Juli3tte

Bonsoir, Voici le rapport demandé et désolé pour le retard :S ! Par contre je n'ai pas été avertie par un message mais il y a eu un nouveau fichier texte crée dans mes documents par silent runners . . . Je ne sais si c'est le vrai rapport mais je le poste quand même ! Merci d'avance : "Silent Runners.vbs", revision 45, http://www.silentrunners.org/ Operating System: Windows 2000 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Synchronization Manager" = "mobsync.exe /logon" [** WMI GetObject error **] "MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" [** WMI GetObject error **] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = "Lecteur Windows Media" \StubPath = "C:\WINNT\inf\unregmp2.exe /ShowWMP" [** WMI GetObject error **] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [** WMI GetObject error **] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{00022613-0000-0000-C000-000000000046}" = "Feuille de propriétés du fichier multimédia" -> {HKLM...CLSID} = "Feuille de propriétés du fichier multimédia" \InProcServer32\(Default) = "mmsys.cpl" [** WMI GetObject error **] "{176d6597-26d3-11d1-b350-080036a75b03}" = "Gestion de scanneur ICM" -> {HKLM...CLSID} = "Gestion de scanneur ICM" \InProcServer32\(Default) = "icmui.dll" [** WMI GetObject error **] "{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "Page de sécurité NTFS" -> {HKLM...CLSID} = "Extension noyau de sécurité" \InProcServer32\(Default) = "rshx32.dll" [** WMI GetObject error **] "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "Page des propriétés de OLE DocFile" -> {HKLM...CLSID} = "Page des propriétés de OLE DocFile" \InProcServer32\(Default) = "docprop.dll" [** WMI GetObject error **] "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Extensions de l'interpréteur de commandes pour le partage" -> {HKLM...CLSID} = "Extensions de l'interpréteur de commandes pour le partage" \InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **] "{41E300E0-78B6-11ce-849B-444553540000}" = "Extension du Panneau de configuration PlusPack" -> {HKLM...CLSID} = "Extension du Panneau de configuration PlusPack" \InProcServer32\(Default) = "plustab.dll" [** WMI GetObject error **] "{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Carte du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Carte du Panneau de configuration" \InProcServer32\(Default) = "deskadp.dll" [** WMI GetObject error **] "{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Écran du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Écran du Panneau de configuration" \InProcServer32\(Default) = "deskmon.dll" [** WMI GetObject error **] "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "Page de sécurité DS" -> {HKLM...CLSID} = "Extension noyau de sécurité" \InProcServer32\(Default) = "dssec.dll" [** WMI GetObject error **] "{56117100-C0CD-101B-81E2-00AA004AE837}" = "Gestionnaire de données endommagées de l'interpréteur de commandes" -> {HKLM...CLSID} = "Gestionnaire de données endommagées de l'interpréteur de commandes" \InProcServer32\(Default) = "shscrap.dll" [** WMI GetObject error **] "{59099400-57FF-11CE-BD94-0020AF85B590}" = "Extension copie de disquette" -> {HKLM...CLSID} = "Extension copie de disquette" \InProcServer32\(Default) = "diskcopy.dll" [** WMI GetObject error **] "{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Extensions de l'interpréteur de commandes pour les objets Microsoft Windows Network" -> {HKLM...CLSID} = "Extensions de l'interpréteur de commandes pour les objets Microsoft Windows Network" \InProcServer32\(Default) = "ntlanui2.dll" [** WMI GetObject error **] "{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "Gestion d'écran ICM" -> {HKLM...CLSID} = "Gestion d'écran ICM" \InProcServer32\(Default) = "C:\WINNT\System32\icmui.dll" [** WMI GetObject error **] "{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "Gestion d'imprimante ICM" -> {HKLM...CLSID} = "Gestion d'imprimante ICM" \InProcServer32\(Default) = "C:\WINNT\system32\icmui.dll" [** WMI GetObject error **] "{77597368-7b15-11d0-a0c2-080036af3f03}" = "Extension du shell d'imprimante Web" -> {HKLM...CLSID} = "Extension de l'environnement d'impression Web" \InProcServer32\(Default) = "printui.dll" [** WMI GetObject error **] "{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI" -> {HKLM...CLSID} = "Microsoft Disk Quota UI" \InProcServer32\(Default) = "dskquoui.dll" [** WMI GetObject error **] "{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Porte-documents" -> {HKLM...CLSID} = "Porte-documents" \InProcServer32\(Default) = "syncui.dll" [** WMI GetObject error **] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" [** WMI GetObject error **] "{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts" -> {HKLM...CLSID} = "Fonts" \InProcServer32\(Default) = "fontext.dll" [** WMI GetObject error **] "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "Profil ICC" -> {HKLM...CLSID} = "Profil ICC" \InProcServer32\(Default) = "C:\WINNT\system32\icmui.dll" [** WMI GetObject error **] "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Page de sécurité des imprimantes" -> {HKLM...CLSID} = "Extension noyau de sécurité" \InProcServer32\(Default) = "rshx32.dll" [** WMI GetObject error **] "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Extensions de l'interpréteur de commandes pour le partage" -> {HKLM...CLSID} = "Extensions de l'interpréteur de commandes pour le partage" \InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **] "{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension" -> {HKLM...CLSID} = "Display TroubleShoot CPL Extension" \InProcServer32\(Default) = "deskperf.dll" [** WMI GetObject error **] "{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Extension de l'interpréteur de commande pour Windows Script Host" -> {HKLM...CLSID} = "Shell Extension For Windows Script Host" \InProcServer32\(Default) = "C:\WINNT\System32\wshext.dll" [** WMI GetObject error **] "{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Extension de cryptographie PKO" -> {HKLM...CLSID} = "CryptPKO Class" \InProcServer32\(Default) = "C:\WINNT\system32\cryptext.dll" [** WMI GetObject error **] "{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Extension de cryptographie Sign" -> {HKLM...CLSID} = "CryptSig Class" \InProcServer32\(Default) = "C:\WINNT\system32\cryptext.dll" [** WMI GetObject error **] "{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Connexions réseau et accès à distance" -> {HKLM...CLSID} = "Connexions réseau et accès à distance" \InProcServer32\(Default) = "C:\WINNT\system32\NETSHELL.dll" [** WMI GetObject error **] "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler" -> {HKLM...CLSID} = "Scheduling UI icon handler" \InProcServer32\(Default) = "C:\WINNT\System32\mstask.dll" [** WMI GetObject error **] "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension" -> {HKLM...CLSID} = "Scheduling UI property sheet handler" \InProcServer32\(Default) = "C:\WINNT\System32\mstask.dll" [** WMI GetObject error **] "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Tâches planifiées" -> {HKLM...CLSID} = "Tâches planifiées" \InProcServer32\(Default) = "C:\WINNT\System32\mstask.dll" [** WMI GetObject error **] "{1A9BA3A0-143A-11CF-8350-444553540000}" = "Dossier favori du shell" -> {HKLM...CLSID} = "Dossier favori du shell" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{20D04FE0-3AEA-1069-A2D8-08002B30309D}" = "Poste de travail" -> {HKLM...CLSID} = "Poste de travail" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{86747AC0-42A0-1069-A2E6-08002B30309D}" = "Porte-documents" -> {HKLM...CLSID} = "Porte-documents" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{0AFACED1-E828-11D1-9187-B532F1E9575D}" = "Raccourci vers le dossier" -> {HKLM...CLSID} = "Raccourci vers le dossier" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{12518493-00B2-11d2-9FA5-9E3420524153}" = "Volume monté" -> {HKLM...CLSID} = "Volume monté" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{21B22460-3AEA-1069-A2DC-08002B30309D}" = "Extension de la page de propriétés des fichiers" -> {HKLM...CLSID} = "Extension de la page de propriétés des fichiers" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{B091E540-83E3-11CF-A713-0020AFD79762}" = "Page des types de fichiers" -> {HKLM...CLSID} = "Page des types de fichiers" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{FBF23B41-E3F0-101B-8488-00AA003E56F8}" = "Gestionnaire des types de fichiers MIME" -> {HKLM...CLSID} = "Gestionnaire des types de fichiers MIME" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{C2FBB630-2971-11d1-A18C-00C04FD75D13}" = "Service Copier vers Microsoft" -> {HKLM...CLSID} = "Service Copier vers Microsoft" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{C2FBB631-2971-11d1-A18C-00C04FD75D13}" = "Service Déplacer vers Microsoft" -> {HKLM...CLSID} = "Service Déplacer vers