Impossible de supprimer le spyware look2me - Page 2

Précédent
  • 1
  • 2
  1. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    oui desoler j ais mis le lien de la page lol
    0
    1. ludule
       
      Salut Balltrap !
      merci de ton aide, voilà ,j'ai éxecuté lel2mremover ,il a trouvé des trucs et virés ,j'ai redémarré ensuite et kaspersky trouve toujours le l2m dois-je éteindre la connection internet pendant l'action des remover et autres "désinfectants" et dois-je le faire en mode sans échec ?
      Je suis en ce moment de rescanner l'ordi avec tous mes anti virus ,spybot et consort........tu m'as dit de ne pas redémarrer à un moment mais quand ?
      voilà ,je ferais connaître la suite dès que tous les outils auront finis les scans.
      merci encore et bonne chasse !

      Ludule
      0
  2. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    fait ceci maintenant
    telecharge ceci
    http://www.downloads.subratam.org/l2mfix.exe
    decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 1
    attend il vas faire un rapport fait un copier coller de celui ci
    ne fait surtout rien d autres
    et un nouvel hijack
    0
    1. ludule Messages postés 14 Statut Membre
       
      Balltrap ,voici donc le rapport :


      L2MFIX find log 1.99
      These are the registry keys present
      **********************************************************************************
      Winlogon/notify:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
      6c,00,00,00
      "Logoff"="ChainWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Logoff"="CryptnetWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
      "DLLName"="cscdll.dll"
      "Logon"="WinlogonLogonEvent"
      "Logoff"="WinlogonLogoffEvent"
      "ScreenSaver"="WinlogonScreenSaverEvent"
      "Startup"="WinlogonStartupEvent"
      "Shutdown"="WinlogonShutdownEvent"
      "StartShell"="WinlogonStartShellEvent"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]
      "Asynchronous"=dword:00000000
      "DllName"="C:\\WINDOWS\\system32\\mtls31.dll"
      "Impersonate"=dword:00000000
      "Logon"="WinLogon"
      "Logoff"="WinLogoff"
      "Shutdown"="WinShutdown"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
      "DLLName"="wlnotify.dll"
      "Logon"="SCardStartCertProp"
      "Logoff"="SCardStopCertProp"
      "Lock"="SCardSuspendCertProp"
      "Unlock"="SCardResumeCertProp"
      "Enabled"=dword:00000001
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "StartShell"="SchedStartShell"
      "Logoff"="SchedEventLogOff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
      "Logoff"="WLEventLogoff"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001
      "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
      "DLLName"="WlNotify.dll"
      "Lock"="SensLockEvent"
      "Logon"="SensLogonEvent"
      "Logoff"="SensLogoffEvent"
      "Safe"=dword:00000001
      "MaxWait"=dword:00000258
      "StartScreenSaver"="SensStartScreenSaverEvent"
      "StopScreenSaver"="SensStopScreenSaverEvent"
      "Startup"="SensStartupEvent"
      "Shutdown"="SensShutdownEvent"
      "StartShell"="SensStartShellEvent"
      "PostShell"="SensPostShellEvent"
      "Disconnect"="SensDisconnectEvent"
      "Reconnect"="SensReconnectEvent"
      "Unlock"="SensUnlockEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "Logoff"="TSEventLogoff"
      "Logon"="TSEventLogon"
      "PostShell"="TSEventPostShell"
      "Shutdown"="TSEventShutdown"
      "StartShell"="TSEventStartShell"
      "Startup"="TSEventStartup"
      "MaxWait"=dword:00000258
      "Reconnect"="TSEventReconnect"
      "Disconnect"="TSEventDisconnect"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
      "DLLName"="wlnotify.dll"
      "Logon"="RegisterTicketExpiredNotificationEvent"
      "Logoff"="UnregisterTicketExpiredNotificationEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001


      RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
      Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
      This program is Freeware, use it on your own risk!

      Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
      (NI) ALLOW Full access AUTORITE NT\SYSTEM
      (IO) ALLOW Full access AUTORITE NT\SYSTEM
      (NI) ALLOW Full access AUTORITE NT\SYSTEM
      (IO) ALLOW Full access AUTORITE NT\SYSTEM
      (ID-NI) ALLOW Read BUILTIN\Utilisateurs
      (ID-IO) ALLOW Read BUILTIN\Utilisateurs
      (ID-NI) ALLOW Full access BUILTIN\Administrateurs
      (ID-IO) ALLOW Full access BUILTIN\Administrateurs
      (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
      (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
      (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


      **********************************************************************************
      useragent:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
      "{0E0F995D-6E73-B387-1A60-E6DAD65C1FB1}"=""

      **********************************************************************************
      Shell Extension key:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
      "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
      "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
      "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
      "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
      "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
      "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
      "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
      "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
      "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
      "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
      "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
      "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
      "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
      "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
      "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
      "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
      "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
      "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
      "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
      "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
      "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
      "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
      "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
      "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
      "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
      "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
      "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
      "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
      "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
      "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
      "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
      "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
      "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
      "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
      "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
      "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
      "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
      "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
      "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
      "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
      "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
      "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
      "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
      "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
      "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
      "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
      "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
      "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
      "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
      "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
      "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
      "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
      "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
      "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
      "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
      "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
      "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
      "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
      "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
      "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
      "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
      "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
      "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
      "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
      "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
      "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
      "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
      "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
      "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
      "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
      "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
      "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
      "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
      "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
      "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
      "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
      "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
      "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
      "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
      "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
      "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
      "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
      "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
      "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
      "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
      "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
      "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
      "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
      "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
      "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
      "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
      "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
      "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
      "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
      "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
      "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
      "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
      "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
      "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
      "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
      "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
      "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
      "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
      "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
      "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
      "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
      "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
      "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
      "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
      "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
      "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
      "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
      "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
      "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
      "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
      "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
      "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
      "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
      "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
      "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
      "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
      "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
      "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
      "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
      "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
      "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
      "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
      "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
      "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
      "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
      "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
      "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
      "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
      "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
      "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
      "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
      "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
      "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
      "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
      "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
      "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
      "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
      "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
      "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
      "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
      "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
      "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
      "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
      "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
      "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
      "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
      "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
      "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
      "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
      "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
      "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
      "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
      "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
      "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
      "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
      "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
      "{E0D79300-84BE-11CE-9641-444553540000}"="WinZip"
      "{E0D79301-84BE-11CE-9641-444553540000}"="WinZip"
      "{E0D79302-84BE-11CE-9641-444553540000}"="WinZip"
      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
      "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
      "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
      "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
      "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
      "{09CE81A4-5148-434B-981C-A80A0C9589BC}"=""
      "{699158E0-9C6E-4C63-A1E3-E74611F03EEA}"=""
      "{E4E25696-381C-4070-AD8D-6EB399FD7C7F}"=""
      "{D659F863-42D2-4ABE-916E-97189319F5E1}"=""
      "{C1EE8350-2384-4F07-A05D-D5F9239B2676}"=""
      "{E4CAA75E-9B5F-45EB-8E4E-8B743B44F171}"="Pop-Up Stopper Anti-Spyware Toolbar"
      "{8E3378AF-2840-443B-A1FC-ECBC54A190A2}"=""
      "{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}"=""
      "{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}"=""
      "{0C473BD1-FDBB-449A-927D-021CA659F848}"=""
      "{D21391AE-D687-4DED-93C2-CAC41B136BA9}"=""
      "{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}"=""
      "{296B7006-DFDB-4977-8BDE-9237B97079F1}"=""
      "{248CEA14-BF33-4487-9CEA-A124DB97F44F}"=""
      "{2E55779F-2E80-4E0B-8013-90993F0E7C22}"=""
      "{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}"=""
      "{D64554B0-5888-4344-BF5D-65B83243D213}"=""
      "{F7AFFE16-7641-46C5-9813-423C6238BE11}"=""
      "{4BF4A09A-7F5A-4001-980E-608350F332AB}"=""
      "{320FB025-3DEA-49E1-A113-AA76AEB93982}"=""
      "{F7CE9F26-489A-4C76-A8D0-B531580C57AE}"=""
      "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
      "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
      "{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}"=""
      "{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}"=""
      "{D92B6504-755F-4C59-BA78-F67BE3AFED5A}"=""
      "{1A3CD69B-1709-455B-84CD-F647ABB2CC73}"=""
      "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
      "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
      "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
      "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
      "{4C14501E-D906-4C75-8093-A963334AE765}"=""
      "{6EAA235B-B27F-4E16-929E-A59D104A84A2}"=""
      "{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}"=""
      "{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}"=""
      "{5AD6B637-87A4-43AA-ABFF-90305EA04159}"=""
      "{D41773FB-E400-4BED-BA89-BE9329070A90}"=""
      "{60AE0CF1-DF67-4EAC-948E-B30CB6737409}"=""
      "{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}"=""
      "{935787CE-FC6A-4D36-AEBB-734D33CFDE65}"=""
      "{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}"=""
      "{EEABEC9F-BA23-4756-A5AF-45BEF6729541}"=""
      "{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}"=""
      "{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}"=""
      "{D0664A4A-9F4F-4183-A985-C4D389586B50}"=""

