Deconnexion 9 Telecom & Generic Host Process

Salut,

rien ne sera supprimé sauf si indiqué

Bonjour,

Merci pour votre aide! J'ai suivi toutes vos instructions mais les fichiers a supprimer apiwh32.exe nvsvcd.exe ne sont pas trouves sur mon PC...

Ewido a trouve quelque spyware comme Coolwebsearch mais il etait la depuis longtemps (j'avais arrete d'utiliser IE parce que je n'avais pas trouve de remede et Firefox ne semblait pas atteint).

Je n'ai pas encore installe Kerio, je veux d'abord voir comment le configurer.

Voci le nouveau scan:

Logfile of HijackThis v1.99.1
Scan saved at 18:15:34, on 13/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\essspk.exe
C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Fufu\桌面\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: μ?ì¨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java ????ì¨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol\Alcohol 120\StarWind\StarWindService.exe

Merci encore!

Francois

Salut,

tu peux me tutoyer ;-)

Pour la restauration du systèmen pas besoin de graveur il faut juste cocher et decocher une case :-)

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm


Clic sur demarrer, poste de travail, C:, program files, et supprime ce dossier si présent:

tencent


Clic sur demarrer, rechercher, cherche et supprime ces fichiers si présent:

qq.exe
qqexternal.exe
tbrowser.exe


Agrandi Kerio, sur la gauche dans "sécurité du réseau" mets une encoche verte à la ligne "generic host process for Win32 services"
une encoche à "confiante >sortante" et "internet> sortante"
appliquer puis ok.


Puis:

Télécharge lopxp:
http://pageperso.aol.fr/balltrap34/lopxp.zip

dézippe-le sur ton bureau puis double-clic sur le fichier "lopxp.bat"
quand il à terminé, un rapport s'ouvre : fais un copier-coller puis mets le ici

A++ ;-)

Re-bonjour,

J'ai tout fait comme tu l'as recommande et je m'appretais a ouvrir le champagne mais ca a replante en lancant lopxp...
Je ne supprime pas Tencent et les lignes que tu indiquais parce que je suis sur que ca n'est pas un probleme (c'est le Messenger chinois).
J'ai relance et voici le rapport (desole il doit y a voir des caracteres illisibles mais je ne crois pas que ca gene la comprehension, sinon dis-le moi et je traduirai):

Rapport fait ?19:37:16,58 le 14/09/2006

驱动器 C 中的卷没有标签。
卷的序列号是 1A28-120D

C:\Documents and Settings\Default User\Application Data 的目录

20/10/2003 11:15 62 desktop.ini
20/10/2003 11:14 <DIR> Microsoft
20/10/2003 11:14 <DIR> ..
20/10/2003 11:14 <DIR> .
1 &#20010;&#25991;&#20214; 62 &#23383;&#33410;
3 &#20010;&#30446;&#24405; 4607639552 &#21487;&#29992;&#23383;&#33410;
&#39537;&#21160;&#22120; C &#20013;&#30340;&#21367;&#27809;&#26377;&#26631;&#31614;&#12290;
&#21367;&#30340;&#24207;&#21015;&#21495;&#26159; 1A28-120D

C:\Documents and Settings\All Users\Application Data Index

28/03/2006 19:06 <DIR> Windows Genuine Advantage
05/03/2006 21:06 <DIR> Apple Computer
21/02/2006 13:53 <DIR> Messenger Plus!
17/02/2006 16:32 <DIR> Adobe
20/09/2004 16:27 <DIR> nView_Profiles
18/08/2004 22:00 <DIR> Symantec
20/10/2003 11:15 62 desktop.ini
20/10/2003 11:14 <DIR> Microsoft
20/10/2003 11:14 <DIR> .
20/10/2003 11:14 <DIR> ..
1 &#20010;&#25991;&#20214; 62 &#23383;&#33410;
9 &#20010;&#30446;&#24405; 4607639552 &#21487;&#29992;&#23383;&#33410;
&#39537;&#21160;&#22120; C &#20013;&#30340;&#21367;&#27809;&#26377;&#26631;&#31614;&#12290;
&#21367;&#30340;&#24207;&#21015;&#21495;&#26159; 1A28-120D

