Searc-h.com et look2me !?..

sand4 Messages postés 33 Statut Membre -  
 Utilisateur anonyme -
bonsoir , tous les 2/3 jours lorsque je fais une analyse anti-virus , norton trouve un virus "look2me" ; et j'ai des page de pub qui apparaissent a l'écran meme quand je n'utilise pas internet . type : searc-h.com ou analyse en ligne ou encore des coupons de réductions .... J'ai vu que Feline20 dans son message : "page à l'ouverture d'internet" du 31/10/2005 avait les memes symptomes ; est-ce-que je peux utiliser la meme medecine ?
D'avance merci .a+

51 réponses

Réponse 1 / 51
Utilisateur anonyme
 
salut

oui, poste ton hijack this

a+
0
Réponse 2 / 51
sand4 Messages postés 33 Statut Membre
 
bonjour , voici le 1° rapport hijack :
Logfile of HijackThis v1.99.1
Scan saved at 14:57:29, on 09/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\qttask.exe
J:\Logiciels\OpwareSE2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Sandrine\Mes documents\searc-h.com_look2me(spy)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neuf.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe
O4 - HKLM\..\Run: [OpwareSE2] "J:\Logiciels\OpwareSE2.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Sandrine\Mes documents\spy + about blank\HijackThis.exe /startupscan
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132436808562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132437360156
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\l46olej31ho.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
0
Réponse 3 / 51
Utilisateur anonyme
 
salut

Télécharge cet uninstaller.
http://www.ad-w-a-r-e.com/cgi-bin/UnInstaller
Lance-le, exécute le, puis, redémarre et poste un nouveau log.
Note : Lorsque tu click sur « I accept » Note la Key, elle te servira

a+
0
Réponse 4 / 51
sand4 Messages postés 33 Statut Membre
 
j'ai déja Adware SE Personal ce n'est pas la meme chose ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 51
Utilisateur anonyme
 
Non, essai stp
0
Réponse 6 / 51
sand4 Messages postés 33 Statut Membre
 
ok je le fais , et te tien au courant ,merci
0
Réponse 7 / 51
sand4 Messages postés 33 Statut Membre
 
je suis allez sur le lien , en bas de la page j'ai cliquer sur : " I ACCEPT " puis sur " charger uninstall..." et apprait j'ai une fenetre me disant que les parametres de sécurité acctuel ne me permetent pas de charger ce fichier !
0
Réponse 8 / 51
Utilisateur anonyme
 
ok,

laisse tomber !!
remet un hijack

a+
0
Réponse 9 / 51
sand4 Messages postés 33 Statut Membre
 
tu veux que je face une 2° analyse ?
0
Utilisateur anonyme
 
Salut vous deux, :)

un rapport HijackThis choisis l'option 1 copie et colle le rapport ici
0
Réponse 10 / 51
sand4 Messages postés 33 Statut Membre
 
et voila :
Logfile of HijackThis v1.99.1
Scan saved at 16:15:19, on 09/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\qttask.exe
J:\Logiciels\OpwareSE2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sandrine\Mes documents\searc-h.com_look2me(spy)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neuf.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe
O4 - HKLM\..\Run: [OpwareSE2] "J:\Logiciels\OpwareSE2.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Sandrine\Mes documents\spy + about blank\HijackThis.exe /startupscan
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132436808562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132437360156
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\l46olej31ho.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

bon courrage et merci , pour moi c'est de l'hebreux !
0
Utilisateur anonyme
 
Lol quand on parle du loup :D
0
Réponse 11 / 51
Utilisateur anonyme
 
Bonjour,

Méthode à suivre dans l'ordre...

Dans ajout/suppression de programmes, desinstalle ceci

WINSOS

----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

1/

Spybot S&D 1.4 <<nouvelle version.
http://www.safer-networking.org/fr/index.html

Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

2/

Ad-Aware SE 1.06 <<nouvelle version.
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf


*****************************
Télécharge l2mfix ici:

http://www.downloads.subratam.org/l2mfix.exe

Double clic sur l2mfix.exe pour lancer l'extraction.
Dans le dossier l2mfix, double clic sur l2mfix.bat et choisis l'option #1 (et pas autre chose) et valide avec la touche entrée.
Le bloc note va s'ouvrir avec le résultat du scan.
Fais un copier coller du résultat sur le forum.