      **********************************************************************************
      HKEY ROOT CLASSIDS:
      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}]
      @=""
      "IDEx"="ADDR"

      [HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}\InprocServer32]
      @="C:\\WINDOWS\\system32\\rUstls.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}\InprocServer32]
      @="C:\\WINDOWS\\system32\\nbdll.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}\InprocServer32]
      @="C:\\WINDOWS\\system32\\krdir.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}\InprocServer32]
      @="C:\\WINDOWS\\system32\\vwwwdm32.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}\InprocServer32]
      @="C:\\WINDOWS\\system32\\oNkley.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}\InprocServer32]
      @="C:\\WINDOWS\\system32\\TsnLib20.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}\InprocServer32]
      @="C:\\WINDOWS\\system32\\miang.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}\InprocServer32]
      @="C:\\WINDOWS\\system32\\muafd.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}\InprocServer32]
      @="C:\\WINDOWS\\system32\\snredir.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}\InprocServer32]
      @="C:\\WINDOWS\\system32\\wbavideo.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}\InprocServer32]
      @="C:\\WINDOWS\\system32\\kcdest.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}\InprocServer32]
      @="C:\\WINDOWS\\system32\\czmpobj.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}\InprocServer32]
      @="C:\\WINDOWS\\system32\\ktdgae.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}\InprocServer32]
      @="C:\\WINDOWS\\system32\\rrpcfgex.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}\InprocServer32]
      @="C:\\WINDOWS\\system32\\IIETCOMM.DLL"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}\InprocServer32]
      @="C:\\WINDOWS\\system32\\icmpagnt.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}\InprocServer32]
      @="C:\\WINDOWS\\system32\\namsdba.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}\InprocServer32]
      @="C:\\WINDOWS\\system32\\wwaservc.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}\InprocServer32]
      @="C:\\WINDOWS\\system32\\foclient.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}\InprocServer32]
      @="C:\\WINDOWS\\system32\\shorprop.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}\InprocServer32]
      @="C:\\WINDOWS\\system32\\mlvcr70.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}\InprocServer32]
      @="C:\\WINDOWS\\system32\\dhmsvinn.dLL"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}\InprocServer32]
      @="C:\\WINDOWS\\system32\\amkctrs.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}\InprocServer32]
      @="C:\\WINDOWS\\system32\\kidycl.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}\InprocServer32]
      @="C:\\WINDOWS\\system32\\fqntext.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}\InprocServer32]
      @="C:\\WINDOWS\\system32\\rocns4.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}\InprocServer32]
      @="C:\\WINDOWS\\system32\\dsmodemx.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}\InprocServer32]
      @="C:\\WINDOWS\\system32\\srlwoa.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}\InprocServer32]
      @="C:\\WINDOWS\\system32\\cubjmon.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}\InprocServer32]
      @="C:\\WINDOWS\\system32\\mtafd.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}\InprocServer32]
      @="C:\\WINDOWS\\system32\\kodusx.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}\InprocServer32]
      @="C:\\WINDOWS\\system32\\cempstui.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}\InprocServer32]
      @="C:\\WINDOWS\\system32\\nedll.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}\InprocServer32]
      @="C:\\WINDOWS\\system32\\cvnsole.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}\InprocServer32]
      @="C:\\WINDOWS\\system32\\dydskmgr.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}\InprocServer32]
      @="C:\\WINDOWS\\system32\\iv50_qc.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}\InprocServer32]
      @="C:\\WINDOWS\\system32\\modtclog.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}\InprocServer32]
      @="C:\\WINDOWS\\system32\\mtls31.dll"
      "ThreadingModel"="Apartment"

      **********************************************************************************
      Files Found are not all bad files:
      Locate .tmp files:
      Le volume dans le lecteur C n'a pas de nom.
      Le num‚ro de s‚rie du volume est D43D-7475

