS\system32\kudnec95.dll C:\WINDOWS\system32\lvp8097ue.dll C:\WINDOWS\system32\lxewa.dll C:\WINDOWS\system32\m8280ifue8280.dll C:\WINDOWS\system32\madtctm.dll C:\WINDOWS\system32\mdhtml.dll C:\WINDOWS\system32\meexch40.dll C:\WINDOWS\system32\mhweb.dll C:\WINDOWS\system32\micories.dll C:\WINDOWS\system32\mjdtctm.dll C:\WINDOWS\system32\mjjetoledb40.dll C:\WINDOWS\system32\mrdimap.dll C:\WINDOWS\system32\murating.dll C:\WINDOWS\system32\mv20l9fm1.dll C:\WINDOWS\system32\mvvcr70.dll C:\WINDOWS\system32\MXJINT35.DLL C:\WINDOWS\system32\nltapi.dll C:\WINDOWS\system32\nnprint.dll C:\WINDOWS\system32\o648lghu1648.dll C:\WINDOWS\system32\o8pq0i75e8.dll C:\WINDOWS\system32\vs6fr.dll C:\WINDOWS\system32\vvpodbc.dll C:\WINDOWS\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{EA7F0990-0177-4411-A3EB-E4631306FAFC}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{EA7F0990-0177-4411-A3EB-E4631306FAFC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{EA7F0990-0177-4411-A3EB-E4631306FAFC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{EA7F0990-0177-4411-A3EB-E4631306FAFC}\InprocServer32] "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{ABF12228-3E3A-49C0-9522-DC2C66E850DE}] @="" [HKEY_CLASSES_ROOT\CLSID\{ABF12228-3E3A-49C0-9522-DC2C66E850DE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{ABF12228-3E3A-49C0-9522-DC2C66E850DE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{ABF12228-3E3A-49C0-9522-DC2C66E850DE}\InprocServer32] @="C:\\WINDOWS\\system32\\nnprint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1301F7BC-2695-4966-85D4-C12300E70D47}] @="" [HKEY_CLASSES_ROOT\CLSID\{1301F7BC-2695-4966-85D4-C12300E70D47}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1301F7BC-2695-4966-85D4-C12300E70D47}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1301F7BC-2695-4966-85D4-C12300E70D47}\InprocServer32] "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{32FCCA7C-E761-4B94-B482-94918E5D0D44}] @="" [HKEY_CLASSES_ROOT\CLSID\{32FCCA7C-E761-4B94-B482-94918E5D0D44}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{32FCCA7C-E761-4B94-B482-94918E5D0D44}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{32FCCA7C-E761-4B94-B482-94918E5D0D44}\InprocServer32] @="C:\\WINDOWS\\system32\\mdhtml.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{81BFCF0F-FAE4-4FEE-B2BC-4C57EEF3231F}] @="" [HKEY_CLASSES_ROOT\CLSID\{81BFCF0F-FAE4-4FEE-B2BC-4C57EEF3231F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{81BFCF0F-FAE4-4FEE-B2BC-4C57EEF3231F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{81BFCF0F-FAE4-4FEE-B2BC-4C57EEF3231F}\InprocServer32] @="C:\\WINDOWS\\system32\\dncpcsvc.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E624BC2C-07E6-4CC3-BB6D-AD06EC878418}] @="" [HKEY_CLASSES_ROOT\CLSID\{E624BC2C-07E6-4CC3-BB6D-AD06EC878418}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E624BC2C-07E6-4CC3-BB6D-AD06EC878418}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E624BC2C-07E6-4CC3-BB6D-AD06EC878418}\InprocServer32] "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{574F0719-4AC5-40FB-9AF1-721B45088966}] @="" [HKEY_CLASSES_ROOT\CLSID\{574F0719-4AC5-40FB-9AF1-721B45088966}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{574F0719-4AC5-40FB-9AF1-721B45088966}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{574F0719-4AC5-40FB-9AF1-721B45088966}\InprocServer32] @="C:\\WINDOWS\\system32\\mjdtctm.