Microsoft" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{13709620-C279-11CE-A49E-444553540000}" = "Service d'automatisation de l'interface" -> {HKLM...CLSID} = "Service d'automatisation de l'interface" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}" = "Shell Automation Folder View" -> {HKLM...CLSID} = "Shell Automation Folder View" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{4622AD11-FF23-11d0-8D34-00A0C90F2719}" = "Menu Démarrer" -> {HKLM...CLSID} = "Menu Démarrer" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{7BA4C740-9E81-11CF-99D3-00AA004AE837}" = "Service SendTo Microsoft" -> {HKLM...CLSID} = "Service SendTo Microsoft" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{D969A300-E7FF-11d0-A93B-00A0C90F2719}" = "Service Nouvel objet Microsoft" -> {HKLM...CLSID} = "Service Nouvel objet Microsoft" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{09799AFB-AD67-11d1-ABCD-00C04FC30936}" = "Ouvrir avec le gestionnaire de menu contextuel" -> {HKLM...CLSID} = "Ouvrir avec le gestionnaire de menu contextuel" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{3FC0B520-68A9-11D0-8D77-00C04FD70822}" = "Afficher les extensions HTML du Panneau de configuration" -> {HKLM...CLSID} = "Afficher les extensions HTML du Panneau de configuration" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{75048700-EF1F-11D0-9888-006097DEACF9}" = "ActiveDesktop" -> {HKLM...CLSID} = "ActiveDesktop" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{6D5313C0-8C62-11D1-B2CD-006097DF8C11}" = "Extension de la page de propriétés des options des dossiers" -> {HKLM...CLSID} = "Extension de la page de propriétés des options des dossiers" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{57651662-CE3E-11D0-8D77-00C04FC99D61}" = "CmdFileIcon" -> {HKLM...CLSID} = "CmdFileIcon" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{4657278A-411B-11d2-839A-00C04FD918D0}" = "Application d'aide du système pour le glisser-déplacer" -> {HKLM...CLSID} = "Application d'aide du système pour le glisser-déplacer" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{A470F8CF-A1E8-4f65-8335-227475AA5C46}" = "Ajouter l'élément de cryptage dans les menus contextuels de l'Explorateur" -> {HKLM...CLSID} = "Ajouter l'élément de cryptage dans les menus contextuels de l'Explorateur" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] "{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Barre d'outils Internet Microsoft" -> {HKLM...CLSID} = "Barre d'outils Internet Microsoft" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "État du téléchargement" -> {HKLM...CLSID} = "État du téléchargement" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{568804CA-CBD7-11d0-9816-00C04FD91972}" = "Menu Dossier Bureau" -> {HKLM...CLSID} = "Menu Dossier Bureau" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Bande de menus" -> {HKLM...CLSID} = "Bande de menus" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Suivi du menu Shell" -> {HKLM...CLSID} = "Suivi du menu Shell" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Menu Site" -> {HKLM...CLSID} = "Menu Site" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menu Barre du Bureau" -> {HKLM...CLSID} = "Menu Barre du Bureau" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Dossier Bureau étendu" -> {HKLM...CLSID} = "Dossier Bureau étendu" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Dossier du shell augmenté" -> {HKLM...CLSID} = "Dossier du shell augmenté" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy" -> {HKLM...CLSID} = "BandProxy" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand" -> {HKLM...CLSID} = "IShellFolderBand" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Bande du navigateur Microsoft" -> {HKLM...CLSID} = "Bande du navigateur Microsoft" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "Bande de recherche" -> {HKLM...CLSID} = "Bande de recherche" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "Volet intégré de recherche" -> {HKLM...CLSID} = "Volet intégré de recherche" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Recherche Web" -> {HKLM...CLSID} = "Recherche Web" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "&Liens" -> {HKLM...CLSID} = "&Liens" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Utilitaire des options de l'arborescence du Registre" -> {HKLM...CLSID} = "Utilitaire des options de l'arborescence du Registre" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Adresse" -> {HKLM...CLSID} = "&Adresse" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Boîte d'entrée de l'adresse" -> {HKLM...CLSID} = "Boîte d'entrée de l'adresse" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Saisie semi-automatique Microsoft" -> {HKLM...CLSID} = "Saisie semi-automatique Microsoft" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Image miniature" -> {HKLM...CLSID} = "Image miniature" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor" -> {HKLM...CLSID} = "TridentImageExtractor" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{6756A641-DE71-11d0-831B-00AA005B4383}" = "Liste de saisie semi-automatique MRU" -> {HKLM...CLSID} = "Liste de saisie semi-automatique MRU" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Liste de saisie semi-automatique de l'historique Microsoft" -> {HKLM...CLSID} = "Liste de saisie semi-automatique de l'historique Microsoft" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{03C036F1-A186-11D0-824A-00AA005B4383}" = "Liste de saisie semi-automatique du dossier Shell Microsoft" -> {HKLM...CLSID} = "Liste de saisie semi-automatique du dossier Shell Microsoft" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Conteneur de la liste de saisie semi-automatique multiple Microsoft" -> {HKLM...CLSID} = "Conteneur de la liste de saisie semi-automatique multiple Microsoft" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Menu Site de bandes" -> {HKLM...CLSID} = "Menu Site de bandes" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Shell DeskBarApp" -> {HKLM...CLSID} = "Shell DeskBarApp" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Barre du Bureau" -> {HKLM...CLSID} = "Barre du Bureau" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite" -> {HKLM...CLSID} = "Shell Rebar BandSite" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "Assistance utilisateur" -> {HKLM...CLSID} = "Assistance utilisateur" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Paramètres du dossier global" -> {HKLM...CLSID} = "Paramètres du dossier global" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" = "Favorites Band" -> {HKLM...CLSID} = "Favorites Band" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{0A89A860-D7B1-11CE-8350-444553540000}" = "Shell Automation Inproc Service" -> {HKLM...CLSID} = "Shell Automation Inproc Service" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" = "Shell DocObject Viewer" -> {HKLM...CLSID} = "Shell DocObject Viewer" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut" -> {HKLM...CLSID} = "Raccourci Internet" \InProcServer32\(Default) = "shdocvw.dll" [** WMI GetObject error **] "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" = "Microsoft Url History Service" -> {HKLM...CLSID} = "Microsoft Url History Service" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{FF393560-C2A7-11CF-BFF4-444553540000}" = "Historique" -> {HKLM...CLSID} = "Historique" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files" -> {HKLM...CLSID} = "Temporary Internet Files" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook" -> {HKLM...CLSID} = "Microsoft Url Search Hook" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" = "Image de démarrage de la Suite IE4" -> {HKLM...CLSID} = "Image de démarrage de la Suite IE4" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" = "CDF Extension Copy Hook" -> {HKLM...CLSID} = "CDF Extension Copy Hook" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{131A6951-7F78-11D0-A979-00C04FD705A2}" = "ISFBand OC" -> {HKLM...CLSID} = "ISFBand OC" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{9461b922-3c5a-11d2-bf8b-00c04fb93661}" = "Search Assistant OC" -> {HKLM...CLSID} = "Search Assistant OC" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "Internet" -> {HKLM...CLSID} = "Internet" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{871C5380-42A0-1069-A2EA-08002B30309D}" = "Internet Name Space" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINNT\System32\sendmail.dll" [** WMI GetObject error **] "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINNT\System32\sendmail.dll" [** WMI GetObject error **] "{88C6C381-2E85-11D0-94DE-444553540000}" = "Dossier ActiveX Cache" -> {HKLM...CLSID} = "Dossier ActiveX Cache" \InProcServer32\(Default) = "C:\WINNT\System32\occache.dll" [** WMI GetObject error **] "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck" -> {HKLM...CLSID} = "WebCheck" \InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **] "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" = "Subscription