      R‚pertoire de C:\WINDOWS\System32

      16/11/2005 21:41 <REP> dllcache
      25/10/2005 12:49 176ÿ128 Interceptor.dll
      25/10/2005 12:49 307ÿ200 InterceptHelper.dll
      12/10/2005 22:10 180ÿ224 archlib.dll
      05/11/2003 12:27 <REP> Microsoft
      30/09/1999 18:21 166ÿ672 mstext35.dll
      28/09/1999 20:42 1ÿ050ÿ896 msjet35.dll
      09/09/1999 21:06 252ÿ688 msexcl35.dll
      09/09/1999 21:06 168ÿ720 msltus35.dll
      25/08/1999 13:57 415ÿ504 msrepl35.dll
      10/06/1999 08:34 24ÿ848 msjter35.dll
      10/06/1999 08:34 123ÿ664 msjint35.dll
      07/06/1999 17:59 250ÿ128 mspdox35.dll
      25/04/1999 16:00 287ÿ504 Msxbse35.dll
      25/04/1999 16:00 368ÿ912 Vbar332.dll
      25/04/1999 16:00 252ÿ176 Msrd2x35.dll
      14 fichier(s) 4ÿ025ÿ264 octets
      2 R‚p(s) 69ÿ164ÿ904ÿ448 octets libres

      Là,pour moi ,ça devient du chinois !

      et voilà le hijack :
      Logfile of HijackThis v1.99.1
      Scan saved at 20:23:26, on 24/11/2005
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\Program Files\ewido\security suite\ewidoctrl.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\Tablet.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
      C:\PROGRA~1\MESSAG~1\StartMessager.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Messenger Plus! 3\MsgPlus.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\E-Color\Common\IconMgr.exe
      C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\system32\Wtablet\TabUserW.exe
      C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\cmd.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Documents and Settings\pc\Mes documents\conan.ludovic\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
      O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
      O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
      O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
      O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\eDonkey2000.exe" -t
      O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
      O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
      O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{BBCF63D6-8079-43B3-87BA-9AD95E8C0486}: NameServer = 80.10.246.130 80.10.246.3
      O20 - AppInit_DLLs: interceptor.dll,msgplusloader.dll
      O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\mtls31.dll (file missing)
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGMA\command.exe (file missing)
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
      O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe



      je sais pas ce que t'en pense ?

      Ludule
      0
  3. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    demarre en mode sans echec
    lance l2mfix mais cette foix option 2

    ensuite relance hijack coche et fix cette lignes
    O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\mtls31.dll (file missing)
    il se peut que ceci est changer mtls31.dll fix quand meme te trompe pas de 020

    recherche et suppr C:\WINDOWS\system32\mtls31.dll
    il se peut que ceci est changer mtls31.dll

    redemarre et refait l2mfix option1 et un hijack
    0
    1. ludule Messages postés 14 Statut Membre
       
      ok ,on va essayer ça et je reviens ultérieurement !!
      en tout cas ,je sais pas d'ou viens ce truc mais c'est coriace !
      encore merci

      Ludule
      0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    oui coriace comme tu dit
    0
  6. Alain62
     
    J'ai tout essayé depuis maintenant 11 Jours
    Si je dis tout , c'est tout
    Finalité : Spy sweeper m'a tout erradiqué , c'est beton!!! Plus de Pb
    0
  7. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    salut alain
    ont vas voir sur la prochaine infection look2me
    je ferait passer se prog
    mais comme les variante vont vite lol
    0
    1. ludule Messages postés 14 Statut Membre
       
      re ,
      bon apparement, ça a l'air d'avoir été efficace !
      voici les 2 rapports :

      L2MFIX find log 1.99
      These are the registry keys present
      **********************************************************************************
      Winlogon/notify:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
      6c,00,00,00
      "Logoff"="ChainWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
      "Asynchronous"=dword:00000000
      "Impersonate"=dword:00000000
      "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Logoff"="CryptnetWlxLogoffEvent"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
      "DLLName"="cscdll.dll"
      "Logon"="WinlogonLogonEvent"
      "Logoff"="WinlogonLogoffEvent"
      "ScreenSaver"="WinlogonScreenSaverEvent"
      "Startup"="WinlogonStartupEvent"
      "Shutdown"="WinlogonShutdownEvent"
      "StartShell"="WinlogonStartShellEvent"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
      "DLLName"="wlnotify.dll"
      "Logon"="SCardStartCertProp"
      "Logoff"="SCardStopCertProp"
      "Lock"="SCardSuspendCertProp"
      "Unlock"="SCardResumeCertProp"
      "Enabled"=dword:00000001
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "StartShell"="SchedStartShell"
      "Logoff"="SchedEventLogOff"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
      "Logoff"="WLEventLogoff"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000001
      "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
      "DLLName"="WlNotify.dll"
      "Lock"="SensLockEvent"
      "Logon"="SensLogonEvent"
      "Logoff"="SensLogoffEvent"
      "Safe"=dword:00000001
      "MaxWait"=dword:00000258
      "StartScreenSaver"="SensStartScreenSaverEvent"
      "StopScreenSaver"="SensStopScreenSaverEvent"
      "Startup"="SensStartupEvent"
      "Shutdown"="SensShutdownEvent"
      "StartShell"="SensStartShellEvent"
      "PostShell"="SensPostShellEvent"
      "Disconnect"="SensDisconnectEvent"
      "Reconnect"="SensReconnectEvent"
      "Unlock"="SensUnlockEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
      "Asynchronous"=dword:00000000
      "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
      6c,00,6c,00,00,00
      "Impersonate"=dword:00000000
      "Logoff"="TSEventLogoff"
      "Logon"="TSEventLogon"
      "PostShell"="TSEventPostShell"
      "Shutdown"="TSEventShutdown"
      "StartShell"="TSEventStartShell"
      "Startup"="TSEventStartup"
      "MaxWait"=dword:00000258
      "Reconnect"="TSEventReconnect"
      "Disconnect"="TSEventDisconnect"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
      "DLLName"="wlnotify.dll"
      "Logon"="RegisterTicketExpiredNotificationEvent"
      "Logoff"="UnregisterTicketExpiredNotificationEvent"
      "Impersonate"=dword:00000001
      "Asynchronous"=dword:00000001