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{645F3475-ED7A-48F9-B674-0CA0718601BD}] @="" [HKEY_CLASSES_ROOT\CLSID\{645F3475-ED7A-48F9-B674-0CA0718601BD}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{645F3475-ED7A-48F9-B674-0CA0718601BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{645F3475-ED7A-48F9-B674-0CA0718601BD}\InprocServer32] @="C:\\WINDOWS\\system32\\MXJINT35.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{F84835C5-6092-41DB-A18D-300DCC7A9737}] @="" [HKEY_CLASSES_ROOT\CLSID\{F84835C5-6092-41DB-A18D-300DCC7A9737}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{F84835C5-6092-41DB-A18D-300DCC7A9737}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{F84835C5-6092-41DB-A18D-300DCC7A9737}\InprocServer32] @="C:\\WINDOWS\\system32\\kedhe220.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E3750B99-A75E-4F77-A887-B92D2957DF81}] @="" [HKEY_CLASSES_ROOT\CLSID\{E3750B99-A75E-4F77-A887-B92D2957DF81}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E3750B99-A75E-4F77-A887-B92D2957DF81}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E3750B99-A75E-4F77-A887-B92D2957DF81}\InprocServer32] @="C:\\WINDOWS\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{872EE194-1E8D-44A3-97CA-E4E7FBE85295}] @="" [HKEY_CLASSES_ROOT\CLSID\{872EE194-1E8D-44A3-97CA-E4E7FBE85295}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{872EE194-1E8D-44A3-97CA-E4E7FBE85295}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{872EE194-1E8D-44A3-97CA-E4E7FBE85295}\InprocServer32] @="C:\\WINDOWS\\system32\\cbedui.dll" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{EA7F0990-0177-4411-A3EB-E4631306FAFC}"=- "{ABF12228-3E3A-49C0-9522-DC2C66E850DE}"=- "{1301F7BC-2695-4966-85D4-C12300E70D47}"=- "{32FCCA7C-E761-4B94-B482-94918E5D0D44}"=- "{81BFCF0F-FAE4-4FEE-B2BC-4C57EEF3231F}"=- "{E624BC2C-07E6-4CC3-BB6D-AD06EC878418}"=- "{574F0719-4AC5-40FB-9AF1-721B45088966}"=- "{645F3475-ED7A-48F9-B674-0CA0718601BD}"=- "{F84835C5-6092-41DB-A18D-300DCC7A9737}"=- "{E3750B99-A75E-4F77-A887-B92D2957DF81}"=- "{872EE194-1E8D-44A3-97CA-E4E7FBE85295}"=- [-HKEY_CLASSES_ROOT\CLSID\{EA7F0990-0177-4411-A3EB-E4631306FAFC}] [-HKEY_CLASSES_ROOT\CLSID\{ABF12228-3E3A-49C0-9522-DC2C66E850DE}] [-HKEY_CLASSES_ROOT\CLSID\{1301F7BC-2695-4966-85D4-C12300E70D47}] [-HKEY_CLASSES_ROOT\CLSID\{32FCCA7C-E761-4B94-B482-94918E5D0D44}] [-HKEY_CLASSES_ROOT\CLSID\{81BFCF0F-FAE4-4FEE-B2BC-4C57EEF3231F}] [-HKEY_CLASSES_ROOT\CLSID\{E624BC2C-07E6-4CC3-BB6D-AD06EC878418}] [-HKEY_CLASSES_ROOT\CLSID\{574F0719-4AC5-40FB-9AF1-721B45088966}] [-HKEY_CLASSES_ROOT\CLSID\{645F3475-ED7A-48F9-B674-0CA0718601BD}] [-HKEY_CLASSES_ROOT\CLSID\{F84835C5-6092-41DB-A18D-300DCC7A9737}] [-HKEY_CLASSES_ROOT\CLSID\{E3750B99-A75E-4F77-A887-B92D2957DF81}] [-HKEY_CLASSES_ROOT\CLSID\{872EE194-1E8D-44A3-97CA-E4E7FBE85295}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "SV1"="" **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/cbedui.dll (148 bytes security) (deflated 5%) adding: dlls/dimsadsn.dll (148 bytes security) (deflated 5%) adding: dlls/disrslvr.dll (148 bytes security) (deflated 5%) adding: dlls/dncpcsvc.dll (148 bytes security) (deflated 5%) adding: dlls/g2400chmef4a0.dll (212 bytes security) (deflated 5%) adding: dlls/g822lifo182c.dll (148 bytes security) (deflated 5%) adding: dlls/guard.tmp (212 bytes security) (deflated 5%) adding: dlls/ir0ol5d31.dll (212 bytes security) (deflated 5%) adding: dlls/itetmib1.dll (148 bytes security) (deflated 5%) adding: dlls/izakui.dll (148 bytes security) (deflated 5%) adding: dlls/jtn0075me.dll (148 bytes security) (deflated 5%) adding: dlls/k8pm0i71e8.dll (148 bytes security) (deflated 5%) adding: dlls/kedhe220.dll (148 bytes security) (deflated 5%) adding: dlls/kjdda.dll (148 bytes security) (deflated 