C:\Documents and Settings\YingYun\Application Data Index

09/09/2004 15:47 <DIR> Help
06/09/2004 13:14 <DIR> Adobe
03/09/2004 19:15 <DIR> Mozilla
02/09/2004 19:28 <DIR> CyberLink
01/09/2004 13:59 <DIR> Real
18/08/2004 18:54 <DIR> Macromedia
15/08/2004 23:42 <DIR> Identities
15/08/2004 23:42 62 desktop.ini
15/08/2004 23:42 <DIR> ..
15/08/2004 23:42 <DIR> .
15/08/2004 23:42 <DIR> Microsoft
1 &#20010;&#25991;&#20214; 62 &#23383;&#33410;
10 &#20010;&#30446;&#24405; 4607639552 &#21487;&#29992;&#23383;&#33410;
&#39537;&#21160;&#22120; C &#20013;&#30340;&#21367;&#27809;&#26377;&#26631;&#31614;&#12290;
&#21367;&#30340;&#24207;&#21015;&#21495;&#26159; 1A28-120D

C:\Documents and Settings\Fufu\Application Data Index
09/07/2006 11:20 <DIR> My Games
05/03/2006 20:56 <DIR> Sun
02/03/2006 14:46 <DIR> Netscape
18/02/2006 00:36 <DIR> Google
17/02/2006 15:48 <DIR> HorizonWimba
14/02/2006 17:52 <DIR> Symantec
24/09/2005 18:14 <DIR> Ahead
30/01/2005 12:01 <DIR> Yahoo Messenger
07/11/2004 15:56 <DIR> Leadertech
16/10/2004 19:27 <DIR> InterVideo
23/09/2004 22:48 <DIR> Empire XP
23/09/2004 15:35 <DIR> Help
19/09/2004 11:12 <DIR> Lavasoft
17/09/2004 13:20 <DIR> ACD Systems
05/09/2004 20:41 284 ViewerApp.dat
04/09/2004 17:04 <DIR> AdobeUM
04/09/2004 17:04 <DIR> Adobe
03/09/2004 16:08 <DIR> Mozilla
29/08/2004 19:33 <DIR> Real
22/08/2004 21:18 <DIR> CyberLink
20/08/2004 01:23 <DIR> Macromedia
19/08/2004 21:40 <DIR> Identities
19/08/2004 21:39 62 desktop.ini
19/08/2004 21:39 <DIR> Microsoft
19/08/2004 21:39 <DIR> .
19/08/2004 21:39 <DIR> ..
2 &#20010;&#25991;&#20214; 346 &#23383;&#33410;
24 &#20010;&#30446;&#24405; 4607639552 &#21487;&#29992;&#23383;&#33410;
&#39537;&#21160;&#22120; C &#20013;&#30340;&#21367;&#27809;&#26377;&#26631;&#31614;&#12290;
&#21367;&#30340;&#24207;&#21015;&#21495;&#26159; 1A28-120D

C:\Documents and Settings\Guest\Application Data &#30340;&#30446;&#24405;

21/08/2004 03:02 <DIR> Identities
21/08/2004 03:02 62 desktop.ini
21/08/2004 03:02 <DIR> Microsoft
21/08/2004 03:02 <DIR> ..
21/08/2004 03:02 <DIR> .
1 &#20010;&#25991;&#20214; 62 &#23383;&#33410;
4 &#20010;&#30446;&#24405; 4607639552 &#21487;&#29992;&#23383;&#33410;
******************************************
Recherche des taches planifi&#38289;s dans C:\WINDOWS\tasks

&#39537;&#21160;&#22120; C &#20013;&#30340;&#21367;&#27809;&#26377;&#26631;&#31614;&#12290;
&#21367;&#30340;&#24207;&#21015;&#21495;&#26159; 1A28-120D

C:\WINDOWS\Tasks &#30340;&#30446;&#24405;

20/10/2003 11:34 6 SA.DAT
20/10/2003 11:29 65 desktop.ini
20/10/2003 11:29 <DIR> ..
20/10/2003 11:29 <DIR> .
2 &#20010;&#25991;&#20214; 71 &#23383;&#33410;
2 &#20010;&#30446;&#24405; 4?607?639?552 &#21487;&#29992;&#23383;&#33410;