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
      "DLLName"="wzcdlg.dll"
      "Logon"="WZCEventLogon"
      "Logoff"="WZCEventLogoff"
      "Impersonate"=dword:00000000
      "Asynchronous"=dword:00000000


      RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
      Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
      This program is Freeware, use it on your own risk!

      Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
      (NI) ALLOW Full access AUTORITE NT\SYSTEM
      (IO) ALLOW Full access AUTORITE NT\SYSTEM
      (NI) ALLOW Full access AUTORITE NT\SYSTEM
      (IO) ALLOW Full access AUTORITE NT\SYSTEM
      (ID-NI) ALLOW Read BUILTIN\Utilisateurs
      (ID-IO) ALLOW Read BUILTIN\Utilisateurs
      (ID-NI) ALLOW Full access BUILTIN\Administrateurs
      (ID-IO) ALLOW Full access BUILTIN\Administrateurs
      (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
      (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
      (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


      **********************************************************************************
      useragent:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
      "{0E0F995D-6E73-B387-1A60-E6DAD65C1FB1}"=""
      "Wanadoo 7.1"="IEAKFT"

      **********************************************************************************
      Shell Extension key:
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
      "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
      "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
      "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
      "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
      "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
      "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
      "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
      "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
      "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
      "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
      "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
      "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
      "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
      "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
      "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
      "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
      "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
      "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
      "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
      "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
      "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
      "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
      "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
      "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
      "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
      "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
      "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
      "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
      "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
      "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
      "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
      "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
      "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
      "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
      "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
      "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
      "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
      "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
      "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
      "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
      "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
      "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
      "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
      "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
      "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
      "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
      "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
      "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
      "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
      "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
      "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
      "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
      "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
      "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
      "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
      "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
      "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
      "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
      "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
      "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
      "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
      "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
      "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
      "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
      "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
      "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
      "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
      "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
      "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
      "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
      "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
      "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
      "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
      "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
      "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
      "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
      "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
      "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
      "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
      "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
      "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
      "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
      "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
      "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
      "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
      "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
      "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
      "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
      "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
      "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
      "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
      "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
      "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
      "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
      "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
      "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
      "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
      "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
      "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
      "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
      "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
      "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
      "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
      "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
      "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
      "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
      "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
      "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
      "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
      "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
      "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
      "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
      "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
      "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
      "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
      "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
      "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
      "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
      "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
      "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
      "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
      "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
      "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
      "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
      "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
      "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
      "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
      "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
      "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
      "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
      "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
      "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
      "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
      "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
      "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
      "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
      "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
      "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
      "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
      "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
      "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
      "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
      "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
      "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
      "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
      "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
      "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
      "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
      "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
      "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
      "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
      "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
      "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
      "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
      "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
      "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
      "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
      "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
      "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
      "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
      "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
      "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
      "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
      "{E0D79300-84BE-11CE-9641-444553540000}"="WinZip"
      "{E0D79301-84BE-11CE-9641-444553540000}"="WinZip"
      "{E0D79302-84BE-11CE-9641-444553540000}"="WinZip"
      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
      "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
      "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
      "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
      "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
      "{09CE81A4-5148-434B-981C-A80A0C9589BC}"=""
      "{699158E0-9C6E-4C63-A1E3-E74611F03EEA}"=""
      "{E4E25696-381C-4070-AD8D-6EB399FD7C7F}"=""
      "{D659F863-42D2-4ABE-916E-97189319F5E1}"=""
      "{C1EE8350-2384-4F07-A05D-D5F9239B2676}"=""
      "{E4CAA75E-9B5F-45EB-8E4E-8B743B44F171}"="Pop-Up Stopper Anti-Spyware Toolbar"
      "{8E3378AF-2840-443B-A1FC-ECBC54A190A2}"=""
      "{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}"=""
      "{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}"=""
      "{0C473BD1-FDBB-449A-927D-021CA659F848}"=""
      "{D21391AE-D687-4DED-93C2-CAC41B136BA9}"=""
      "{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}"=""
      "{296B7006-DFDB-4977-8BDE-9237B97079F1}"=""
      "{248CEA14-BF33-4487-9CEA-A124DB97F44F}"=""
      "{2E55779F-2E80-4E0B-8013-90993F0E7C22}"=""
      "{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}"=""
      "{D64554B0-5888-4344-BF5D-65B83243D213}"=""
      "{F7AFFE16-7641-46C5-9813-423C6238BE11}"=""
      "{4BF4A09A-7F5A-4001-980E-608350F332AB}"=""
      "{320FB025-3DEA-49E1-A113-AA76AEB93982}"=""
      "{F7CE9F26-489A-4C76-A8D0-B531580C57AE}"=""
      "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
      "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
      "{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}"=""
      "{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}"=""
      "{D92B6504-755F-4C59-BA78-F67BE3AFED5A}"=""
      "{1A3CD69B-1709-455B-84CD-F647ABB2CC73}"=""
      "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
      "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
      "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
      "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
      "{4C14501E-D906-4C75-8093-A963334AE765}"=""
      "{6EAA235B-B27F-4E16-929E-A59D104A84A2}"=""
      "{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}"=""
      "{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}"=""
      "{5AD6B637-87A4-43AA-ABFF-90305EA04159}"=""
      "{D41773FB-E400-4BED-BA89-BE9329070A90}"=""
      "{60AE0CF1-DF67-4EAC-948E-B30CB6737409}"=""
      "{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}"=""
      "{935787CE-FC6A-4D36-AEBB-734D33CFDE65}"=""
      "{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}"=""
      "{EEABEC9F-BA23-4756-A5AF-45BEF6729541}"=""
      "{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}"=""
      "{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}"=""
      "{D0664A4A-9F4F-4183-A985-C4D389586B50}"=""

      **********************************************************************************
      HKEY ROOT CLASSIDS:
      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}]
      @=""
      "IDEx"="ADDR"

