Impossible de supprimer le spyware look2me

ludule -  
 berny47 -
Bonjour à tous !

En fait ,j'ai déja demander de l'aide pour supprimer ce spyware .on m'avait pourtant bien conseillé mais malheureusement rien n'y fait!
J'ai Kaspersky qui n'arrive pas à le supprimer ainsi qu'Ewido,ad-ware6.0 ,et spybot .
Ce truc est dans les fichiers système 32 et il se déplace (le fichier infecté n'est jamais le même ! Alors ,je trouve ça bizarre.
La solution serait peut-être de tout effacer sur le disque dur et réinstaller windows mais je ne sais comment faire !
S'il y avait une personne susceptible de s'intéresser à mon cas ,et bien ,je le remercie d'avance !

à plus
Ludule
A voir également:

30 réponses

Précédent
  • 1
  • 2
Réponse 21 / 30
balltrap34 Messages postés 16240 Date d'inscription   Statut Contributeur sécurité Dernière intervention   332
 
oui desoler j ais mis le lien de la page lol
0
ludule
 
Salut Balltrap !
merci de ton aide, voilà ,j'ai éxecuté lel2mremover ,il a trouvé des trucs et virés ,j'ai redémarré ensuite et kaspersky trouve toujours le l2m dois-je éteindre la connection internet pendant l'action des remover et autres "désinfectants" et dois-je le faire en mode sans échec ?
Je suis en ce moment de rescanner l'ordi avec tous mes anti virus ,spybot et consort........tu m'as dit de ne pas redémarrer à un moment mais quand ?
voilà ,je ferais connaître la suite dès que tous les outils auront finis les scans.
merci encore et bonne chasse !

Ludule
0
Réponse 22 / 30
balltrap34 Messages postés 16240 Date d'inscription   Statut Contributeur sécurité Dernière intervention   332
 
fait ceci maintenant
telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 1
attend il vas faire un rapport fait un copier coller de celui ci
ne fait surtout rien d autres
et un nouvel hijack
0
ludule Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
Balltrap ,voici donc le rapport :