******************************************
Recherche dans Program files

Le dossier C:\Program Files\C2Media n'existe pas

*************** Fin du rapport ****************


Voila, desole d'etre aussi long, j'espere que la fin (du probleme!) approche :)

Francois

Salut,

pour le rapport ça semble ok on va quand même verifier quelques chose

Pour afficher tous les dossiers et fichiers cachés;

Clic sur "démarrer", "panneau de configuration", "outils" ,"option des dossiers", "affichage"
"
Coche:
¤ afficher les fichiers et dossiers cachés
Clic sur "appliquer" puis "ok"

Bonjour,

L'aventure continue... J'ai suivi a la lettre tes indications et voici le scan:

L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM &#25195;&#25551;&#20202;&#31649;&#29702;"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM &#30417;&#35270;&#22120;&#31649;&#29702;"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM &#25171;&#21360;&#26426;&#31649;&#29702;"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="&#21152;&#23494;&#19978;&#19979;&#25991;&#33756;&#21333;"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="&#20844;&#25991;&#21253;"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="&#23383;&#20307;"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC &#37197;&#32622;&#25991;&#20214;"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="&#32593;&#32476;&#36830;&#25509;"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="&#32593;&#32476;&#36830;&#25509;"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&#25195;&#25551;&#20202;&#21644;&#29031;&#30456;&#26426;"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&#25195;&#25551;&#20202;&#21644;&#29031;&#30456;&#26426;"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&#25195;&#25551;&#20202;&#21644;&#29031;&#30456;&#26426;"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&#25195;&#25551;&#20202;&#21644;&#29031;&#30456;&#26426;"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&#25195;&#25551;&#20202;&#21644;&#29031;&#30456;&#26426;"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Windows Script Host &#30340; Shell extensions"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft &#25968;&#25454;&#38142;&#25509;"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="&#20219;&#21153;&#35745;&#21010;"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="&#20219;&#21153;&#26639;&#21644;&#12300;&#24320;&#22987;&#12301;&#33756;&#21333;"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="&#25628;&#32034;"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="&#24110;&#21161;&#21644;&#25903;&#25345;"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="&#24110;&#21161;&#21644;&#25903;&#25345;"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="&#36816;&#34892;..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="&#30005;&#23376;&#37038;&#20214;"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="&#23383;&#20307;"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="&#31649;&#29702;&#24037;&#20855;"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet &#24037;&#20855;&#26639;"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="&#19979;&#36733;&#29366;&#24577;"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="&#34917;&#20805;&#30340;&#22806;&#22771;&#25991;&#20214;&#22841;"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="&#34917;&#20805;&#30340;&#22806;&#22771;&#25991;&#20214;&#22841; 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="&#25628;&#32034;&#21306;"
"{32683183-48a0-441b-a342-7c2a440a9478}"="&#23186;&#20307;&#21306;"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="&#31383;&#26684;&#20013;&#30340;&#25628;&#32034;"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web &#25628;&#32034;"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="&#27880;&#20876;&#25968;&#30446;&#36335;&#36873;&#39033;&#23454;&#29992;&#31243;&#24207;"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&#22320;&#22336;(&A)"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="&#22320;&#22336; EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU &#33258;&#21160;&#23436;&#25104;&#21015;&#34920;"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="&#33258;&#23450;&#20041; MRU &#33258;&#21160;&#23436;&#25104;&#21015;&#34920;"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="&#21487;&#35775;&#38382;&#30340;"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="&#36319;&#36394;&#24377;&#20986;&#26639;"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="&#22320;&#22336;&#26465;&#35299;&#26512;&#31243;&#24207;"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft &#21382;&#21490;&#33258;&#21160;&#23436;&#25104;&#21015;&#34920;"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft &#22806;&#22771;&#25991;&#20214;&#22841;&#33258;&#21160;&#23436;&#25104;&#21015;&#34920;"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft &#22810;&#20010;&#33258;&#21160;&#23436;&#25104;&#21015;&#34920;&#23481;&#22120;"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="&#22806;&#22771; DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="&#22806;&#22771; DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="&#22806;&#22771; Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="&#29992;&#25143;&#24110;&#21161;"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="&#20840;&#23616;&#25991;&#20214;&#22841;&#35774;&#32622;"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History &#26381;&#21153;"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="&#21382;&#21490;&#35760;&#24405;"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Internet &#20020;&#26102;&#25991;&#20214;"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Internet &#20020;&#26102;&#25991;&#20214;"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url &#25628;&#32034;&#25346;&#25509;"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 &#22871;&#20214;&#21021;&#22987;&#23631;&#24149;"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="&#27983;&#35272;&#22120;&#26639;"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX &#39640;&#36895;&#32531;&#23384;&#25991;&#20214;&#22841;"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="&#39044;&#35746;&#25991;&#20214;&#22841;"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ &#25991;&#20214;&#32553;&#30053;&#22270;&#35299;&#21387;&#32553;&#31243;&#24207;"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="&#25688;&#35201;&#20449;&#24687;&#32553;&#30053;&#22270;&#22788;&#29702;&#31243;&#24207;(DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML &#32553;&#30053;&#22270;&#30340;&#35299;&#21387;&#32553;&#31243;&#24207;"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="&#32593;&#32476;&#20986;&#29256;&#21521;&#23548;"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="&#36890;&#36807; Web &#35746;&#36141;&#29031;&#29255;"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="&#22806;&#22771;&#20986;&#29256;&#21521;&#23548;&#23545;&#35937;"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="&#33719;&#21462; Passport &#21521;&#23548;"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="&#29992;&#25143;&#24080;&#25143;"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="&#39057;&#36947;&#25991;&#20214;"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="&#39057;&#36947;&#24555;&#25463;&#26041;&#24335;"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="&#39057;&#36947;&#21477;&#26564;&#23545;&#35937;"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="&#33073;&#26426;&#25991;&#20214;&#22841;"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&#29992;&#25143;(&P)..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{950FF917-7A57-46BC-8017-59D9BF474000}"="Shell Extension for CDRW"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
Invalid keyboard code specified