Mgr" -> {HKLM...CLSID} = "Subscription Mgr" \InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **] "{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Dossier Inscription" -> {HKLM...CLSID} = "Dossier Inscription" \InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **] "{08165EA0-E946-11CF-9C87-00AA005127ED}" = "WebCheckWebCrawler" -> {HKLM...CLSID} = "WebCheckWebCrawler" \InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **] "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" = "WebCheckChannelAgent" -> {HKLM...CLSID} = "WebCheckChannelAgent" \InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **] "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" = "TrayAgent" -> {HKLM...CLSID} = "TrayAgent" \InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **] "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" = "Code Download Agent" -> {HKLM...CLSID} = "Code Download Agent" \InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **] "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" = "ConnectionAgent" -> {HKLM...CLSID} = "ConnectionAgent" \InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **] "{D8BD2030-6FC9-11D0-864F-00AA006809D9}" = "PostAgent" -> {HKLM...CLSID} = "PostAgent" \InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **] "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" = "WebCheck SyncMgr Handler" -> {HKLM...CLSID} = "WebCheck SyncMgr Handler" \InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **] "{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}" = "Miniatures" -> {HKLM...CLSID} = "Miniatures" \InProcServer32\(Default) = "C:\WINNT\System32\thumbvw.dll" [** WMI GetObject error **] "{EAB841A0-9550-11CF-8C16-00805F1408F3}" = "Extracteur de miniatures HTML" -> {HKLM...CLSID} = "Extracteur de miniatures HTML" \InProcServer32\(Default) = "C:\WINNT\System32\thumbvw.dll" [** WMI GetObject error **] "{1AEB1360-5AFC-11D0-B806-00C04FD706EC}" = "Extracteur de miniatures des filtres graphiques Office" -> {HKLM...CLSID} = "Extracteur de miniatures des filtres graphiques Office" \InProcServer32\(Default) = "C:\WINNT\System32\thumbvw.dll" [** WMI GetObject error **] "{9DBD2C50-62AD-11D0-B806-00C04FD706EC}" = "Summary Info Thumbnail handler (DOCFILES)" -> {HKLM...CLSID} = "Summary Info Thumbnail handler (DOCFILES)" \InProcServer32\(Default) = "C:\WINNT\System32\thumbvw.dll" [** WMI GetObject error **] "{500202A0-731E-11D0-B829-00C04FD706EC}" = "LNK file thumbnail interface delegator" -> {HKLM...CLSID} = "LNK file thumbnail interface delegator" \InProcServer32\(Default) = "C:\WINNT\System32\thumbvw.dll" [** WMI GetObject error **] "{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Gestionnaire d'application du shell" -> {HKLM...CLSID} = "%DESC_AppMgr%" \InProcServer32\(Default) = "C:\WINNT\System32\appwiz.cpl" [** WMI GetObject error **] "{0B124F8C-91F0-11D1-B8B5-006008059382}" = "Énumérateur d'applications installées" -> {HKLM...CLSID} = "Énumérateur d'applications installées" \InProcServer32\(Default) = "C:\WINNT\System32\appwiz.cpl" [** WMI GetObject error **] "{CFCCC7A0-A282-11D1-9082-006008059382}" = "Darwin App Publisher" -> {HKLM...CLSID} = "Darwin App Publisher" \InProcServer32\(Default) = "C:\WINNT\System32\appwiz.cpl" [** WMI GetObject error **] "{fe1290f0-cfbd-11cf-a330-00aa00c16e65}" = "Directory Namespace" -> {HKLM...CLSID} = "Active Directory" \InProcServer32\(Default) = "dsfolder.dll" [** WMI GetObject error **] "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" = "Shell properties for a DS object" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "dsfolder.dll" [** WMI GetObject error **] "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "dsquery.dll" [** WMI GetObject error **] "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" = "Directory Object Find" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "dsquery.dll" [** WMI GetObject error **] "{F020E586-5264-11d1-A532-0000F8757D7E}" = "Directory Start/Search Find" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "dsquery.dll" [** WMI GetObject error **] "{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "dsuiext.dll" [** WMI GetObject error **] "{62AE1F9A-126A-11D0-A14B-0800361B1103}" = "Directory Context Menu Verbs" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "dsuiext.dll" [** WMI GetObject error **] "{450D8FBA-AD25-11D0-98A8-0800361B1103}" = "MyDocs Folder" -> {HKLM...CLSID} = "Mes documents" \InProcServer32\(Default) = "mydocs.dll" [** WMI GetObject error **] "{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "mydocs.dll" [** WMI GetObject error **] "{ECF03A32-103D-11d2-854D-006008059367}" = "MyDocs Drop Target" -> {HKLM...CLSID} = "MyDocs Drop Target" \InProcServer32\(Default) = "mydocs.dll" [** WMI GetObject error **] "{4a7ded0a-ad25-11d0-98a8-0800361b1103}" = "MyDocs Properties" -> {HKLM...CLSID} = "MyDocs menu and properties" \InProcServer32\(Default) = "mydocs.dll" [** WMI GetObject error **] "{750fdf0e-2a26-11d1-a3ea-080036587f03}" = "Menu Fichiers hors connexion" -> {HKLM...CLSID} = "Menu Fichiers hors connexion" \InProcServer32\(Default) = "cscui.dll" [** WMI GetObject error **] "{10CFC467-4392-11d2-8DB4-00C04FA31A66}" = "Options du dossier Fichiers hors connexion" -> {HKLM...CLSID} = "Options du dossier Fichiers hors connexion" \InProcServer32\(Default) = "cscui.dll" [** WMI GetObject error **] "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" = "Dossier Fichiers hors connexion" -> {HKLM...CLSID} = "Dossier Fichiers hors connexion" \InProcServer32\(Default) = "cscui.dll" [** WMI GetObject error **] "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" = "MMC Icon Handler" -> {HKLM...CLSID} = "ExtractIcon Class" \InProcServer32\(Default) = "mmcshext.dll" [** WMI GetObject error **] "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer" -> {HKLM...CLSID} = "Fichier CAB" \InProcServer32\(Default) = "cabview.dll" [** WMI GetObject error **] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Progra~1\WinZip\WZSHLSTB.DLL" [** WMI GetObject error **] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Progra~1\WinZip\WZSHLSTB.DLL" [** WMI GetObject error **] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Progra~1\WinZip\WZSHLSTB.DLL" [** WMI GetObject error **] "{32683183-48a0-441b-a342-7c2a440a9478}" = "Media Band" -> {HKLM...CLSID} = "Media Band" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Liste de saisie semi-automatique personnalisée MRU" -> {HKLM...CLSID} = "Liste de saisie semi-automatique personnalisée MRU" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Accessible" -> {HKLM...CLSID} = "Accessible" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{acf35015-526e-4230-9596-becbe19f0ac9}" = "Barre de progrès auto-ouvrante" -> {HKLM...CLSID} = "Barre de progrès auto-ouvrante" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}" = "Analyseur de la barre d'adresses" -> {HKLM...CLSID} = "Analyseur de la barre d'adresses" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" = "Microsoft Browser Architecture" -> {HKLM...CLSID} = "Microsoft Browser Architecture" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files" -> {HKLM...CLSID} = "Temporary Internet Files" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" = "Explorer Band" -> {HKLM...CLSID} = "Explorer Band" \InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **] "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}" = "Fichier de chaîne" -> {HKLM...CLSID} = "Channel" \InProcServer32\(Default) = "C:\WINNT\System32\cdfview.dll" [** WMI GetObject error **] "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}" = "Raccourci de chaîne" -> {HKLM...CLSID} = "Raccourci de chaîne" \InProcServer32\(Default) = "C:\WINNT\System32\cdfview.dll" [** WMI GetObject error **] "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}" = "Channel Handler Object" -> {HKLM...CLSID} = "Channel Handler Object" \InProcServer32\(Default) = "C:\WINNT\System32\cdfview.dll" [** WMI GetObject error **] "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}" = "Channel Menu" -> {HKLM...CLSID} = "Channel Menu Handler Object" \InProcServer32\(Default) = "C:\WINNT\System32\cdfview.dll" [** WMI GetObject error **] "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}" = "Channel Properties" -> {HKLM...CLSID} = "Channel Shortcut Property Pages" \InProcServer32\(Default) = "C:\WINNT\System32\cdfview.dll" [** WMI GetObject error **] "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension" -> {HKLM...CLSID} = "Auto Update Property Sheet Extension" \InProcServer32\(Default) = "C:\WINNT\System32\wuaueng.dll" [** WMI GetObject error **] "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension" -> {HKLM...CLSID} = "a² Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [** WMI GetObject error **] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ INFECTION WARNING! "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Pré-chargeur