Searc-h.com et look2me !?..

sand4 Messages postés 33 Statut Membre -  
 Utilisateur anonyme -
bonsoir , tous les 2/3 jours lorsque je fais une analyse anti-virus , norton trouve un virus "look2me" ; et j'ai des page de pub qui apparaissent a l'écran meme quand je n'utilise pas internet . type : searc-h.com ou analyse en ligne ou encore des coupons de réductions .... J'ai vu que Feline20 dans son message : "page à l'ouverture d'internet" du 31/10/2005 avait les memes symptomes ; est-ce-que je peux utiliser la meme medecine ?
D'avance merci .a+
Configuration: windows xp sp2
internet explorer

51 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Des analyses antivirus Norton détectent le spyware Look2Me sur un système Windows XP SP2 et des pages publicitaires s'affichent même hors navigation, indiquant une infection persistante. Plusieurs réponses évoquent des outils de nettoyage tels que ewido et HijackThis, des rapports de détection et des tentatives de suppression avec Killbox, et l’emploi possible d’un LM2Fix pour neutraliser le spyware Look2Me. Des retours indiquent que le redémarrage peut se faire sans problème après nettoyage, mais certains modules persistant peuvent rester actifs, nécessitant des mesures complémentaires et une surveillance continue du système. En cas d'infection Look2Me sur Windows XP, l'utilisation coordonnée de LM2Fix et d’ewido avec Killbox est souvent recommandée, tout en veillant à sauvegarder les données et à prévenir les réinfections.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    salut

    oui, poste ton hijack this

    a+
    0
  2. sand4 Messages postés 33 Statut Membre
     
    bonjour , voici le 1° rapport hijack :
    Logfile of HijackThis v1.99.1
    Scan saved at 14:57:29, on 09/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\QuickTime\qttask.exe
    J:\Logiciels\OpwareSE2.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Documents and Settings\Sandrine\Mes documents\searc-h.com_look2me(spy)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neuf.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe
    O4 - HKLM\..\Run: [OpwareSE2] "J:\Logiciels\OpwareSE2.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\RunServices: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Sandrine\Mes documents\spy + about blank\HijackThis.exe /startupscan
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132436808562
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132437360156
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\l46olej31ho.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    0
  3. sand4 Messages postés 33 Statut Membre
     
    j'ai déja Adware SE Personal ce n'est pas la meme chose ?
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. sand4 Messages postés 33 Statut Membre
     
    ok je le fais , et te tien au courant ,merci
    0
  6. sand4 Messages postés 33 Statut Membre
     
    je suis allez sur le lien , en bas de la page j'ai cliquer sur : " I ACCEPT " puis sur " charger uninstall..." et apprait j'ai une fenetre me disant que les parametres de sécurité acctuel ne me permetent pas de charger ce fichier !
    0
  7. Utilisateur anonyme
     
    ok,

    laisse tomber !!
    remet un hijack

    a+
    0
  8. sand4 Messages postés 33 Statut Membre
     
    tu veux que je face une 2° analyse ?
    0
    1. boulepate
       
      Salut vous deux, :)

      un rapport HijackThis choisis l'option 1 copie et colle le rapport ici
      0
  9. sand4 Messages postés 33 Statut Membre
     
    et voila :
    Logfile of HijackThis v1.99.1
    Scan saved at 16:15:19, on 09/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\QuickTime\qttask.exe
    J:\Logiciels\OpwareSE2.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Sandrine\Mes documents\searc-h.com_look2me(spy)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neuf.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe
    O4 - HKLM\..\Run: [OpwareSE2] "J:\Logiciels\OpwareSE2.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\RunServices: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Sandrine\Mes documents\spy + about blank\HijackThis.exe /startupscan
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132436808562
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132437360156
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\l46olej31ho.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

    bon courrage et merci , pour moi c'est de l'hebreux !
    0
    1. boulepate
       
      Lol quand on parle du loup :D
      0
  10. Utilisateur anonyme
     
    Bonjour,

    Méthode à suivre dans l'ordre...