C:\WINDOWS\SYSTEM32\
cmdlin~1.dll Fri Jul 7 2006 12:08:46 A.... 43,520 42.50 K

1 item found: 1 file, 0 directories.
Total of file sizes: 43,520 bytes 42.50 K
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 1A28-120D

Directory of C:\WINDOWS\System32

20/10/2003 11:55 <DIR> Microsoft
20/10/2003 11:08 <DIR> dllcache
0 File(s) 0 bytes
2 Dir(s) 4&#63733;130&#63733;430&#63733;976 bytes free

Les cles qui apparaissent avec des chaines de caracters bizarres sont en Chinois mais ne semblent, a ma connaissance, avoir rapport avec des programmes Microsoft dont Windows.

L'erreur Generic Host etc. s'est produite apres a peine 1/4 heure aujourd'hui et mon Internet a l'air plus lent depuis que j'ai fait tourne le script (je ne sais pas si ca a un rapport mais les images tardent a apparaitre et elles sont d'abord representees par des icones blanches avec un petit point rouge).

Voila, j'attends tes lumieres!

Francois

Juste un detail supplementaire, lorsque l'erreur apparait il est maintenant possible de lancer tous les programmes sans rapport avec Internet et de redemarrer le PC en passant par Demarrer etc., le PC n'est plus completement "mort".

Re,

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site....


Clic sur demarrer, executer, tape: services.msc ,cherche dans la liste ces lignes et régle le sur "manuel"

AdobeVersionCue
InCD Helper
NVIDIA Display Driver Service
StarWind iSCSI Service


Defragmente ensuite deux fois de suite ton disque dur, si ton probléme persiste dis le moi j'te donnerai des logiciels pour modifier les parametres d'Xp ;-)

A++

Bonjour,

J'ai suivi tes instructions et le demarrage est maintenant plus rapide mais rien n'a change sous Firefox. Je suis peut-etre trop exigeant... Apres tout les pages sont juste un peu plus lentes a charger, ce n'est pas grave.

Seul le plantage de Windows Update persiste, je ferai sans.

Merci beaucoup, je posterai un message si le probleme reapparait.

Francois

Dac' ;-)

A++ (enfin, j'èspere pas pour toi :-) )