Browseui" -> {HKLM...CLSID} = "Pré-chargeur Browseui" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] INFECTION WARNING! "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Démon de cache des catégories de composant" -> {HKLM...CLSID} = "Démon de cache des catégories de composant" \InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" = (no title provided) -> {HKLM...CLSID} = "URL Exec Hook" \InProcServer32\(Default) = "shell32.dll" [** WMI GetObject error **] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "Network.ConnectionTray" = "{7007ACCF-3202-11D1-AAD2-00805FC1270E}" -> {HKLM...CLSID} = "Network Connections Tray" \InProcServer32\(Default) = "C:\WINNT\system32\NETSHELL.dll" [** WMI GetObject error **] "WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -> {HKLM...CLSID} = "WebCheck" \InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **] "SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}" -> {HKLM...CLSID} = "SysTray" \InProcServer32\(Default) = "stobject.dll" [** WMI GetObject error **] HKLM\Software\Policies\Microsoft\Windows\System\Scripts\ "Startup" -> launches: "C:\WINNT\pdt\scripts\numlock.vbs" [** WMI GetObject error **] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! Class Install Handler\CLSID = "{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" -> {HKLM...CLSID} = "AP Class Install Handler filter" \InProcServer32\(Default) = "C:\WINNT\system32\urlmon.dll" [** WMI GetObject error **] INFECTION WARNING! deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}" -> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter" \InProcServer32\(Default) = "C:\WINNT\system32\urlmon.dll" [** WMI GetObject error **] INFECTION WARNING! gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}" -> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter" \InProcServer32\(Default) = "C:\WINNT\system32\urlmon.dll" [** WMI GetObject error **] INFECTION WARNING! lzdhtml\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}" -> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter" \InProcServer32\(Default) = "C:\WINNT\system32\urlmon.dll" [** WMI GetObject error **] INFECTION WARNING! text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" -> {HKLM...CLSID} = "Filtre MIME de l'afficheur Web" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] {24F14F01-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] {24F14F02-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] {66742402-F9B9-11D1-A202-0000F81FEDEE}\(Default) = "Version Column Provider" -> {HKLM...CLSID} = "Version Column Provider" \InProcServer32\(Default) = "C:\WINNT\System32\docprop2.dll" [** WMI GetObject error **] {7f9609be-af9a-11d1-83e0-00c04fb6e984}\(Default) = "Fax Tiff Data Column Provider" -> {HKLM...CLSID} = "Fax Tiff Data Column Provider" \InProcServer32\(Default) = "C:\WINNT\system32\faxshell.dll" [** WMI GetObject error **] {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}\(Default) = (no title provided) -> {HKLM...CLSID} = "ShAVColumnProvider class" \InProcServer32\(Default) = "C:\WINNT\System32\docprop2.dll" [** WMI GetObject error **] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}" -> {HKLM...CLSID} = "Menu Fichiers hors connexion" \InProcServer32\(Default) = "cscui.dll" [** WMI GetObject error **] Open With\(Default) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}" -> {HKLM...CLSID} = "Ouvrir avec le gestionnaire de menu contextuel" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}" -> {HKLM...CLSID} = "Ajouter l'élément de cryptage dans les menus contextuels de l'Explorateur" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Progra~1\WinZip\WZSHLSTB.DLL" [** WMI GetObject error **] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}" -> {HKLM...CLSID} = "Menu Fichiers hors connexion" \InProcServer32\(Default) = "cscui.dll" [** WMI GetObject error **] Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}" -> {HKLM...CLSID} = "Ajouter l'élément de cryptage dans les menus contextuels de l'Explorateur" \InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **] Sharing\(Default) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" -> {HKLM...CLSID} = "Extensions de l'interpréteur de commandes pour le partage" \InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Progra~1\WinZip\WZSHLSTB.DLL" [** WMI GetObject error **] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}" -> {HKLM...CLSID} = "a² Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [** WMI GetObject error **] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "C:\Progra~1\WinZip\WZSHLSTB.DLL" [** WMI GetObject error **] Active Desktop and Wallpaper: ----------------------------- Active Desktop is enabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\ "SCRNSAVE.EXE" = "C:\WINNT\system32\ssstars.scr" [** WMI GetObject error **] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [** WMI GetObject error **] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [** WMI GetObject error **] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\msafd.dll [** WMI GetObject error **], 01 - 03, 06 - 16 %SystemRoot%\system32\rsvpsp.dll [** WMI GetObject error **], 04 - 05 Miscellaneous IE Hijack Points ------------------------------ C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: START_PAGE_URL=http://e-toile.edf.fr [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 2 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Affichage des messages, Messenger, "C:\WINNT\System32\services.exe" [** WMI GetObject error **] Agent de stratégie IPSEC, PolicyAgent, "C:\WINNT\System32\lsass.exe" [** WMI GetObject error **] Agent TAP, TAP, "C:\PROGRAM FILES\TAP\tap2000.exe" [** WMI GetObject error **] Appel de procédure distante (RPC), RpcSs, "C:\WINNT\system32\svchost -k rpcss" {"C:\WINNT\system32\rpcss.dll" [** WMI GetObject error **]} AVSync Manager, AvSynMgr, ""C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe"" [** WMI GetObject error **] Client de suivi de lien distribué, TrkWks, "C:\WINNT\system32\services.exe" [** WMI GetObject error **] Client DHCP, Dhcp, "C:\WINNT\System32\services.exe" [** WMI GetObject error **] Client DNS, Dnscache, "C:\WINNT\System32\services.exe" [** WMI GetObject error **] Connexions réseau, Netman, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\netman.dll" [** WMI GetObject error **]} Emplacement protégé, ProtectedStorage, "C:\WINNT\system32\services.exe" [** WMI GetObject error **] Extensions du pilote WMI, Wmi, "C:\WINNT\system32\Services.exe" [** WMI GetObject error **] Gestionnaire de comptes de sécurité, SamSs, "C:\WINNT\system32\lsass.exe" [** WMI GetObject error **] Gestionnaire de connexions d'accès distant, RasMan, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\rasmans.dll" [** WMI GetObject error **]} Gestionnaire de disque logique, dmserver, "C:\WINNT\System32\services.exe" [** WMI GetObject error **] Horloge Windows, W32Time, "C:\WINNT\System32\services.exe" [** WMI GetObject error **] Infrastructure de gestion Windows, WinMgmt, "C:\WINNT\System32\WBEM\WinMgmt.exe" [** WMI GetObject error **] Journal des événements, Eventlog, "C:\WINNT\system32\services.exe" [** WMI GetObject error **] McShield, McShield, ""C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe"" [** WMI GetObject error **] Moniteur infrarouge, Irmon, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\irmon.dll" [** WMI GetObject error **]} Médias amovibles, NtmsSvc, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\NtmsSvc.dll" [** WMI GetObject error **]} Notification d'événement système, SENS, "C:\WINNT\system32\svchost.exe -k netsvcs" {"C:\WINNT\system32\sens.dll" [** WMI GetObject error **]} Ouverture de session réseau, Netlogon, "C:\WINNT\System32\lsass.exe" [** WMI GetObject error **] Planificateur de tâches, Schedule, "C:\WINNT\system32\MSTask.exe" [** WMI GetObject error **] Plug-and-Play, PlugPlay, "C:\WINNT\system32\services.exe" [** WMI GetObject error **] Service d'accès à distance au Registre, RemoteRegistry, "C:\WINNT\system32\regsvc.exe" [** WMI GetObject error **] Service d'application d'assistance TCP/IP NetBIOS, LmHosts, "C:\WINNT\System32\services.exe" [** WMI GetObject error **] Service d'exécution par délégation, seclogon, "C:\WINNT\system32\services.exe" [** WMI GetObject error **] Spouleur d'impression, Spooler, "C:\WINNT\system32\spoolsv.exe" [** WMI GetObject error **] Station de travail, lanmanworkstation, "C:\WINNT\System32\services.exe" [** WMI GetObject error **] Still Image Service, StiSvc, "C:\WINNT\system32\stisvc.exe" [** WMI GetObject error **] SU Service, SU, "C:\WINNT\system32\SUSS.EXE" [** WMI GetObject error **] Système d'événements de COM+, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [** WMI GetObject error **]} Téléphonie, TapiSrv, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\tapisrv.dll" [** WMI GetObject error **]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ BJ Language Monitor