L2MFIX find log 1.99
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mtls31.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{0E0F995D-6E73-B387-1A60-E6DAD65C1FB1}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{E0D79300-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79301-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79302-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{09CE81A4-5148-434B-981C-A80A0C9589BC}"=""
"{699158E0-9C6E-4C63-A1E3-E74611F03EEA}"=""
"{E4E25696-381C-4070-AD8D-6EB399FD7C7F}"=""
"{D659F863-42D2-4ABE-916E-97189319F5E1}"=""
"{C1EE8350-2384-4F07-A05D-D5F9239B2676}"=""
"{E4CAA75E-9B5F-45EB-8E4E-8B743B44F171}"="Pop-Up Stopper Anti-Spyware Toolbar"
"{8E3378AF-2840-443B-A1FC-ECBC54A190A2}"=""
"{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}"=""
"{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}"=""
"{0C473BD1-FDBB-449A-927D-021CA659F848}"=""
"{D21391AE-D687-4DED-93C2-CAC41B136BA9}"=""
"{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}"=""
"{296B7006-DFDB-4977-8BDE-9237B97079F1}"=""
"{248CEA14-BF33-4487-9CEA-A124DB97F44F}"=""
"{2E55779F-2E80-4E0B-8013-90993F0E7C22}"=""
"{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}"=""
"{D64554B0-5888-4344-BF5D-65B83243D213}"=""
"{F7AFFE16-7641-46C5-9813-423C6238BE11}"=""
"{4BF4A09A-7F5A-4001-980E-608350F332AB}"=""
"{320FB025-3DEA-49E1-A113-AA76AEB93982}"=""
"{F7CE9F26-489A-4C76-A8D0-B531580C57AE}"=""
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}"=""
"{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}"=""
"{D92B6504-755F-4C59-BA78-F67BE3AFED5A}"=""
"{1A3CD69B-1709-455B-84CD-F647ABB2CC73}"=""
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{4C14501E-D906-4C75-8093-A963334AE765}"=""
"{6EAA235B-B27F-4E16-929E-A59D104A84A2}"=""
"{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}"=""
"{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}"=""
"{5AD6B637-87A4-43AA-ABFF-90305EA04159}"=""
"{D41773FB-E400-4BED-BA89-BE9329070A90}"=""
"{60AE0CF1-DF67-4EAC-948E-B30CB6737409}"=""
"{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}"=""
"{935787CE-FC6A-4D36-AEBB-734D33CFDE65}"=""
"{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}"=""
"{EEABEC9F-BA23-4756-A5AF-45BEF6729541}"=""
"{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}"=""
"{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}"=""
"{D0664A4A-9F4F-4183-A985-C4D389586B50}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}\InprocServer32]
@="C:\\WINDOWS\\system32\\rUstls.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}\InprocServer32]
@="C:\\WINDOWS\\system32\\nbdll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}\InprocServer32]
@="C:\\WINDOWS\\system32\\krdir.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}\InprocServer32]
@="C:\\WINDOWS\\system32\\vwwwdm32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}\InprocServer32]
@="C:\\WINDOWS\\system32\\oNkley.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\TsnLib20.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}\InprocServer32]
@="C:\\WINDOWS\\system32\\miang.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}\InprocServer32]
@="C:\\WINDOWS\\system32\\muafd.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}\InprocServer32]
@="C:\\WINDOWS\\system32\\snredir.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}\InprocServer32]
@="C:\\WINDOWS\\system32\\wbavideo.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}\InprocServer32]
@="C:\\WINDOWS\\system32\\kcdest.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}\InprocServer32]
@="C:\\WINDOWS\\system32\\czmpobj.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}\InprocServer32]
@="C:\\WINDOWS\\system32\\ktdgae.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}\InprocServer32]
@="C:\\WINDOWS\\system32\\rrpcfgex.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}\InprocServer32]
@="C:\\WINDOWS\\system32\\IIETCOMM.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}\InprocServer32]
@="C:\\WINDOWS\\system32\\icmpagnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}\InprocServer32]
@="C:\\WINDOWS\\system32\\namsdba.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}\InprocServer32]
@="C:\\WINDOWS\\system32\\wwaservc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}\InprocServer32]
@="C:\\WINDOWS\\system32\\foclient.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}\InprocServer32]
@="C:\\WINDOWS\\system32\\shorprop.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}\InprocServer32]
@="C:\\WINDOWS\\system32\\mlvcr70.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}\InprocServer32]
@="C:\\WINDOWS\\system32\\dhmsvinn.dLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}\InprocServer32]
@="C:\\WINDOWS\\system32\\amkctrs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}\InprocServer32]
@="C:\\WINDOWS\\system32\\kidycl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}\InprocServer32]
@="C:\\WINDOWS\\system32\\fqntext.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\rocns4.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\dsmodemx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}\InprocServer32]
@="C:\\WINDOWS\\system32\\srlwoa.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}\InprocServer32]
@="C:\\WINDOWS\\system32\\cubjmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}\InprocServer32]
@="C:\\WINDOWS\\system32\\mtafd.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}\InprocServer32]
@="C:\\WINDOWS\\system32\\kodusx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}\InprocServer32]
@="C:\\WINDOWS\\system32\\cempstui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}\InprocServer32]
@="C:\\WINDOWS\\system32\\nedll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}\InprocServer32]
@="C:\\WINDOWS\\system32\\cvnsole.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}\InprocServer32]
@="C:\\WINDOWS\\system32\\dydskmgr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}\InprocServer32]
@="C:\\WINDOWS\\system32\\iv50_qc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}\InprocServer32]
@="C:\\WINDOWS\\system32\\modtclog.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}\InprocServer32]
@="C:\\WINDOWS\\system32\\mtls31.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est D43D-7475

R‚pertoire de C:\WINDOWS\System32

16/11/2005 21:41 <REP> dllcache
25/10/2005 12:49 176ÿ128 Interceptor.dll
25/10/2005 12:49 307ÿ200 InterceptHelper.dll
12/10/2005 22:10 180ÿ224 archlib.dll
05/11/2003 12:27 <REP> Microsoft
30/09/1999 18:21 166ÿ672 mstext35.dll
28/09/1999 20:42 1ÿ050ÿ896 msjet35.dll
09/09/1999 21:06 252ÿ688 msexcl35.dll
09/09/1999 21:06 168ÿ720 msltus35.dll
25/08/1999 13:57 415ÿ504 msrepl35.dll
10/06/1999 08:34 24ÿ848 msjter35.dll
10/06/1999 08:34 123ÿ664 msjint35.dll
07/06/1999 17:59 250ÿ128 mspdox35.dll
25/04/1999 16:00 287ÿ504 Msxbse35.dll
25/04/1999 16:00 368ÿ912 Vbar332.dll
25/04/1999 16:00 252ÿ176 Msrd2x35.dll
14 fichier(s) 4ÿ025ÿ264 octets
2 R‚p(s) 69ÿ164ÿ904ÿ448 octets libres