    Dans ajout/suppression de programmes, desinstalle ceci

    WINSOS

    ----------------------------------------------------------------------------
    ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

    1/

    Spybot S&D 1.4 <<nouvelle version.
    http://www.safer-networking.org/fr/index.html

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/

    Ad-Aware SE 1.06 <<nouvelle version.
    http://www.lavasoftusa.com/software/adaware/
    -Une aide:
    http://www.tutopat.com/viewtopic.php?t=1191
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
    http://pageperso.aol.fr/balltrap34/adawrevid.asf

    *****************************
    Télécharge l2mfix ici:

    http://www.downloads.subratam.org/l2mfix.exe

    Double clic sur l2mfix.exe pour lancer l'extraction.
    Dans le dossier l2mfix, double clic sur l2mfix.bat et choisis l'option #1 (et pas autre chose) et valide avec la touche entrée.
    Le bloc note va s'ouvrir avec le résultat du scan.
    Fais un copier coller du résultat sur le forum.

    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O4 - HKLM\..\Run: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    O4 - HKLM\..\RunServices: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe

    O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI

    O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Sandrine\Mes documents\spy + about blank\HijackThis.exe /startupscan

    O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab

    O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\l46olej31ho.dll

    ----------------------------------------------------------------------------
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Vide tes fichiers temps et temporary internet file:

    :: Supprimer les fichiers temporaires ::
    vider tout le contenu de ces dossiers.

    * C:\Documents and Settings\ton compte\Local Settings\Temp
    * C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
    * C:\Windows\Temp

    :: Le contenu du dossier prefetch ::

    * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

    * Ne pas oublier de vider la corbeille !
    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    PopUpBlocker9.exe
    ALCXMNTR.EXE
    C:\Program Files\WINSOS

    ----------------------------------------------------------------------------
    relance l2mfix et choisis l'option 2
    accepte le redémarrage du pc
    ----------------------------------------------------------------------------
    ¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Vide ta Corbeille.
    ----------------------------------------------------------------------------
    ¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Précise tes soucis s’il en reste....

    Tiens-moi au courant

    A+

    0
  11. Utilisateur anonyme
     
    Salut boulepate

    je rode, je rode, comme le loup d ailleurs ;-)
    0
  12. boulepate
     
    Salut Regis,

    j'ai vu que tu rodais aussi sur 01net :p .. un vrai loup :O pas mechant celui là ça va ^^
    0
  13. sand4 Messages postés 33 Statut Membre
     
    L2MFIX find log 120305
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\l46olej31ho.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{21128376-2F08-9336-D517-5CDD15CE3024}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
    "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
    "{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}"
    "{32C5B668-3455-4A1B-8772-686ACD1AB317}"=""
    "{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}"=""
    "{8F901377-BE5A-44D9-A5F4-9E40974854D1}"=""
    "{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}"=""
    "{9EA297CC-705E-470B-80FC-B6884DEDBEF6}"=""
    "{69AFB339-1528-4514-860E-75BA8D190EB0}"=""
    "{6DF0C984-F55D-48C9-B029-374A8674EC7C}"=""
    "{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}"=""
    "{CAC67916-21A5-48AE-9675-3896620B68D0}"=""
    "{D1C35A02-64CA-4A06-80B9-51AB7C822062}"=""
    "{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}"=""
    "{418B9F47-3AC2-4337-A836-F12BA45D4259}"=""
    "{E0A59CA4-D907-4049-B04B-498A950BD689}"=""
    "{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}"=""
    "{3B0B1982-342F-49DC-AE35-2010E3998192}"=""
    "{68B5644A-A044-4161-A3DB-E769357C1BC5}"=""
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{E2072638-7F3C-47BD-919D-7B6EA3421B0E}"=""
    "{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}"=""
    "{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}"=""
    "{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}"=""
    "{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
    "{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}"=""
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{0E6C58A9-F592-4862-B35F-CA45E24003B3}"="CloneCD"