D'accord merci beaucoup mais quand je vais sur le lien donnée c'est une page plein de code ! Je le telecharge où alors :s ? Ou est ce que je dois laisser faire la page tout seul o_O ? Merci d'avance

C'était pour une vérification mais aussi parce que je n'arrive pas a éradiquer command service et voilà ^^ ! De plus étant sous P2P y a pas longtemps je voulais tout nettoyer et tout supprimer ^^ ! Voilà Merci en tout cas et bonne fin de soirée

Bonsoir à tous . Voilà j'ai effectuer les 4phases de nettoyage en mode sans échec pour éliminer un max de malwares etc . . . Il faut maintenant que quelqu'un m'analyse mon rapport hijack this que je viens d'effectuer svp ! Merci bcp d'avance { Je précise je suis sous windows 2000 professional avec Mozilla Firefox } Logfile of HijackThis v1.99.1 Scan saved at 21:33:43, on 14/06/2006 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\SUSS.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\WINNT\Explorer.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Hijack This\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par EDF Gaz de France R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O14 - IERESET.INF: START_PAGE_URL=http://e-toile.edf.fr O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe O23 - Service: Agent TAP (TAP) - EDF-GDF - C:\PROGRAM FILES\TAP\tap2000.exe

Bonjour à toutes et à tous . Voilà je suis déjà venu ici pour un problème et depuis j'en ai un autre avec command service ! J'ai mis en route SpyBot et il m'a trouver CommandService mais n'a pas pu supprimer deux de ces clés en disant que ils étaient surement actifs (en mémoire) et que il fallait redémarrer le pc ! Donc voilà je lance un rappart Hijack This pour résoudre ce problème . Je précise je suis sous windows 200 professional avec Mozilla Firefox . Merci d'avance : Logfile of HijackThis v1.99.1 Scan saved at 00:12:57, on 14/06/2006 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\SUSS.EXE C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\svchost.exe C:\Program Files\limewire\limewire.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par EDF Gaz de France R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - Global Startup: svchost.exe O14 - IERESET.INF: START_PAGE_URL=http://e-toile.edf.fr O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://jeux.wanadoo.fr/online2/zuma/zylomgamesplayer.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O20 - Winlogon Notify: ExtShellViews - C:\WINNT\system32\mvj8l91u1.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe O23 - Service: Agent TAP (TAP) - EDF-GDF - C:\PROGRAM FILES\TAP\tap2000.exe

Pourtant j'ai bien desinstallée antivir ! Je viens de verifier dans ajout/suppr de programmes il y est plus et dans program files je trouve pas le document cité ! :/ Je peux quand même effacer ce que tu as dit d'effacer dans le scan hijack ou pas? Merci d'avance !

Voilà j'ai suivie les instructions ! VOici le rapport HIJACK THIS ! Merci d'avance Logfile of HijackThis v1.99.1 Scan saved at 16:23:34, on 26/04/2006 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\SUSS.EXE C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par EDF Gaz de France R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O14 - IERESET.INF: START_PAGE_URL=http://e-toile.edf.fr O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://jeux.wanadoo.fr/online2/zuma/zylomgamesplayer.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O20 - Winlogon Notify: ExtShellViews - C:\WINNT\system32\mvj8l91u1.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe O23 - Service: Agent TAP (TAP) - EDF-GDF - C:\PROGRAM FILES\TAP\tap2000.exe

Bonjour à tous ! Voilà j'ai fait un scan a² personnal et il s'avère que COMMAND SERVICE ai infécté mon pc cependant sa me dit que sa la supprimer mais celui ci est toujours présenter et je n'arrive pas a supprimer la clé non plus . . . En espérant que vous pourrez m'aidez ! Je précise j'utilise WINDOWS PROFESIONEL 2000 et Mozilla Firefox . Voilà Merci d'avance Voici le rapport hijack this que je vient de faire :: Logfile of HijackThis v1.99.1 Scan saved at 16:57:22, on 25/04/2006 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\SUSS.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\WINNT\Explorer.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par EDF Gaz de France R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://e-toile.edf.fr O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://jeux.wanadoo.fr/online2/zuma/zylomgamesplayer.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O20 - Winlogon Notify: ExtShellViews - C:\WINNT\system32\mvj8l91u1.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe O23 - Service: Agent TAP (TAP) - EDF-GDF - C:\PROGRAM FILES\TAP\tap2000.exe

Euuh . . . o__O J'ai pas trop compris ce que tu a voulu dire par "comment se porte ta bécane" XD ! Et comment mettre a jour windows ? :s sa aussi je n'ai pas trop compris . . . {Désolé j'ai un peu du mal}

C'est fait j'ai fixer tout ce que tu as préciser, Voici mon nouveau SCAN & je suis en train de faire analyser mon pc avec Panda ! Logfile of HijackThis v1.99.1 Scan saved at 21:15:08, on 08/04/2006 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\SUSS.EXE C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\WINNT\Explorer.EXE C:\Program Files\Hijack This\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par EDF Gaz de France R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://e-toile.edf.fr O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://jeux.wanadoo.fr/online2/zuma/zylomgamesplayer.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O20 - Winlogon Notify: ExtShellViews - C:\WINNT\system32\mvj8l91u1.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe O23 - Service: Agent TAP (TAP) - EDF-GDF - C:\PROGRAM FILES\TAP\tap2000.exe

Biijour tout le monde x] ! Voilà euhm . . sa doit faire quand même 1 bonne semaine je suis inscrite ici et sous l'affolement de vouloir éliminer tout plein de malwares je me suis même pas présenter [Quelle honte ] Bah je me nomme Juliette, j'ai 14 ans [bientot 15] et euhm j'adore l'informatique . . . mais pas quand on est envahis par tout pleins de bêbêtes ! Bref je suis super heureuse d'avoir trouvé un forum consacré entièrement a tout ces problèmes et facile d'utilité . . . [Parce que c'est pas simple quand t'a pleins de topics et que t'es nouveau ] ! Donc voilà ^^ .