Là,pour moi ,ça devient du chinois !

et voilà le hijack :
Logfile of HijackThis v1.99.1
Scan saved at 20:23:26, on 24/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\pc\Mes documents\conan.ludovic\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\eDonkey2000.exe" -t
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBCF63D6-8079-43B3-87BA-9AD95E8C0486}: NameServer = 80.10.246.130 80.10.246.3
O20 - AppInit_DLLs: interceptor.dll,msgplusloader.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\mtls31.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGMA\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe



je sais pas ce que t'en pense ?

Ludule
0
Réponse 23 / 30
Utilisateur anonyme
 
salut balltrap, a l ocaz teste celui ci
http://www.ad-w-a-r-e.com/cgi-bin/UnInstaller

a+
0
balltrap34 Messages postés 16240 Date d'inscription   Statut Contributeur sécurité Dernière intervention   332
 
il fonctionne pas quand je clik sur dowload il revient sur la premiere page
0
Réponse 24 / 30
balltrap34 Messages postés 16240 Date d'inscription   Statut Contributeur sécurité Dernière intervention   332
 
demarre en mode sans echec
lance l2mfix mais cette foix option 2

ensuite relance hijack coche et fix cette lignes
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\mtls31.dll (file missing)
il se peut que ceci est changer mtls31.dll fix quand meme te trompe pas de 020

recherche et suppr C:\WINDOWS\system32\mtls31.dll
il se peut que ceci est changer mtls31.dll

redemarre et refait l2mfix option1 et un hijack
0
ludule Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
ok ,on va essayer ça et je reviens ultérieurement !!
en tout cas ,je sais pas d'ou viens ce truc mais c'est coriace !
encore merci

Ludule
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 30
balltrap34 Messages postés 16240 Date d'inscription   Statut Contributeur sécurité Dernière intervention   332
 
oui coriace comme tu dit
0
Réponse 26 / 30
Alain62
 
J'ai tout essayé depuis maintenant 11 Jours
Si je dis tout , c'est tout
Finalité : Spy sweeper m'a tout erradiqué , c'est beton!!! Plus de Pb
0
Réponse 27 / 30
balltrap34 Messages postés 16240 Date d'inscription   Statut Contributeur sécurité Dernière intervention   332
 
salut alain
ont vas voir sur la prochaine infection look2me
je ferait passer se prog
mais comme les variante vont vite lol
0
ludule Messages postés 14 Date d'inscription   Statut Membre Dernière intervention  
 
re ,
bon apparement, ça a l'air d'avoir été efficace !
voici les 2 rapports :

L2MFIX find log 1.99
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{0E0F995D-6E73-B387-1A60-E6DAD65C1FB1}"=""
"Wanadoo 7.1"="IEAKFT"