4%) adding: dlls/kldusx.dll (148 bytes security) (deflated 5%) adding: dlls/kudnec95.dll (148 bytes security) (deflated 5%) adding: dlls/lvp8097ue.dll (148 bytes security) (deflated 5%) adding: dlls/lxewa.dll (148 bytes security) (deflated 5%) adding: dlls/m8280ifue8280.dll (148 bytes security) (deflated 5%) adding: dlls/madtctm.dll (148 bytes security) (deflated 5%) adding: dlls/mdhtml.dll (148 bytes security) (deflated 5%) adding: dlls/meexch40.dll (148 bytes security) (deflated 5%) adding: dlls/mhweb.dll (148 bytes security) (deflated 5%) adding: dlls/micories.dll (148 bytes security) (deflated 4%) adding: dlls/mjdtctm.dll (148 bytes security) (deflated 5%) adding: dlls/mjjetoledb40.dll (148 bytes security) (deflated 5%) adding: dlls/mrdimap.dll (148 bytes security) (deflated 4%) adding: dlls/murating.dll (148 bytes security) (deflated 5%) adding: dlls/mv20l9fm1.dll (148 bytes security) (deflated 5%) adding: dlls/mvvcr70.dll (148 bytes security) (deflated 4%) adding: dlls/MXJINT35.DLL (148 bytes security) (deflated 5%) adding: dlls/nltapi.dll (148 bytes security) (deflated 5%) adding: dlls/nnprint.dll (148 bytes security) (deflated 5%) adding: dlls/o648lghu1648.dll (212 bytes security) (deflated 5%) adding: dlls/o8pq0i75e8.dll (148 bytes security) (deflated 5%) adding: dlls/vs6fr.dll (148 bytes security) (deflated 5%) adding: dlls/vvpodbc.dll (148 bytes security) (deflated 5%) adding: backregs/1301F7BC-2695-4966-85D4-C12300E70D47.reg (212 bytes security) (deflated 71%) adding: backregs/32FCCA7C-E761-4B94-B482-94918E5D0D44.reg (212 bytes security) (deflated 70%) adding: backregs/574F0719-4AC5-40FB-9AF1-721B45088966.reg (212 bytes security) (deflated 70%) adding: backregs/645F3475-ED7A-48F9-B674-0CA0718601BD.reg (212 bytes security) (deflated 70%) adding: backregs/81BFCF0F-FAE4-4FEE-B2BC-4C57EEF3231F.reg (212 bytes security) (deflated 70%) adding: backregs/872EE194-1E8D-44A3-97CA-E4E7FBE85295.reg (212 bytes security) (deflated 70%) adding: backregs/ABF12228-3E3A-49C0-9522-DC2C66E850DE.reg (212 bytes security) (deflated 70%) adding: backregs/E3750B99-A75E-4F77-A887-B92D2957DF81.reg (212 bytes security) (deflated 70%) adding: backregs/E624BC2C-07E6-4CC3-BB6D-AD06EC878418.reg (212 bytes security) (deflated 71%) adding: backregs/EA7F0990-0177-4411-A3EB-E4631306FAFC.reg (212 bytes security) (deflated 70%) adding: backregs/F84835C5-6092-41DB-A18D-300DCC7A9737.reg (212 bytes security) (deflated 70%) adding: backregs/notibac.reg (164 bytes security) (deflated 87%) adding: backregs/shell.reg (164 bytes security) (deflated 73%) Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 09:37:28, on 30/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [DMEWATCH] C:\PROGRA~1\OrangeBs\Watch.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - C:\WINDOWS\web\OpenFrame.htm O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{A579E2CC-1296-4CC7-8DAB-DC734512B802}: NameServer = 193.252.19.4,193.252.19.6 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = notes.alstom.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = notes.alstom.com O20 - Winlogon Notify: RunServicesOnce - C:\WINDOWS\system32\g2400chmef4a0.dll (file missing) O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Merci pour la suite Ayant désintallé Norton pour Antivir, comment je dois tuer la ligne 023 concernant Symantec ? A +
-
Bonjour Jack_Burton, Ipl et à tous, Que dois je faire maintenant ? Merci pour votre assistance Cordialement
-