VOICI MON RAPPORT L2MFIX :: L2mfix 032106 Creating Account. La commande s'est termin‚e correctement. Adding Administrative privleges. Checking for L2MFix account(0=no 1=yes): 1 Granting SeDebugPrivilege to L2MFIX ... successful Running From: C:\WINNT\system32 Killing Processes! Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 152 'smss.exe' Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 176 'winlogon.exe' Killing PID 176 'winlogon.exe' Error 0x5 : Accès refusé. Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1140 'explorer.exe' Killing PID 1140 'explorer.exe' Error 0x5 : Accès refusé. Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright© 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1300 'rundll32.exe' Killing PID 1300 'rundll32.exe' Error 0x5 : Accès refusé. Restoring Sedebugprivilege: Granting SeDebugPrivilege to Administrateurs ... successful Scanning First Pass. Please Wait! First Pass Completed Second Pass Scanning Second pass Completed! 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). 1 fichier(s) copi‚(s). Deleting: C:\WINNT\system32\cTbinet.dll Successfully Deleted: C:\WINNT\system32\cTbinet.dll Deleting: C:\WINNT\system32\en82l1lo1.dll Successfully Deleted: C:\WINNT\system32\en82l1lo1.dll Deleting: C:\WINNT\system32\gdu32.dll Successfully Deleted: C:\WINNT\system32\gdu32.dll Deleting: C:\WINNT\system32\jycript.dll Successfully Deleted: C:\WINNT\system32\jycript.dll Deleting: C:\WINNT\system32\KHDCA.DLL Successfully Deleted: C:\WINNT\system32\KHDCA.DLL Deleting: C:\WINNT\system32\l60ulgd9160.dll Successfully Deleted: C:\WINNT\system32\l60ulgd9160.dll Deleting: C:\WINNT\system32\lvpu0979e.dll Successfully Deleted: C:\WINNT\system32\lvpu0979e.dll Deleting: C:\WINNT\system32\mndart32.dll Successfully Deleted: C:\WINNT\system32\mndart32.dll Deleting: C:\WINNT\system32\msc42.dll Successfully Deleted: C:\WINNT\system32\msc42.dll Deleting: C:\WINNT\system32\mvj8l91u1.dll Successfully Deleted: C:\WINNT\system32\mvj8l91u1.dll Deleting: C:\WINNT\system32\NKERROR.DLL Successfully Deleted: C:\WINNT\system32\NKERROR.DLL Deleting: C:\WINNT\system32\SmlScr.dll Successfully Deleted: C:\WINNT\system32\SmlScr.dll Deleting: C:\WINNT\system32\guard.tmp Successfully Deleted: C:\WINNT\system32\guard.tmp msg11?.dll 0 fichier(s) copi‚(s). Desktop.ini sucessfully removed Restoring Windows Update Certificates.: The following Is the Current Export of the Winlogon notify key: **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ExtShellViews] "Asynchronous"=dword:00000000 "DllName"="C:\\WINNT\\system32\\mvj8l91u1.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] "Logoff"="WLEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" "Lock"="SensLockEvent" "Logon"="SensLogonEvent" "Logoff"="SensLogoffEvent" "Safe"=dword:00000001 "MaxWait"=dword:00000258 "StartScreenSaver"="SensStartScreenSaverEvent" "StopScreenSaver"="SensStopScreenSaverEvent" "Startup"="SensStartupEvent" "Shutdown"="SensShutdownEvent" "StartShell"="SensStartShellEvent" "Unlock"="SensUnlockEvent" "Impersonate"=dword:00000001 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] "DLLName"="wzcdlg.dll" "Logon"="WZCEventLogon" "Logoff"="WZCEventLogoff" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000000 The following are the files found: **************************************************************************** C:\WINNT\system32\cTbinet.dll C:\WINNT\system32\en82l1lo1.dll C:\WINNT\system32\gdu32.dll C:\WINNT\system32\jycript.dll C:\WINNT\system32\KHDCA.DLL C:\WINNT\system32\l60ulgd9160.dll C:\WINNT\system32\lvpu0979e.dll C:\WINNT\system32\mndart32.dll C:\WINNT\system32\msc42.dll C:\WINNT\system32\mvj8l91u1.dll C:\WINNT\system32\NKERROR.DLL C:\WINNT\system32\SmlScr.dll C:\WINNT\system32\guard.tmp Registry Entries that were Deleted: Please verify that the listing looks ok. If there was something deleted wrongly there are backups in the backreg folder. **************************************************************************** Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}] @="" [HKEY_CLASSES_ROOT\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}\InProcServer32] @="C:\\Program Files\\Outlook Express\\wabfind.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}] @="" [HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}\InprocServer32] @="C:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}] @="" [HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}\InprocServer32] @="C:\\WINNT\\system32\\bc549.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}] @="" [HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}\InprocServer32] @="C:\\WINNT\\system32\\amtxprxy.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}] @="" [HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}\InprocServer32] @="C:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}] @="" [HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}\InprocServer32] @="C:\\WINNT\\system32\\KHDCA.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}] @="" [HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}\InprocServer32] @="C:\\WINNT\\system32\\smi_ci.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}] @="" [HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}\InprocServer32] @="C:\\WINNT\\system32\\NKERROR.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}] @="" [HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}\InprocServer32] @="C:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}] @="" [HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}\InprocServer32] @="C:\\WINNT\\system32\\cTbinet.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}] @="" [HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}\InprocServer32] @="C:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{32714800-2E5F-11d0-8B85-00AA0044F941}"=- "{18BC77C2-179E-4BC4-8F9F-820A4DA801AA}"=- "{A4B17818-D4C4-4E1B-99A9-57CD98F8AA35}"=- "{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}"=- "{4B9EAF8A-155B-44E6-9149-08432CB91D92}"=- "{5527D986-15D7-476A-9BE5-7281282FF795}"=- "{27CC2315-BB23-498D-B9C0-A55C86B504D7}"=- "{96C6C45C-EFB6-4EAC-880C-AD89929157BC}"=- "{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}"=- "{CE55D5D7-29B4-4370-BEBC-157650483A3D}"=- "{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}"=- "{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}"=- "{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}"=- "{AEEEFCE1-6349-498A-8D37-AB4628A026B6}"=- [-HKEY_CLASSES_ROOT\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}] [-HKEY_CLASSES_ROOT\CLSID\{18BC77C2-179E-4BC4-8F9F-820A4DA801AA}] [-HKEY_CLASSES_ROOT\CLSID\{A4B17818-D4C4-4E1B-99A9-57CD98F8AA35}] [-HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}] [-HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}] [-HKEY_CLASSES_ROOT\CLSID\{5527D986-15D7-476A-9BE5-7281282FF795}] [-HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}] [-HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}] [-HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}] [-HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}] [-HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}] [-HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}] [-HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}] [-HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}] REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] **************************************************************************** Desktop.ini Contents: **************************************************************************** **************************************************************************** Checking for L2MFix account(0=no 1=yes): 0 Zipping up files for submission: adding: dlls/cTbinet.dll (152 bytes security) (deflated 4%) adding: dlls/en82l1lo1.dll (152 bytes security) (deflated 5%) adding: dlls/gdu32.dll (152 bytes security) (deflated 5%) adding: dlls/guard.tmp (152 bytes security) (deflated 4%) adding: dlls/jycript.dll (152 bytes security) (deflated 5%) adding: dlls/KHDCA.DLL (152 bytes security) (deflated 5%) adding: dlls/l60ulgd9160.dll (152 bytes security) (deflated 5%) adding: dlls/lvpu0979e.dll (152 bytes security) (deflated 5%) adding: dlls/mndart32.dll (152 bytes security) (deflated 5%) adding: dlls/msc42.dll (152 bytes security) (deflated 4%) adding: dlls/mvj8l91u1.dll (152 bytes security) (deflated 4%) adding: dlls/NKERROR.DLL (152 bytes security) (deflated 5%) adding: dlls/SmlScr.dll (152 bytes security) (deflated 5%) adding: backregs/146488DA-C31E-4DA8-8DB1-A627D56ED5B6.reg (188 bytes security) (deflated 70%) adding: backregs/27CC2315-BB23-498D-B9C0-A55C86B504D7.reg (188 bytes security) (deflated 70%) adding: backregs/32714800-2E5F-11d0-8B85-00AA0044F941.reg (188 bytes security) (deflated 54%) adding: backregs/4B9EAF8A-155B-44E6-9149-08432CB91D92.reg (188 bytes security) (deflated 70%) adding: backregs/6DE1F0A3-95CD-44DD-A4A9-1497010E1572.reg (188 bytes security) (deflated 70%) adding: backregs/96C6C45C-EFB6-4EAC-880C-AD89929157BC.reg (188 bytes security) (deflated 70%) adding: backregs/AEEEFCE1-6349-498A-8D37-AB4628A026B6.reg (188 bytes security) (deflated 70%) adding: backregs/CE55D5D7-29B4-4370-BEBC-157650483A3D.reg (188 bytes security) (deflated 70%) adding: backregs/DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE.reg (188 bytes security) (deflated 70%) adding: backregs/ED10DCC2-8D23-4A40-A140-BCA76DC6490C.reg (188 bytes security) (deflated 70%) adding: backregs/FC2BFECE-BEDD-4553-9D7D-C4BD605D6478.reg (188 bytes security) (deflated 70%) adding: backregs/notibac.reg (152 bytes security) (deflated 72%) adding: backregs/shell.reg (152 bytes security) (deflated 74%) VOICI MON RAPPORT HIjACK THIS :: Logfile of HijackThis v1.99.1 Scan saved at 19:53:47, on 08/04/2006 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\csrss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\SUSS.EXE C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\PROGRAM FILES\TAP\tap2000.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\notepad.exe C:\program files\tapinfo\tapinfo.exe C:\Program Files\ZipMail\zmailLN.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\a-squared\a2guard.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par EDF Gaz de France R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Tapinfo] "c:\program files\tapinfo\tapinfo.exe" O4 - HKLM\..\Run: [Notes5.10] C:\Program Files\Notes\params\ParHKLM.exe O4 - HKLM\..\Run: [VNCServer] "C:\Program Files\ORL\VNC\WinVNC.exe" -ServiceHelper O4 - HKLM\..\Run: [ZipMail LN System Tray add-on] "C:\Program Files\ZipMail\zmailLN.exe" 033 hidden O4 - HKLM\..\Run: [zipmail] C:\Program Files\ZipMail\params\ZipMail_Par.exe O4 - HKLM\..\Run: [PARAMIE6] C:\Program Files\Internet Explorer\IE Install\ParamIE6.exe O4 - HKLM\..\Run: [GAI Maj User GP421] "C:\Program Files\GP421\GAI\UpdtUsr.cmd" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe" O4 - HKCU\..\Run: [qmkq] C:\PROGRA~1\FICHIE~1\qmkq\qmkqm.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Ouverture de Session.lnk = D:\WINNT\PDT\SCRIPTS\PDTRUN.CMD O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://e-toile.edf.fr O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://jeux.wanadoo.fr/online2/zuma/zylomgamesplayer.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O20 - Winlogon Notify: ExtShellViews - C:\WINNT\system32\mvj8l91u1.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe O23 - Service: Agent TAP (TAP) - EDF-GDF - C:\PROGRAM FILES\TAP\tap2000.exe VOILA MERCII ENCORE ^x^