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\InprocServer32]
    @="C:\\WINDOWS\\system32\\cxl3dv2.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\InprocServer32]
    @="C:\\WINDOWS\\system32\\hmicons.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\uehisapi.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wrsdmod.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\InprocServer32]
    @="C:\\WINDOWS\\system32\\bVsesrv.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nutmsg.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ddlayx.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wcaueng.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\InprocServer32]
    @="C:\\WINDOWS\\system32\\pzrfts.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\InprocServer32]
    @="C:\\WINDOWS\\system32\\hhetmon.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dfnaddr.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\InprocServer32]
    @="C:\\WINDOWS\\system32\\km1394.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dIdim700.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\InprocServer32]
    @="C:\\WINDOWS\\system32\\unbmon.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\InprocServer32]
    @="C:\\WINDOWS\\system32\\vvrifier.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mfsnap.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\InprocServer32]
    @="C:\\WINDOWS\\system32\\fyntext.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\InprocServer32]
    @="C:\\WINDOWS\\system32\\tmbyuv.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wysdmoe2.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\kjdhu1.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dusrslvr.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    atkdisp.dll Thu 3 Nov 2005 9:45:30 A.... 227 712 222,38 K
    atkdis~1.dll Mon 12 Sep 2005 11:52:48 A.... 1 667 072 1,59 M
    atkogl32.dll Tue 18 Oct 2005 15:03:48 A.... 38 400 37,50 K
    atkosd~1.dll Mon 31 Oct 2005 10:47:28 A.... 2 032 640 1,94 M
    cdosys.dll Sat 10 Sep 2005 2:55:14 A.... 2 067 968 1,97 M
    dn6m01~1.dll Thu 8 Dec 2005 19:39:08 ..S.R 236 028 230,50 K
    dnps01~1.dll Thu 8 Dec 2005 23:21:10 ..S.R 235 867 230,34 K
    dusrslvr.dll Fri 9 Dec 2005 12:59:12 ..S.R 237 231 231,67 K
    gdi32.dll Thu 6 Oct 2005 4:18:12 A.... 280 064 273,50 K
    ir00l5~1.dll Thu 8 Dec 2005 23:30:42 ..S.R 236 872 231,32 K
    l46ole~1.dll Thu 8 Dec 2005 23:45:00 ..S.R 237 231 231,67 K
    legitc~1.dll Fri 4 Nov 2005 16:27:24 A.... 534 280 521,76 K
    mshtml.dll Tue 4 Oct 2005 17:26:06 A.... 3 013 120 2,87 M
    s088la~1.dll Thu 8 Dec 2005 23:46:00 ..S.R 235 867 230,34 K
    shell32.dll Fri 23 Sep 2005 4:07:00 A.... 8 506 880 8,11 M
    sintf16.dll Thu 1 Dec 2005 22:20:14 A.... 12 067 11,78 K
    sintf32.dll Thu 1 Dec 2005 22:20:14 A.... 17 212 16,81 K
    sintfnt.dll Thu 1 Dec 2005 22:20:14 A.... 21 840 21,33 K
    sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K

    19 items found: 19 files (6 H/S), 0 directories.
    Total of file sizes: 19 957 135 bytes 19,03 M
    Locate .tmp files:

    No matches found.
    **********************************************************************************
    Directory Listing of system files:
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 2074-EB43

    R‚pertoire de C:\WINDOWS\System32

    09/12/2005 12:59 237ÿ231 dusrslvr.dll
    08/12/2005 23:45 235ÿ867 s088lalu1dq8.dll
    08/12/2005 23:44 237ÿ231 l46olej31ho.dll
    08/12/2005 23:30 236ÿ872 ir00l5dm1.dll
    08/12/2005 23:21 235ÿ867 dnps0177e.dll
    08/12/2005 19:39 236ÿ028 dn6m01j1e.dll
    26/11/2005 22:07 <REP> dllcache
    19/11/2005 19:50 <REP> Microsoft
    6 fichier(s) 1ÿ419ÿ096 octets
    2 R‚p(s) 35ÿ424ÿ747ÿ520 octets libres
    rapport de l2mfix , la suite juste apres
    0
  14. Utilisateur anonyme
     
    re,

    oui sur l autre forum aussi et qqs autres lol

    heureusement qu il est pas mechant lol

    a+
    0
  15. sand4 Messages postés 33 Statut Membre
     
    et voici le dernier rapport hijack :
    Logfile of HijackThis v1.99.1
    Scan saved at 18:02:59, on 09/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    J:\Logiciels\OpwareSE2.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Sandrine\Mes documents\searc-h.com_look2me(spy)\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neuf.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OpwareSE2] "J:\Logiciels\OpwareSE2.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132436808562
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132437360156
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\en26l1fs1.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

    encore merci a vous tous
    0
  16. sand4 Messages postés 33 Statut Membre
     
    lorsque j'ai redemarrer ma becane en mode normale , j'ai une fenetre qui est apparus et qui disait : "winlogon.exe a rencontré un probleme et doit etre fermé ." j'ai cliqué sur : "ne pas envoyer" .
    sinon ad aware ma trouvé 2 véroles que j'ai supprimé , et spybot... ne ma rien trouvé ; quand aux 3 fichiers que tu m'avais indiqué j'ai seulement trouve : "ALCXMNTR.EXE" ; voici les dernières nouvelles .
    a+
    0
  17. Utilisateur anonyme
     
    ok,

    relance lm2fix option 1 et donne le rapport

    puis lance ce scan stp

    Edwido
    http://download.ewido.net/ewido-setup.exe
    Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.