Bonsoir Jack, Voila ce que tu m'as demandé de faire. J'ai dû désactiver Antivir pour le faire car pour lui il faut le supprimer. A part un message sur l'updater de Symantec (que j'aimerais bien virer d'ailleurs en passant), j'ai dû passer par l'option 5 et mis à jour des trucs pour que cela donne ceci : L2MFIX find log 122705 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\jt2m07f1e.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" "Logon"="SCardStartCertProp" "Logoff"="SCardStopCertProp" "Lock"="SCardSuspendCertProp" "Unlock"="SCardResumeCertProp" "Enabled"=dword:00000001 "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "StartShell"="SchedStartShell" "Logoff"="SchedEventLogOff" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "PostShell"="SensPostShellEvent" "Disconnect"="SensDisconnectEvent" "Reconnect"="SensReconnectEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] "Asynchronous"=dword:00000000 "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Impersonate"=dword:00000000 "Logoff"="TSEventLogoff" "Logon"="TSEventLogon" "PostShell"="TSEventPostShell" "Shutdown"="TSEventShutdown" "StartShell"="TSEventStartShell" "Startup"="TSEventStartup" "MaxWait"=dword:00000258 "Reconnect"="TSEventReconnect" "Disconnect"="TSEventDisconnect" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" "Logon"="RegisterTicketExpiredNotificationEvent" "Logoff"="UnregisterTicketExpiredNotificationEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] "Asynchronous"=dword:00000000 "DllName"="WRLogonNTF.dll" "Impersonate"=dword:00000001 "Lock"="WRLock" "StartScreenSaver"="WRStartScreenSaver" "StartShell"="WRStartShell" "Startup"="WRStartup" "StopScreenSaver"="WRStopScreenSaver" "Unlock"="WRUnlock" "Shutdown"="WRShutdown" "Logoff"="WRLogoff" "Logon"="WRLogon" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{78B1C67F-7BF2-A608-6DD7-5A9FA0FD489C}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo" "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{F5D92341-0A64-11D0-9956-0000E8096023}"="CD Copy Shell Extension" "{F5D92342-0A64-11D0-9956-0000E8096023}"="CD Wizard Shell Extension" "{F5D92344-0A64-11D0-9956-0000E8096023}"="InstantWrite Shellextension" "{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{CE000992-A58C-4441-8938-744CD72AB27F}"="i-Nav IDN Resolver" "{CE000994-A58C-4441-8938-744CD72AB27F}"="i-Nav IDN SearchHook" "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"="ContextMenuExt Extension" "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band" "{EA7F0990-0177-4411-A3EB-E4631306FAFC}"="" "{ABF12228-3E3A-49C0-9522-DC2C66E850DE}"="" "{1301F7BC-2695-4966-85D4-C12300E70D47}"="" "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" "{32FCCA7C-E761-4B94-B482-94918E5D0D44}"="" "{81BFCF0F-FAE4-4FEE-B2BC-4C57EEF3231F}"="" "{E624BC2C-07E6-4CC3-BB6D-AD06EC878418}"="" "{574F0719-4AC5-40FB-9AF1-721B45088966}"="" "{645F3475-ED7A-48F9-B674-0CA0718601BD}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{EA7F0990-0177-4411-A3EB-E4631306FAFC}] @="" "IDEx"="ADDR" [HKEY_CLASSES_ROOT\CLSID\{EA7F0990-0177-4411-A3EB-E4631306FAFC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{EA7F0990-0177-4411-A3EB-E4631306FAFC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{EA7F0990-0177-4411-A3EB-E4631306FAFC}\InprocServer32] "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{ABF12228-3E3A-49C0-9522-DC2C66E850DE}] @="" [HKEY_CLASSES_ROOT\CLSID\{ABF12228-3E3A-49C0-9522-DC2C66E850DE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{ABF12228-3E3A-49C0-9522-DC2C66E850DE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{ABF12228-3E3A-49C0-9522-DC2C66E850DE}\InprocServer32] @="C:\\WINDOWS\\system32\\nnprint.