Euh j'ai fait le scan mais il est disont tres long donc voilà L2MFIX find log 032106 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] "Asynchronous"=dword:00000000 "DllName"="" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\policies] "Asynchronous"=dword:00000000 "DllName"="C:\\WINNT\\system32\\hr2o05f3e.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] "{5AA71117-5F22-E5A7-F949-384FAEA07848}"="" ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia" "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage" "{41E300E0-78B6-11ce-849B-444553540000}"="Extension du Panneau de configuration PlusPack" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage ?cran du Panneau de configuration" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'interpr‚teur de commandes" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour les objets Microsoft Windows Network" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'interpr‚teur de commandes pour la compression de fichiers" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension du shell d'imprimante Web" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'interpr‚teur de commandes pour le partage" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extension de l'interpr‚teur de commande pour Windows Script Host" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau et accŠs … distance" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es" "{1A9BA3A0-143A-11CF-8350-444553540000}"="Dossier favori du shell" "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="Poste de travail" "{86747AC0-42A0-1069-A2E6-08002B30309D}"="Porte-documents" "{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Raccourci vers le dossier" "{12518493-00B2-11d2-9FA5-9E3420524153}"="Volume mont‚" "{21B22460-3AEA-1069-A2DC-08002B30309D}"="Extension de la page de propri‚t‚s des fichiers" "{B091E540-83E3-11CF-A713-0020AFD79762}"="Page des types de fichiers" "{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="Gestionnaire des types de fichiers MIME" "{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Service Copier vers Microsoft" "{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Service D‚placer vers Microsoft" "{13709620-C279-11CE-A49E-444553540000}"="Service d'automatisation de l'interface" "{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View" "{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Menu D‚marrer" "{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Service SendTo Microsoft" "{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Service Nouvel objet Microsoft" "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Ouvrir avec le gestionnaire de menu contextuel" "{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Afficher les extensions HTML du Panneau de configuration" "{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop" "{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Extension de la page de propri‚t‚s des options des dossiers" "{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon" "{4657278A-411B-11d2-839A-00C04FD918D0}"="Application d'aide du systŠme pour le glisser-d‚placer" "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Ajouter l'‚l‚ment de cryptage dans les menus contextuels de l'Explorateur" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="?tat du t‚l‚chargement" "{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Dossier Bureau" "{5b4dae26-b807-11d0-9815-00c04fd91972}"="Bande de menus" "{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Suivi du menu Shell" "{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site" "{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Barre du Bureau" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web" "{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Liens" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft" "{7487cd30-f71a-11d0-9ea7-00805f714772}"="Image miniature" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Miniatures" "{EAB841A0-9550-11CF-8C16-00805F1408F3}"="Extracteur de miniatures HTML" "{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Extracteur de miniatures des filtres graphiques Office" "{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'application du shell" "{0B124F8C-91F0-11D1-B8B5-006008059382}"="?num‚rateur d'applications install‚es" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Menu Fichiers hors connexion" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Options du dossier Fichiers hors connexion" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{E0D79304-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79305-84BE-11CE-9641-444553540000}"="WinZip" "{E0D79306-84BE-11CE-9641-444553540000}"="WinZip" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{18BC77C2-179E-4BC4-8F9F-820A4DA801AA}"="" "{A4B17818-D4C4-4E1B-99A9-57CD98F8AA35}"="" "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension" "{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}"="" "{4B9EAF8A-155B-44E6-9149-08432CB91D92}"="" "{5527D986-15D7-476A-9BE5-7281282FF795}"="" "{27CC2315-BB23-498D-B9C0-A55C86B504D7}"="" "{96C6C45C-EFB6-4EAC-880C-AD89929157BC}"="" "{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}"="" "{CE55D5D7-29B4-4370-BEBC-157650483A3D}"="" "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"="Shell Extension for Malware scanning" "{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}"="" "{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}"="" "{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}"="" "{AEEEFCE1-6349-498A-8D37-AB4628A026B6}"="" ********************************************************************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}] @="" [HKEY_CLASSES_ROOT\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}\InProcServer32] @="C:\\Program Files\\Outlook Express\\wabfind.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}] @="" [HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{6DE1F0A3-95CD-44DD-A4A9-1497010E1572}\InprocServer32] @="C:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}] @="" [HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{4B9EAF8A-155B-44E6-9149-08432CB91D92}\InprocServer32] @="C:\\WINNT\\system32\\bc549.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}] @="" [HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{27CC2315-BB23-498D-B9C0-A55C86B504D7}\InprocServer32] @="C:\\WINNT\\system32\\amtxprxy.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}] @="" [HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{96C6C45C-EFB6-4EAC-880C-AD89929157BC}\InprocServer32] @="C:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}] @="" [HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{146488DA-C31E-4DA8-8DB1-A627D56ED5B6}\InprocServer32] @="C:\\WINNT\\system32\\KHDCA.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}] @="" [HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{CE55D5D7-29B4-4370-BEBC-157650483A3D}\InprocServer32] @="C:\\WINNT\\system32\\smi_ci.dll" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}] @="" [HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{DB4C77A2-315A-4F54-B4A1-3BAB40DE83BE}\InprocServer32] @="C:\\WINNT\\system32\\NKERROR.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}] @="" [HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{ED10DCC2-8D23-4A40-A140-BCA76DC6490C}\InprocServer32] @="C:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}] @="" [HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{FC2BFECE-BEDD-4553-9D7D-C4BD605D6478}\InprocServer32] @="C:\\WINNT\\system32\\MLJINT35.DLL" "ThreadingModel"="Apartment" Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}] @="" [HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{AEEEFCE1-6349-498A-8D37-AB4628A026B6}\InprocServer32] @="C:\\WINNT\\system32\\guard.tmp" "ThreadingModel"="Apartment" ********************************************************************************** Files Found are not all bad files: C:\WINNT\SYSTEM32\ cdral.dll Fri 24 Feb 2006 23:44:38 A.... 45 056 44,00 K cdrtc.dll Fri 24 Feb 2006 23:44:38 A.... 49 152 48,00 K en82l1~1.dll Fri 7 Apr 2006 10:05:38 ..S.R 236 224 230,69 K gdu32.dll Fri 7 Apr 2006 10:09:40 ..S.R 236 224 230,69 K hr2o05~1.dll Fri 7 Apr 2006 13:29:08 ..S.R 236 224 230,69 K jycript.dll Fri 7 Apr 2006 9:53:36 ..S.R 236 224 230,69 K khdca.dll Sun 2 Apr 2006 22:03:16 ..S.R 236 224 230,69 K legitc~1.dll Tue 14 Feb 2006 10:20:14 A.... 550 120 537,23 K lvpu09~1.dll Thu 6 Apr 2006 17:35:08 ..S.R 236 235 230,70 K mljint35.dll Fri 7 Apr 2006 23:01:40 ..S.R 236 224 230,69 K mndart32.dll Fri 7 Apr 2006 13:28:08 ..S.R 236 224 230,69 K msc42.dll Thu 6 Apr 2006 17:37:36 ..S.R 234 272 228,78 K mvj8l9~1.dll Fri 7 Apr 2006 22:59:14 ..S.R 234 012 228,53 K nkerror.dll Thu 6 Apr 2006 18:42:00 A.... 236 224 230,69 K qt-dx331.dll Sat 21 Jan 2006 0:46:12 A.... 3 596 288 3,43 M smlscr.dll Thu 6 Apr 2006 17:34:06 ..S.R 236 235 230,70 K 16 items found: 16 files (11 H/S), 0 directories. Total of file sizes: 7 071 162 bytes 6,74 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Le volume dans le lecteur C s'appelle SYSTEM Le num‚ro de s‚rie du volume est D001-2062 R‚pertoire de C:\WINNT\System32 07/04/2006 23:01 236ÿ224 MLJINT35.DLL 07/04/2006 22:59 234ÿ012 mvj8l91u1.dll 07/04/2006 13:29 236ÿ224 hr2o05f3e.dll 07/04/2006 13:28 236ÿ224 mndart32.dll 07/04/2006 10:09 236ÿ224 gdu32.dll 07/04/2006 10:05 236ÿ224 en82l1lo1.dll 07/04/2006 09:53 236ÿ224 jycript.dll 06/04/2006 17:37 234ÿ272 msc42.dll 06/04/2006 17:35 236ÿ235 lvpu0979e.dll 06/04/2006 17:34 236ÿ235 SmlScr.dll 02/04/2006 22:03 236ÿ224 KHDCA.DLL 28/03/2006 12:45 <DIR> dllcache 11 fichier(s) 2ÿ594ÿ322 octets 1 R‚p(s) 21ÿ866ÿ012ÿ160 octets libres