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{E0D79300-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79301-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79302-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{09CE81A4-5148-434B-981C-A80A0C9589BC}"=""
"{699158E0-9C6E-4C63-A1E3-E74611F03EEA}"=""
"{E4E25696-381C-4070-AD8D-6EB399FD7C7F}"=""
"{D659F863-42D2-4ABE-916E-97189319F5E1}"=""
"{C1EE8350-2384-4F07-A05D-D5F9239B2676}"=""
"{E4CAA75E-9B5F-45EB-8E4E-8B743B44F171}"="Pop-Up Stopper Anti-Spyware Toolbar"
"{8E3378AF-2840-443B-A1FC-ECBC54A190A2}"=""
"{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}"=""
"{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}"=""
"{0C473BD1-FDBB-449A-927D-021CA659F848}"=""
"{D21391AE-D687-4DED-93C2-CAC41B136BA9}"=""
"{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}"=""
"{296B7006-DFDB-4977-8BDE-9237B97079F1}"=""
"{248CEA14-BF33-4487-9CEA-A124DB97F44F}"=""
"{2E55779F-2E80-4E0B-8013-90993F0E7C22}"=""
"{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}"=""
"{D64554B0-5888-4344-BF5D-65B83243D213}"=""
"{F7AFFE16-7641-46C5-9813-423C6238BE11}"=""
"{4BF4A09A-7F5A-4001-980E-608350F332AB}"=""
"{320FB025-3DEA-49E1-A113-AA76AEB93982}"=""
"{F7CE9F26-489A-4C76-A8D0-B531580C57AE}"=""
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}"=""
"{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}"=""
"{D92B6504-755F-4C59-BA78-F67BE3AFED5A}"=""
"{1A3CD69B-1709-455B-84CD-F647ABB2CC73}"=""
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{4C14501E-D906-4C75-8093-A963334AE765}"=""
"{6EAA235B-B27F-4E16-929E-A59D104A84A2}"=""
"{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}"=""
"{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}"=""
"{5AD6B637-87A4-43AA-ABFF-90305EA04159}"=""
"{D41773FB-E400-4BED-BA89-BE9329070A90}"=""
"{60AE0CF1-DF67-4EAC-948E-B30CB6737409}"=""
"{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}"=""
"{935787CE-FC6A-4D36-AEBB-734D33CFDE65}"=""
"{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}"=""
"{EEABEC9F-BA23-4756-A5AF-45BEF6729541}"=""
"{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}"=""
"{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}"=""
"{D0664A4A-9F4F-4183-A985-C4D389586B50}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}\InprocServer32]
@="C:\\WINDOWS\\system32\\rUstls.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}\InprocServer32]
@="C:\\WINDOWS\\system32\\nbdll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}\InprocServer32]
@="C:\\WINDOWS\\system32\\krdir.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}\InprocServer32]
@="C:\\WINDOWS\\system32\\vwwwdm32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}\InprocServer32]
@="C:\\WINDOWS\\system32\\oNkley.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\TsnLib20.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}\InprocServer32]
@="C:\\WINDOWS\\system32\\miang.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}\InprocServer32]
@="C:\\WINDOWS\\system32\\muafd.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}\InprocServer32]
@="C:\\WINDOWS\\system32\\snredir.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}\InprocServer32]
@="C:\\WINDOWS\\system32\\wbavideo.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}\InprocServer32]
@="C:\\WINDOWS\\system32\\kcdest.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}\InprocServer32]
@="C:\\WINDOWS\\system32\\czmpobj.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}\InprocServer32]
@="C:\\WINDOWS\\system32\\ktdgae.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}\InprocServer32]
@="C:\\WINDOWS\\system32\\rrpcfgex.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}\InprocServer32]
@="C:\\WINDOWS\\system32\\IIETCOMM.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}\InprocServer32]
@="C:\\WINDOWS\\system32\\icmpagnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}\InprocServer32]
@="C:\\WINDOWS\\system32\\namsdba.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}\InprocServer32]
@="C:\\WINDOWS\\system32\\wwaservc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}\InprocServer32]
@="C:\\WINDOWS\\system32\\foclient.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}\InprocServer32]
@="C:\\WINDOWS\\system32\\shorprop.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}\InprocServer32]
@="C:\\WINDOWS\\system32\\mlvcr70.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}\InprocServer32]
@="C:\\WINDOWS\\system32\\dhmsvinn.dLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}\InprocServer32]
@="C:\\WINDOWS\\system32\\amkctrs.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}\InprocServer32]
@="C:\\WINDOWS\\system32\\kidycl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}\InprocServer32]
@="C:\\WINDOWS\\system32\\fqntext.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}\InprocServer32]
@="C:\\WINDOWS\\system32\\rocns4.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}\InprocServer32]
@="C:\\WINDOWS\\system32\\dsmodemx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}\InprocServer32]
@="C:\\WINDOWS\\system32\\srlwoa.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}\InprocServer32]
@="C:\\WINDOWS\\system32\\cubjmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}\InprocServer32]
@="C:\\WINDOWS\\system32\\mtafd.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}\InprocServer32]
@="C:\\WINDOWS\\system32\\kodusx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}\InprocServer32]
@="C:\\WINDOWS\\system32\\cempstui.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}\InprocServer32]
@="C:\\WINDOWS\\system32\\nedll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}\InprocServer32]
@="C:\\WINDOWS\\system32\\cvnsole.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}\InprocServer32]
@="C:\\WINDOWS\\system32\\dydskmgr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}\InprocServer32]
@="C:\\WINDOWS\\system32\\iv50_qc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}\InprocServer32]
@="C:\\WINDOWS\\system32\\modtclog.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}\InprocServer32]
@="C:\\WINDOWS\\system32\\mtls31.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est D43D-7475