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{1301F7BC-2695-4966-85D4-C12300E70D47}] @="" [HKEY_CLASSES_ROOT\CLSID\{1301F7BC-2695-4966-85D4-C12300E70D47}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{1301F7BC-2695-4966-85D4-C12300E70D47}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{1301F7BC-2695-4966-85D4-C12300E70D47}\InprocServer32] "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{32FCCA7C-E761-4B94-B482-94918E5D0D44}] @="" [HKEY_CLASSES_ROOT\CLSID\{32FCCA7C-E761-4B94-B482-94918E5D0D44}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{32FCCA7C-E761-4B94-B482-94918E5D0D44}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{32FCCA7C-E761-4B94-B482-94918E5D0D44}\InprocServer32] @="C:\\WINDOWS\\system32\\mdhtml.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{81BFCF0F-FAE4-4FEE-B2BC-4C57EEF3231F}] @="" [HKEY_CLASSES_ROOT\CLSID\{81BFCF0F-FAE4-4FEE-B2BC-4C57EEF3231F}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{81BFCF0F-FAE4-4FEE-B2BC-4C57EEF3231F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{81BFCF0F-FAE4-4FEE-B2BC-4C57EEF3231F}\InprocServer32] @="C:\\WINDOWS\\system32\\dncpcsvc.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{E624BC2C-07E6-4CC3-BB6D-AD06EC878418}] @="" [HKEY_CLASSES_ROOT\CLSID\{E624BC2C-07E6-4CC3-BB6D-AD06EC878418}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{E624BC2C-07E6-4CC3-BB6D-AD06EC878418}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{E624BC2C-07E6-4CC3-BB6D-AD06EC878418}\InprocServer32] "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{574F0719-4AC5-40FB-9AF1-721B45088966}] @="" [HKEY_CLASSES_ROOT\CLSID\{574F0719-4AC5-40FB-9AF1-721B45088966}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{574F0719-4AC5-40FB-9AF1-721B45088966}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{574F0719-4AC5-40FB-9AF1-721B45088966}\InprocServer32] @="C:\\WINDOWS\\system32\\mjdtctm.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{645F3475-ED7A-48F9-B674-0CA0718601BD}] @="" [HKEY_CLASSES_ROOT\CLSID\{645F3475-ED7A-48F9-B674-0CA0718601BD}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{645F3475-ED7A-48F9-B674-0CA0718601BD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{645F3475-ED7A-48F9-B674-0CA0718601BD}\InprocServer32] @="C:\\WINDOWS\\system32\\MXJINT35.DLL" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1 022 976 999,00 K cdfview.dll Fri 21 Oct 2005 4:41:00 A.... 152 064 148,50 K danim.dll Sat 5 Nov 2005 4:17:22 A.... 1 056 768 1,01 M dimsadsn.dll Wed 28 Dec 2005 22:11:38 ..S.R 234 729 229,23 K disrslvr.dll Wed 28 Dec 2005 15:49:26 ..S.R 234 729 229,23 K dncpcsvc.dll Thu 29 Dec 2005 12:48:12 ..S.R 236 835 231,28 K dxtrans.dll Fri 21 Oct 2005 4:41:00 A.... 205 312 200,50 K esent.dll Thu 20 Oct 2005 23:25:54 A.... 1 097 728 1,05 M extmgr.dll Fri 21 Oct 2005 4:41:00 ..... 55 808 54,50 K gdi32.dll Thu 6 Oct 2005 4:18:12 A.... 280 064 273,50 K hashlib.dll Tue 15 Nov 2005 12:12:08 A.... 117 976 115,21 K iepeers.dll Fri 21 Oct 2005 4:41:00 A.... 251 392 245,50 K inseng.dll Fri 21 Oct 2005 4:41:00 A.... 96 768 94,50 K itetmib1.dll Wed 28 Dec 2005 14:17:12 ..S.R 234 729 229,23 K izakui.dll Tue 27 Dec 2005 23:53:28 ..S.R 234 729 229,23 K kjdda.dll Tue 27 Dec 2005 23:33:44 ..S.R 233 955 228,47 K kldusx.dll Wed 28 Dec 2005 14:59:36 ..S.R 234 729 229,23 K kudnec95.dll Wed 28 Dec 2005 14:38:48 ..S.R 234 729 229,23 K lxewa.dll Wed 28 Dec 2005 14:32:08 ..S.R 234 729 229,23 K madtctm.dll Wed 28 Dec 2005 10:10:06 ..S.R 234 729 229,23 K mdhtml.dll Thu 29 Dec 2005 0:06:30 ..S.R 235 483 229,96 K meexch40.dll Tue 27 Dec 2005 17:19:48 ..S.R 236 096 230,56 K mhweb.dll Wed 28 Dec 2005 14:12:26 ..S.R 234 729 229,23 K micories.dll Tue 27 Dec 2005 21:34:40 ..S.R 233 955 228,47 K mjdtctm.dll Thu 29 Dec 2005 13:35:32 ..S.R 236 835 231,28 K mrdimap.dll Tue 27 Dec 2005 20:33:36 ..S.R 233 955 228,47 K mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3 013 632 2,87 M mshtmled.dll Fri 21 Oct 2005 4:41:04 A.... 448 512 438,00 K msrating.dll Fri 21 Oct 2005 4:41:04 A.... 146 432 143,00 K mstime.dll Fri 21 Oct 2005 4:41:04 A.... 530 944 518,50 K murating.dll Tue 27 Dec 2005 18:54:04 ..S.R 236 083 230,55 K mvvcr70.dll Tue 27 Dec 2005 19:41:30 ..S.R 233 955 228,47 K mxjint35.dll Thu 29 Dec 2005 21:12:42 ..S.R 235 022 229,51 K nltapi.dll Wed 28 Dec 2005 17:07:48 ..S.R 235 917 230,39 K nnprint.dll Wed 28 Dec 2005 23:30:36 ..S.R 235 483 229,96 K pngfilt.dll Fri 21 Oct 2005 4:41:04 A.... 39 424 38,50 K shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1 492 992 1,42 M shlwapi.dll Fri 21 Oct 2005 4:41:04 A.... 474 112 463,00 K spmsg.dll Thu 13 Oct 2005 0:15:26 ..... 15 072 14,72 K urlmon.dll Sat 5 Nov 2005 4:17:26 A.... 606 208 592,00 K vs6fr.dll Wed 28 Dec 2005 14:28:24 ..S.R 234 729 229,23 K vvpodbc.dll Wed 28 Dec 2005 15:10:10 ..S.R 234 729 229,23 K wininet.dll Fri 21 Oct 2005 4:41:06 A.... 662 528 647,00 K 43 items found: 43 files (23 H/S), 0 directories. Total of file sizes: 17 172 305 bytes 16,38 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ guard.tmp Thu 29 Dec 2005 21:12:46 A.... 236 434 230,89 K 1 item found: 1 file, 0 directories. Total of file sizes: 236 434 bytes 230,89 K ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C s'appelle HD Le num‚ro de s‚rie du volume est D4F8-E2F5 R‚pertoire de C:\WINDOWS\System32 29/12/2005 21:12 235ÿ022 MXJINT35.DLL 29/12/2005 21:12 236ÿ024 c200lcdm1f0a.dll 29/12/2005 19:55 235ÿ022 jt2m07f1e.dll 29/12/2005 13:35 236ÿ835 mjdtctm.dll 29/12/2005 12:48 236ÿ835 dncpcsvc.dll 29/12/2005 00:13 236ÿ251 mjjetoledb40.dll 29/12/2005 00:06 235ÿ483 mdhtml.dll 28/12/2005 23:49 <REP> dllcache 28/12/2005 23:30 235ÿ483 nnprint.dll 28/12/2005 22:11 234ÿ729 dimsadsn.dll 28/12/2005 17:07 235ÿ917 nltapi.dll 28/12/2005 15:49 234ÿ729 disrslvr.dll 28/12/2005 15:42 234ÿ729 k8pm0i71e8.dll 28/12/2005 15:10 234ÿ729 vvpodbc.dll 28/12/2005 14:59 234ÿ729 kldusx.dll 28/12/2005 14:59 234ÿ786 jtn0075me.dll 28/12/2005 14:38 234ÿ729 kudnec95.dll 28/12/2005 14:38 235ÿ957 g822lifo182c.dll 28/12/2005 14:32 234ÿ729 lxewa.dll 28/12/2005 14:32 235ÿ758 mv20l9fm1.dll 28/12/2005 14:28 234ÿ729 vs6fr.dll 28/12/2005 14:20 234ÿ729 lvp8097ue.dll 28/12/2005 14:17 234ÿ729 itetmib1.dll 28/12/2005 14:17 235ÿ307 o8pq0i75e8.dll 28/12/2005 14:12 234ÿ729 mhweb.dll 28/12/2005 13:48 235ÿ068 m8280ifue8280.dll 28/12/2005 10:10 234ÿ729 madtctm.dll 27/12/2005 23:53 234ÿ729 izakui.dll 27/12/2005 23:33 233ÿ955 kjdda.dll 27/12/2005 21:34 233ÿ955 micories.dll 27/12/2005 20:33 233ÿ955 mrdimap.dll 27/12/2005 19:41 233ÿ955 mvvcr70.dll 27/12/2005 19:37 236ÿ855 ir0ol5d31.dll 27/12/2005 18:54 236ÿ083 murating.dll 27/12/2005 17:19 236ÿ096 meexch40.dll 11/01/2005 15:47 <REP> Microsoft 34 fichier(s) 7ÿ996ÿ079 octets 2 R‚p(s) 46ÿ021ÿ865ÿ472 octets libres Je suis à vous pour la suite. A+
-
Auriez vous une autre solution que Spy Weep ? car apparemment, ils ont changé il n'y a plus de trial, il scanne mais il faut payer pour enlever les objets suspects. Je suis pour le moment bloqué sur ce truc, installation de la version française, anglaise, rien n'y fait, j'ai fini par désinstaller. A+
-