----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O4 - HKLM\..\Run: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\RunServices: [Popup Blocker System9 Monitoring] PopUpBlocker9.exe

O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI

O4 - HKCU\..\Run: [HijackThis startup scan] C:\Documents and Settings\Sandrine\Mes documents\spy + about blank\HijackThis.exe /startupscan

O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab

O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\l46olej31ho.dll

----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Vide tes fichiers temps et temporary internet file:

:: Supprimer les fichiers temporaires ::
vider tout le contenu de ces dossiers.

* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Windows\Temp

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).

PopUpBlocker9.exe
ALCXMNTR.EXE
C:\Program Files\WINSOS

----------------------------------------------------------------------------
relance l2mfix et choisis l'option 2
accepte le redémarrage du pc
----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Précise tes soucis s’il en reste....

Tiens-moi au courant

A+

0
Réponse 12 / 51
Utilisateur anonyme
 
Salut boulepate

je rode, je rode, comme le loup d ailleurs ;-)
0
Réponse 13 / 51
Utilisateur anonyme
 
Salut Regis,

j'ai vu que tu rodais aussi sur 01net :p .. un vrai loup :O pas mechant celui là ça va ^^
0
Réponse 14 / 51
sand4 Messages postés 33 Statut Membre
 
L2MFIX find log 120305
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l46olej31ho.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{21128376-2F08-9336-D517-5CDD15CE3024}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}"
"{32C5B668-3455-4A1B-8772-686ACD1AB317}"=""
"{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}"=""
"{8F901377-BE5A-44D9-A5F4-9E40974854D1}"=""
"{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}"=""
"{9EA297CC-705E-470B-80FC-B6884DEDBEF6}"=""
"{69AFB339-1528-4514-860E-75BA8D190EB0}"=""
"{6DF0C984-F55D-48C9-B029-374A8674EC7C}"=""
"{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}"=""
"{CAC67916-21A5-48AE-9675-3896620B68D0}"=""
"{D1C35A02-64CA-4A06-80B9-51AB7C822062}"=""
"{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}"=""
"{418B9F47-3AC2-4337-A836-F12BA45D4259}"=""
"{E0A59CA4-D907-4049-B04B-498A950BD689}"=""
"{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}"=""
"{3B0B1982-342F-49DC-AE35-2010E3998192}"=""
"{68B5644A-A044-4161-A3DB-E769357C1BC5}"=""
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{E2072638-7F3C-47BD-919D-7B6EA3421B0E}"=""
"{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}"=""
"{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}"=""
"{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}"=""
"{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
"{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}"=""
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{0E6C58A9-F592-4862-B35F-CA45E24003B3}"="CloneCD"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\InprocServer32]
@="C:\\WINDOWS\\system32\\cxl3dv2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\InprocServer32]
@="C:\\WINDOWS\\system32\\hmicons.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\InprocServer32]
@="C:\\WINDOWS\\system32\\uehisapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\InprocServer32]
@="C:\\WINDOWS\\system32\\wrsdmod.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\InprocServer32]
@="C:\\WINDOWS\\system32\\bVsesrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\InprocServer32]
@="C:\\WINDOWS\\system32\\nutmsg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\InprocServer32]
@="C:\\WINDOWS\\system32\\ddlayx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\InprocServer32]
@="C:\\WINDOWS\\system32\\wcaueng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\InprocServer32]
@="C:\\WINDOWS\\system32\\pzrfts.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\InprocServer32]
@="C:\\WINDOWS\\system32\\hhetmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\InprocServer32]
@="C:\\WINDOWS\\system32\\dfnaddr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\InprocServer32]
@="C:\\WINDOWS\\system32\\km1394.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\InprocServer32]
@="C:\\WINDOWS\\system32\\dIdim700.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\InprocServer32]
@="C:\\WINDOWS\\system32\\unbmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\InprocServer32]
@="C:\\WINDOWS\\system32\\vvrifier.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\InprocServer32]
@="C:\\WINDOWS\\system32\\mfsnap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\fyntext.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\InprocServer32]
@="C:\\WINDOWS\\system32\\tmbyuv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\InprocServer32]
@="C:\\WINDOWS\\system32\\wysdmoe2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\InprocServer32]
@="C:\\WINDOWS\\system32\\kjdhu1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\InprocServer32]
@="C:\\WINDOWS\\system32\\dusrslvr.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
atkdisp.dll Thu 3 Nov 2005 9:45:30 A.... 227 712 222,38 K
atkdis~1.dll Mon 12 Sep 2005 11:52:48 A.... 1 667 072 1,59 M
atkogl32.dll Tue 18 Oct 2005 15:03:48 A.... 38 400 37,50 K
atkosd~1.dll Mon 31 Oct 2005 10:47:28 A.... 2 032 640 1,94 M
cdosys.dll Sat 10 Sep 2005 2:55:14 A.... 2 067 968 1,97 M
dn6m01~1.dll Thu 8 Dec 2005 19:39:08 ..S.R 236 028 230,50 K
dnps01~1.dll Thu 8 Dec 2005 23:21:10 ..S.R 235 867 230,34 K
dusrslvr.dll Fri 9 Dec 2005 12:59:12 ..S.R 237 231 231,67 K
gdi32.dll Thu 6 Oct 2005 4:18:12 A.... 280 064 273,50 K
ir00l5~1.dll Thu 8 Dec 2005 23:30:42 ..S.R 236 872 231,32 K
l46ole~1.dll Thu 8 Dec 2005 23:45:00 ..S.R 237 231 231,67 K
legitc~1.dll Fri 4 Nov 2005 16:27:24 A.... 534 280 521,76 K
mshtml.dll Tue 4 Oct 2005 17:26:06 A.... 3 013 120 2,87 M
s088la~1.dll Thu 8 Dec 2005 23:46:00 ..S.R 235 867 230,34 K
shell32.dll Fri 23 Sep 2005 4:07:00 A.... 8 506 880 8,11 M
sintf16.dll Thu 1 Dec 2005 22:20:14 A.... 12 067 11,78 K
sintf32.dll Thu 1 Dec 2005 22:20:14 A.... 17 212 16,81 K
sintfnt.dll Thu 1 Dec 2005 22:20:14 A.... 21 840 21,33 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K