R‚pertoire de C:\WINDOWS\System32

16/11/2005 21:41 <REP> dllcache
25/10/2005 12:49 176ÿ128 Interceptor.dll
25/10/2005 12:49 307ÿ200 InterceptHelper.dll
12/10/2005 22:10 180ÿ224 archlib.dll
05/11/2003 12:27 <REP> Microsoft
30/09/1999 18:21 166ÿ672 mstext35.dll
28/09/1999 20:42 1ÿ050ÿ896 msjet35.dll
09/09/1999 21:06 252ÿ688 msexcl35.dll
09/09/1999 21:06 168ÿ720 msltus35.dll
25/08/1999 13:57 415ÿ504 msrepl35.dll
10/06/1999 08:34 24ÿ848 msjter35.dll
10/06/1999 08:34 123ÿ664 msjint35.dll
07/06/1999 17:59 250ÿ128 mspdox35.dll
25/04/1999 16:00 287ÿ504 Msxbse35.dll
25/04/1999 16:00 368ÿ912 Vbar332.dll
25/04/1999 16:00 252ÿ176 Msrd2x35.dll
14 fichier(s) 4ÿ025ÿ264 octets
2 R‚p(s) 69ÿ127ÿ081ÿ984 octets libres

et le hijack :

Logfile of HijackThis v1.99.1
Scan saved at 21:45:30, on 24/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\E-Color\Common\IconMgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pc\Mes documents\conan.ludovic\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\eDonkey2000.exe" -t
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBCF63D6-8079-43B3-87BA-9AD95E8C0486}: NameServer = 80.10.246.1 80.10.246.132
O20 - AppInit_DLLs: interceptor.dll,msgplusloader.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGMA\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

voici les rapports pour les spécialistes ,en tout cas ,kaspersky ne détecte plus rien ,par contre :
en mode sans échec le l2mfix n'a pas fonctionné cause =mode sans échec mais
l2mremover a très bien fonctionné et a virer le truc

en tout cas ,je vous remercie fortement pour le coup de main
et j'espère que cela sera utile aux autres personnes infectés par ce truc qui vient de je ne sais ou.
merci et bonne soirée à tous
et bonne chasse !!

ludule
0
Réponse 28 / 30
StockholmAngel
 
Bonjour.

Un ptit lien...

http://www.simplytech.it/L2MRemover/L2MRemover.zip

A dézipper, a exécuter, un ptit reboot, et fini le cauchemar.

Amicalement
0
Réponse 29 / 30
meia
 
bonjour, je pense également être infecté,jevous envoie le rapport hijack, merci d'avance !

Logfile of HijackThis v1.99.1
Scan saved at 13:18:01, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Storage RW\shwicon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LeechGet 2003\LeechGet.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A91313BB-1FA3-ED50-2C6B-17A5DAA97110} - C:\DOCUME~1\PROPRI~1\APPLIC~1\CHINMA~1\DART TIME.exe (file missing)
O2 - BHO: (no name) - {F2D0E61D-827D-E908-7A52-0C431E7CE9DC} - C:\PROGRA~1\CHINMA~1\DART TIME.exe (file missing)
O3 - Toolbar: SuperBar - {984ABD6E-7490-4571-8969-D07589FE59A1} - C:\Program Files\SuperBar\SuperBar.Dll (file missing)
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\syshost.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [view face enc more] C:\Documents and Settings\All Users\Application Data\joy peak view face\PEAK VC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2003\\Parser.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2003\\Wizard.html
O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2003\\AddUrl.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VIGUARD Service (VigService) - Unknown owner - C:\Program Files\VIGUARD\SERVICE.EXE (file missing)
0
Réponse 30 / 30
berny47
 
Bonjour,

chez moi, il a été détecté et éradiqué par windows defender...(durée 3mn)

J'ai ensuite passé ewido qui n'a plus rien détecté...(durée 15mn, et plus compliqué puisqu'il faut le faire en mode sans echec)
0

Discussions similaires

PIX
plart -
jordane45 -

1 réponse