      [HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{09CE81A4-5148-434B-981C-A80A0C9589BC}\InprocServer32]
      @="C:\\WINDOWS\\system32\\rUstls.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{699158E0-9C6E-4C63-A1E3-E74611F03EEA}\InprocServer32]
      @="C:\\WINDOWS\\system32\\nbdll.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{E4E25696-381C-4070-AD8D-6EB399FD7C7F}\InprocServer32]
      @="C:\\WINDOWS\\system32\\krdir.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D659F863-42D2-4ABE-916E-97189319F5E1}\InprocServer32]
      @="C:\\WINDOWS\\system32\\vwwwdm32.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C1EE8350-2384-4F07-A05D-D5F9239B2676}\InprocServer32]
      @="C:\\WINDOWS\\system32\\oNkley.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{8E3378AF-2840-443B-A1FC-ECBC54A190A2}\InprocServer32]
      @="C:\\WINDOWS\\system32\\TsnLib20.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C1A8CAF5-6C2A-468E-A64E-123E7F74F6DE}\InprocServer32]
      @="C:\\WINDOWS\\system32\\miang.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{C30AA08C-D3B3-4C0C-9CBD-8D8C2193A273}\InprocServer32]
      @="C:\\WINDOWS\\system32\\muafd.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{0C473BD1-FDBB-449A-927D-021CA659F848}\InprocServer32]
      @="C:\\WINDOWS\\system32\\snredir.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D21391AE-D687-4DED-93C2-CAC41B136BA9}\InprocServer32]
      @="C:\\WINDOWS\\system32\\wbavideo.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{08FF50AC-8FCB-497F-AE4D-40A7FF9DD08D}\InprocServer32]
      @="C:\\WINDOWS\\system32\\kcdest.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{296B7006-DFDB-4977-8BDE-9237B97079F1}\InprocServer32]
      @="C:\\WINDOWS\\system32\\czmpobj.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{248CEA14-BF33-4487-9CEA-A124DB97F44F}\InprocServer32]
      @="C:\\WINDOWS\\system32\\ktdgae.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{2E55779F-2E80-4E0B-8013-90993F0E7C22}\InprocServer32]
      @="C:\\WINDOWS\\system32\\rrpcfgex.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{EE9CAC69-5B05-453E-BB8D-0F345E7C88C7}\InprocServer32]
      @="C:\\WINDOWS\\system32\\IIETCOMM.DLL"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D64554B0-5888-4344-BF5D-65B83243D213}\InprocServer32]
      @="C:\\WINDOWS\\system32\\icmpagnt.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F7AFFE16-7641-46C5-9813-423C6238BE11}\InprocServer32]
      @="C:\\WINDOWS\\system32\\namsdba.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{4BF4A09A-7F5A-4001-980E-608350F332AB}\InprocServer32]
      @="C:\\WINDOWS\\system32\\wwaservc.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{320FB025-3DEA-49E1-A113-AA76AEB93982}\InprocServer32]
      @="C:\\WINDOWS\\system32\\foclient.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{F7CE9F26-489A-4C76-A8D0-B531580C57AE}\InprocServer32]
      @="C:\\WINDOWS\\system32\\shorprop.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6A5BB0A5-8C40-4C1C-B588-F03D9E083265}\InprocServer32]