Ok ok je vais essayer tout ça x)! Non un pc de mon boulot mais il est chez moi XD c'est mon frère qui me l'a ramener donc voilà ^^ ! Merci d'avance, bonne soirée

Voilà apres avoir suivi les indications de megataupe du mieux que j'ai pu je voudrais que vous analysiez mon rapport apres etre passer par Antivir ! Cependant il y a toujours ces pubs intempestives et ces programmes bizarres que j'arrive pas a supprimer dans mon ajout/suppresion programmes :s ! Merci d'avance f HijackThis v1.99.1 Scan saved at 23:08:53, on 07/04/2006 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\SUSS.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\WINNT\system32\rundll32.exe C:\WINNT\Explorer.EXE C:\program files\tapinfo\tapinfo.exe C:\Program Files\ZipMail\zmailLN.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\a-squared\a2guard.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\WINNT\msagent\AgentSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijack This\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par EDF Gaz de France R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Tapinfo] "c:\program files\tapinfo\tapinfo.exe" O4 - HKLM\..\Run: [Notes5.10] C:\Program Files\Notes\params\ParHKLM.exe O4 - HKLM\..\Run: [VNCServer] "C:\Program Files\ORL\VNC\WinVNC.exe" -ServiceHelper O4 - HKLM\..\Run: [ZipMail LN System Tray add-on] "C:\Program Files\ZipMail\zmailLN.exe" 033 hidden O4 - HKLM\..\Run: [zipmail] C:\Program Files\ZipMail\params\ZipMail_Par.exe O4 - HKLM\..\Run: [PARAMIE6] C:\Program Files\Internet Explorer\IE Install\ParamIE6.exe O4 - HKLM\..\Run: [GAI Maj User GP421] "C:\Program Files\GP421\GAI\UpdtUsr.cmd" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe" O4 - HKCU\..\Run: [qmkq] C:\PROGRA~1\FICHIE~1\qmkq\qmkqm.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Ouverture de Session.lnk = D:\WINNT\PDT\SCRIPTS\PDTRUN.CMD O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://e-toile.edf.fr O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,9...pdatePortal.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://jeux.wanadoo.fr/online2/zuma/zylomgamesplayer.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr O20 - Winlogon Notify: policies - C:\WINNT\system32\hr2o05f3e.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe O23 - Service: Agent TAP (TAP) - EDF-GDF - C:\PROGRAM FILES\TAP\tap2000.exe