    Clique sur scanner puis sur scan complet du système.
    et donne moi le rapport

    a+
    0
  18. sand4 Messages postés 33 Statut Membre
     
    voilà le rapport de l2mfix :
    L2MFIX find log 120305
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\en26l1fs1.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    "DLLName"="wzcdlg.dll"
    "Logon"="WZCEventLogon"
    "Logoff"="WZCEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000000

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{21128376-2F08-9336-D517-5CDD15CE3024}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
    "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
    "{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}"
    "{32C5B668-3455-4A1B-8772-686ACD1AB317}"=""
    "{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}"=""
    "{8F901377-BE5A-44D9-A5F4-9E40974854D1}"=""
    "{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}"=""
    "{9EA297CC-705E-470B-80FC-B6884DEDBEF6}"=""
    "{69AFB339-1528-4514-860E-75BA8D190EB0}"=""
    "{6DF0C984-F55D-48C9-B029-374A8674EC7C}"=""
    "{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}"=""
    "{CAC67916-21A5-48AE-9675-3896620B68D0}"=""
    "{D1C35A02-64CA-4A06-80B9-51AB7C822062}"=""
    "{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}"=""
    "{418B9F47-3AC2-4337-A836-F12BA45D4259}"=""
    "{E0A59CA4-D907-4049-B04B-498A950BD689}"=""
    "{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}"=""
    "{3B0B1982-342F-49DC-AE35-2010E3998192}"=""
    "{68B5644A-A044-4161-A3DB-E769357C1BC5}"=""
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{E2072638-7F3C-47BD-919D-7B6EA3421B0E}"=""
    "{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}"=""
    "{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}"=""
    "{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}"=""
    "{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
    "{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}"=""
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{0E6C58A9-F592-4862-B35F-CA45E24003B3}"="CloneCD"
    "{C58E742B-1F12-451C-9630-FE86D31B4573}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\InprocServer32]
    @="C:\\WINDOWS\\system32\\cxl3dv2.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\InprocServer32]
    @="C:\\WINDOWS\\system32\\hmicons.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\uehisapi.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wrsdmod.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\InprocServer32]
    @="C:\\WINDOWS\\system32\\bVsesrv.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nutmsg.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ddlayx.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wcaueng.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\InprocServer32]
    @="C:\\WINDOWS\\system32\\pzrfts.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\InprocServer32]
    @="C:\\WINDOWS\\system32\\hhetmon.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dfnaddr.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\InprocServer32]
    @="C:\\WINDOWS\\system32\\km1394.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dIdim700.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\InprocServer32]
    @="C:\\WINDOWS\\system32\\unbmon.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\InprocServer32]
    @="C:\\WINDOWS\\system32\\vvrifier.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mfsnap.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\InprocServer32]
    @="C:\\WINDOWS\\system32\\fyntext.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\InprocServer32]
    @="C:\\WINDOWS\\system32\\tmbyuv.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wysdmoe2.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\kjdhu1.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wmnscard.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C58E742B-1F12-451C-9630-FE86D31B4573}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C58E742B-1F12-451C-9630-FE86D31B4573}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C58E742B-1F12-451C-9630-FE86D31B4573}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C58E742B-1F12-451C-9630-FE86D31B4573}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    atkdisp.dll Thu 3 Nov 2005 9:45:30 A.... 227 712 222,38 K
    atkdis~1.dll Mon 12 Sep 2005 11:52:48 A.... 1 667 072 1,59 M
    atkogl32.dll Tue 18 Oct 2005 15:03:48 A.... 38 400 37,50 K
    atkosd~1.dll Mon 31 Oct 2005 10:47:28 A.... 2 032 640 1,94 M
    cdosys.dll Sat 10 Sep 2005 2:55:14 A.... 2 067 968 1,97 M
    dcrawex.dll Fri 9 Dec 2005 17:34:28 ..S.R 235 867 230,34 K
    dn6m01~1.dll Thu 8 Dec 2005 19:39:08 ..S.R 236 028 230,50 K
    dnps01~1.dll Thu 8 Dec 2005 23:21:10 ..S.R 235 867 230,34 K
    dusrslvr.dll Fri 9 Dec 2005 12:59:12 ..S.R 237 231 231,67 K
    en26l1~1.dll Fri 9 Dec 2005 17:35:28 ..S.R 235 867 230,34 K
    gdi32.dll Thu 6 Oct 2005 4:18:12 A.... 280 064 273,50 K
    ir00l5~1.dll Thu 8 Dec 2005 23:30:42 ..S.R 236 872 231,32 K
    ktpml7~1.dll Fri 9 Dec 2005 17:58:42 ..S.R 235 867 230,34 K
    legitc~1.dll Fri 4 Nov 2005 16:27:24 A.... 534 280 521,76 K
    mshtml.dll Tue 4 Oct 2005 17:26:06 A.... 3 013 120 2,87 M
    o6rolg~1.dll Fri 9 Dec 2005 17:18:22 ..S.R 237 263 231,70 K
    pzustab.dll Fri 9 Dec 2005 17:18:22 ..S.R 235 867 230,34 K
    shell32.dll Fri 23 Sep 2005 4:07:00 A.... 8 506 880 8,11 M
    sintf16.dll Thu 1 Dec 2005 22:20:14 A.... 12 067 11,78 K
    sintf32.dll Thu 1 Dec 2005 22:20:14 A.... 17 212 16,81 K
    sintfnt.dll Thu 1 Dec 2005 22:20:14 A.... 21 840 21,33 K
    sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K
    wmnscard.dll Fri 9 Dec 2005 17:59:28 ..S.R 235 867 230,34 K