      @="C:\\WINDOWS\\system32\\mlvcr70.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{908BEBE7-795F-4B8D-A22E-5E0C8FF45B64}\InprocServer32]
      @="C:\\WINDOWS\\system32\\dhmsvinn.dLL"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D92B6504-755F-4C59-BA78-F67BE3AFED5A}\InprocServer32]
      @="C:\\WINDOWS\\system32\\amkctrs.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{1A3CD69B-1709-455B-84CD-F647ABB2CC73}\InprocServer32]
      @="C:\\WINDOWS\\system32\\kidycl.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{4C14501E-D906-4C75-8093-A963334AE765}\InprocServer32]
      @="C:\\WINDOWS\\system32\\fqntext.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6EAA235B-B27F-4E16-929E-A59D104A84A2}\InprocServer32]
      @="C:\\WINDOWS\\system32\\rocns4.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{6231B974-AD41-4C5F-8FDA-6780DE84C7E6}\InprocServer32]
      @="C:\\WINDOWS\\system32\\dsmodemx.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{BDDB4066-4EED-496D-BCCF-D55AC5DDD252}\InprocServer32]
      @="C:\\WINDOWS\\system32\\srlwoa.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{5AD6B637-87A4-43AA-ABFF-90305EA04159}\InprocServer32]
      @="C:\\WINDOWS\\system32\\cubjmon.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D41773FB-E400-4BED-BA89-BE9329070A90}\InprocServer32]
      @="C:\\WINDOWS\\system32\\mtafd.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{60AE0CF1-DF67-4EAC-948E-B30CB6737409}\InprocServer32]
      @="C:\\WINDOWS\\system32\\kodusx.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{E47EA8D6-725E-47F8-A1E4-FB43B75DFF8B}\InprocServer32]
      @="C:\\WINDOWS\\system32\\cempstui.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{935787CE-FC6A-4D36-AEBB-734D33CFDE65}\InprocServer32]
      @="C:\\WINDOWS\\system32\\nedll.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{B7D4D725-E01D-4F5D-BB6F-842BB50A68EA}\InprocServer32]
      @="C:\\WINDOWS\\system32\\cvnsole.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{EEABEC9F-BA23-4756-A5AF-45BEF6729541}\InprocServer32]
      @="C:\\WINDOWS\\system32\\dydskmgr.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{CFE07E3E-9055-4848-8CF2-2FCD5A54ED5B}\InprocServer32]
      @="C:\\WINDOWS\\system32\\iv50_qc.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{8D213D83-32E0-4A8B-A0CB-072D3B22EE5E}\InprocServer32]
      @="C:\\WINDOWS\\system32\\modtclog.dll"
      "ThreadingModel"="Apartment"

      Windows Registry Editor Version 5.00

      [HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\CLSID\{D0664A4A-9F4F-4183-A985-C4D389586B50}\InprocServer32]
      @="C:\\WINDOWS\\system32\\mtls31.dll"
      "ThreadingModel"="Apartment"

      **********************************************************************************
      Files Found are not all bad files:
      Le volume dans le lecteur C n'a pas de nom.
      Le num‚ro de s‚rie du volume est D43D-7475