19 items found: 19 files (6 H/S), 0 directories.
Total of file sizes: 19 957 135 bytes 19,03 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 2074-EB43

R‚pertoire de C:\WINDOWS\System32

09/12/2005 12:59 237ÿ231 dusrslvr.dll
08/12/2005 23:45 235ÿ867 s088lalu1dq8.dll
08/12/2005 23:44 237ÿ231 l46olej31ho.dll
08/12/2005 23:30 236ÿ872 ir00l5dm1.dll
08/12/2005 23:21 235ÿ867 dnps0177e.dll
08/12/2005 19:39 236ÿ028 dn6m01j1e.dll
26/11/2005 22:07 <REP> dllcache
19/11/2005 19:50 <REP> Microsoft
6 fichier(s) 1ÿ419ÿ096 octets
2 R‚p(s) 35ÿ424ÿ747ÿ520 octets libres
rapport de l2mfix , la suite juste apres
0
Réponse 15 / 51
Utilisateur anonyme
 
re,

oui sur l autre forum aussi et qqs autres lol

heureusement qu il est pas mechant lol

a+
0
Réponse 16 / 51
sand4 Messages postés 33 Statut Membre
 
et voici le dernier rapport hijack :
Logfile of HijackThis v1.99.1
Scan saved at 18:02:59, on 09/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
J:\Logiciels\OpwareSE2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sandrine\Mes documents\searc-h.com_look2me(spy)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neuf.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "J:\Logiciels\OpwareSE2.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132436808562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132437360156
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\en26l1fs1.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

encore merci a vous tous
0
Réponse 17 / 51
sand4 Messages postés 33 Statut Membre
 