    23 items found: 23 files (10 H/S), 0 directories.
    Total of file sizes: 20 900 635 bytes 19,93 M
    Locate .tmp files:

    No matches found.
    **********************************************************************************
    Directory Listing of system files:
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 2074-EB43

    R‚pertoire de C:\WINDOWS\System32

    09/12/2005 17:59 235ÿ867 wmnscard.dll
    09/12/2005 17:58 235ÿ867 ktpml7711.dll
    09/12/2005 17:35 235ÿ867 en26l1fs1.dll
    09/12/2005 17:34 235ÿ867 dcrawex.dll
    09/12/2005 17:18 235ÿ867 pzustab.dll
    09/12/2005 17:18 237ÿ263 o6rolg9316.dll
    09/12/2005 12:59 237ÿ231 dusrslvr.dll
    08/12/2005 23:30 236ÿ872 ir00l5dm1.dll
    08/12/2005 23:21 235ÿ867 dnps0177e.dll
    08/12/2005 19:39 236ÿ028 dn6m01j1e.dll
    26/11/2005 22:07 <REP> dllcache
    19/11/2005 19:50 <REP> Microsoft
    10 fichier(s) 2ÿ362ÿ596 octets
    2 R‚p(s) 35ÿ433ÿ910ÿ272 octets libres
    0
  19. sand4 Messages postés 33 Statut Membre
     
    et maintenant le rapport d'ewido :
    ---------------------------------------------------------
    ewido security suite - Rapport de scan
    ---------------------------------------------------------

    + Créé le: 19:04:31, 09/12/2005
    + Somme de contrôle: 6756AAC6

    + Résultats du scan:

    [156] C:\WINDOWS\system32\wmnscard.dll -> Spyware.Look2Me : Erreur durant le nettoyage
    [520] C:\WINDOWS\system32\wmnscard.dll -> Spyware.Look2Me : Erreur durant le nettoyage
    C:\Documents and Settings\Sandrine\Local Settings\Temp\Cookies\sandrine@com[2].txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder
    C:\Documents and Settings\Sandrine\Local Settings\Temp\Cookies\sandrine@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
    C:\WINDOWS\system32\dcrawex.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\dn6m01j1e.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\dnps0177e.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\dusrslvr.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\ir00l5dm1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\o6rolg9316.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\pzustab.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\Temp\Cookies\sandrine@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Nettoyer et sauvegarder
    J:\Logiciels\keygen_symentec\kgnis.exe -> Dropper.Delf.fd : Nettoyer et sauvegarder

    ::Fin du rapport
    depuis 35 minutes je n'ai eu qu'une seul page de pub a l'écran .
    a+
    0
  • 1
  • 2
  • 3