OK, Compris. Merci pour ton aide. Donc, suite aux manips demandées, ci après le nouveau rapport de Hijack en mode normal. Mais d'ore et déjà, les Pop Up avec des site yyy102 continuent de plus belle. D'autre part, j'avais viré 'Proprement Norton" par désinstallation système mais je vois qu'il y a encore un truc de Symantec dans le rapport ci après. Logfile of HijackThis v1.99.1 Scan saved at 13:36:25, on 29/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\cisvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\pctspk.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\HijackThis\hijackthis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [DMEWATCH] C:\PROGRA~1\OrangeBs\Watch.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - C:\WINDOWS\web\OpenFrame.htm O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{A579E2CC-1296-4CC7-8DAB-DC734512B802}: NameServer = 193.252.19.4,193.252.19.6 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = notes.alstom.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = notes.alstom.com O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\lvnq0955e.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Merci pour vos conseils. A plus tard
-
Au sujet de la ligne C:\Program Files\dmul\sata.exe Connais-tu ce programme sata.exe, s'il te plaît ? Non je connais ce programme. Que me conseilles tu de faire ? Qu'en est-il de dysfonctionnements éventuels ? Je suis actuellement perpétuellement perturbé par de Pop up quand je suis sur le Net avec des sites que je n'ai jamais demandé à consulter, les adresses se terminent en général par yyy102 quelque choses. J'attends tes instructions complémentaires avant de passer en mode sans echec.
-
Bonjour ipl, merci pour message de bienvenue. Passes moi un message Privé sur ton ancien patron ? Je suis actuellement perpétuellement perturbé par de Pop up quand je suis sur le Net avec des sites que je n'ai jamais demandé à consulter, les adresses se terminent en général par yyy quelque choses. J'epère que ce n'est pas trop grave. A +
-
Bonjour, J'ai suivi ligne à ligne la procédure de Pré-nettoyage préconisée. Ci joint donc le rapport sous mode Sans échec. Logfile of HijackThis v1.99.1 Scan saved at 10:17:02, on 29/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\explorer.exe C:\Program Files\HijackThis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {824AF3DB-3A48-36CE-69BF-62F3BF32369A} - C:\WINDOWS\system32\lsewa.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [DMEWATCH] C:\PROGRA~1\OrangeBs\Watch.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" O4 - HKLM\..\Run: [scheduleTest] C:\Program Files\InterVideo\Smart Backup\Schedule.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\prcpao.exe reg_run O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Rwtt] "C:\Program Files\dmul\sata.exe" -vt yazr O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Ouvrir le cadre dans une nouvelle fenêtre - C:\WINDOWS\web\OpenFrame.htm O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Surligner en Jaune - C:\WINDOWS\web\MarqueurFluoYellow.htm O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\showcookies.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - O17 - HKLM\System\CCS\Services\Tcpip\..\{A579E2CC-1296-4CC7-8DAB-DC734512B802}: NameServer = 193.252.19.4,193.252.19.6 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = notes.alstom.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = notes.alstom.com O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\ir02l5do1.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Merci par avance pour votre aide. Je suis prêt à suivre vos instructions. Cordialement