      R‚pertoire de C:\WINDOWS\System32

      16/11/2005 21:41 <REP> dllcache
      25/10/2005 12:49 176ÿ128 Interceptor.dll
      25/10/2005 12:49 307ÿ200 InterceptHelper.dll
      12/10/2005 22:10 180ÿ224 archlib.dll
      05/11/2003 12:27 <REP> Microsoft
      30/09/1999 18:21 166ÿ672 mstext35.dll
      28/09/1999 20:42 1ÿ050ÿ896 msjet35.dll
      09/09/1999 21:06 252ÿ688 msexcl35.dll
      09/09/1999 21:06 168ÿ720 msltus35.dll
      25/08/1999 13:57 415ÿ504 msrepl35.dll
      10/06/1999 08:34 24ÿ848 msjter35.dll
      10/06/1999 08:34 123ÿ664 msjint35.dll
      07/06/1999 17:59 250ÿ128 mspdox35.dll
      25/04/1999 16:00 287ÿ504 Msxbse35.dll
      25/04/1999 16:00 368ÿ912 Vbar332.dll
      25/04/1999 16:00 252ÿ176 Msrd2x35.dll
      14 fichier(s) 4ÿ025ÿ264 octets
      2 R‚p(s) 69ÿ127ÿ081ÿ984 octets libres

      et le hijack :

      Logfile of HijackThis v1.99.1
      Scan saved at 21:45:30, on 24/11/2005
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\Program Files\ewido\security suite\ewidoctrl.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\Tablet.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
      C:\PROGRA~1\MESSAG~1\StartMessager.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Messenger Plus! 3\MsgPlus.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\E-Color\Common\IconMgr.exe
      C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\system32\Wtablet\TabUserW.exe
      C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\pc\Mes documents\conan.ludovic\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
      O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
      O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
      O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
      O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\eDonkey2000.exe" -t
      O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
      O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
      O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
      O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{BBCF63D6-8079-43B3-87BA-9AD95E8C0486}: NameServer = 80.10.246.1 80.10.246.132
      O20 - AppInit_DLLs: interceptor.dll,msgplusloader.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\cGMA\command.exe (file missing)
      O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
      O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

      voici les rapports pour les spécialistes ,en tout cas ,kaspersky ne détecte plus rien ,par contre :
      en mode sans échec le l2mfix n'a pas fonctionné cause =mode sans échec mais
      l2mremover a très bien fonctionné et a virer le truc

      en tout cas ,je vous remercie fortement pour le coup de main
      et j'espère que cela sera utile aux autres personnes infectés par ce truc qui vient de je ne sais ou.
      merci et bonne soirée à tous
      et bonne chasse !!

      ludule
      0
  8. meia
     
    bonjour, je pense également être infecté,jevous envoie le rapport hijack, merci d'avance !

    Logfile of HijackThis v1.99.1
    Scan saved at 13:18:01, on 24/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\USB Storage RW\shwicon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\LeechGet 2003\LeechGet.exe
    C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {A91313BB-1FA3-ED50-2C6B-17A5DAA97110} - C:\DOCUME~1\PROPRI~1\APPLIC~1\CHINMA~1\DART TIME.exe (file missing)
    O2 - BHO: (no name) - {F2D0E61D-827D-E908-7A52-0C431E7CE9DC} - C:\PROGRA~1\CHINMA~1\DART TIME.exe (file missing)
    O3 - Toolbar: SuperBar - {984ABD6E-7490-4571-8969-D07589FE59A1} - C:\Program Files\SuperBar\SuperBar.Dll (file missing)
    O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\system32\syshost.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [view face enc more] C:\Documents and Settings\All Users\Application Data\joy peak view face\PEAK VC.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
    O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\system32\formatsys.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Analyser avec LeechGet - file://C:\Program Files\LeechGet 2003\\Parser.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Télécharger en utilisant l'assistant LeechGet - file://C:\Program Files\LeechGet 2003\\Wizard.html
    O8 - Extra context menu item: Télécharger en utilisant LeechGet - file://C:\Program Files\LeechGet 2003\\AddUrl.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
    O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
    O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
    O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: VIGUARD Service (VigService) - Unknown owner - C:\Program Files\VIGUARD\SERVICE.EXE (file missing)
    0
  9. berny47
     
    Bonjour,

    chez moi, il a été détecté et éradiqué par windows defender...(durée 3mn)

    J'ai ensuite passé ewido qui n'a plus rien détecté...(durée 15mn, et plus compliqué puisqu'il faut le faire en mode sans echec)
    0
Précédent
  • 1
  • 2