lorsque j'ai redemarrer ma becane en mode normale , j'ai une fenetre qui est apparus et qui disait : "winlogon.exe a rencontré un probleme et doit etre fermé ." j'ai cliqué sur : "ne pas envoyer" .
sinon ad aware ma trouvé 2 véroles que j'ai supprimé , et spybot... ne ma rien trouvé ; quand aux 3 fichiers que tu m'avais indiqué j'ai seulement trouve : "ALCXMNTR.EXE" ; voici les dernières nouvelles .
a+
0
Réponse 18 / 51
Utilisateur anonyme
 
ok,

relance lm2fix option 1 et donne le rapport

puis lance ce scan stp

Edwido
http://download.ewido.net/ewido-setup.exe
Pendant l'installation, sur la page "Additional Options", décoche les deux options "Install background guard" et "Install scan via context menu Ewido Security Suite. Clique sur mise à jour.

Clique sur scanner puis sur scan complet du système.
et donne moi le rapport

a+
0
Réponse 19 / 51
sand4 Messages postés 33 Statut Membre
 
voilà le rapport de l2mfix :
L2MFIX find log 120305
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\en26l1fs1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{21128376-2F08-9336-D517-5CDD15CE3024}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}"
"{32C5B668-3455-4A1B-8772-686ACD1AB317}"=""
"{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}"=""
"{8F901377-BE5A-44D9-A5F4-9E40974854D1}"=""
"{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}"=""
"{9EA297CC-705E-470B-80FC-B6884DEDBEF6}"=""
"{69AFB339-1528-4514-860E-75BA8D190EB0}"=""
"{6DF0C984-F55D-48C9-B029-374A8674EC7C}"=""
"{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}"=""
"{CAC67916-21A5-48AE-9675-3896620B68D0}"=""
"{D1C35A02-64CA-4A06-80B9-51AB7C822062}"=""
"{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}"=""
"{418B9F47-3AC2-4337-A836-F12BA45D4259}"=""
"{E0A59CA4-D907-4049-B04B-498A950BD689}"=""
"{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}"=""
"{3B0B1982-342F-49DC-AE35-2010E3998192}"=""
"{68B5644A-A044-4161-A3DB-E769357C1BC5}"=""
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{E2072638-7F3C-47BD-919D-7B6EA3421B0E}"=""
"{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}"=""
"{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}"=""
"{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}"=""
"{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
"{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}"=""
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{0E6C58A9-F592-4862-B35F-CA45E24003B3}"="CloneCD"
"{C58E742B-1F12-451C-9630-FE86D31B4573}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\InprocServer32]
@="C:\\WINDOWS\\system32\\cxl3dv2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\InprocServer32]
@="C:\\WINDOWS\\system32\\hmicons.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\InprocServer32]
@="C:\\WINDOWS\\system32\\uehisapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\InprocServer32]
@="C:\\WINDOWS\\system32\\wrsdmod.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\InprocServer32]
@="C:\\WINDOWS\\system32\\bVsesrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\InprocServer32]
@="C:\\WINDOWS\\system32\\nutmsg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\InprocServer32]
@="C:\\WINDOWS\\system32\\ddlayx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\InprocServer32]
@="C:\\WINDOWS\\system32\\wcaueng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\InprocServer32]
@="C:\\WINDOWS\\system32\\pzrfts.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\InprocServer32]
@="C:\\WINDOWS\\system32\\hhetmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\InprocServer32]
@="C:\\WINDOWS\\system32\\dfnaddr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\InprocServer32]
@="C:\\WINDOWS\\system32\\km1394.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\InprocServer32]
@="C:\\WINDOWS\\system32\\dIdim700.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\InprocServer32]
@="C:\\WINDOWS\\system32\\unbmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\InprocServer32]
@="C:\\WINDOWS\\system32\\vvrifier.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\InprocServer32]
@="C:\\WINDOWS\\system32\\mfsnap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\fyntext.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\InprocServer32]
@="C:\\WINDOWS\\system32\\tmbyuv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\InprocServer32]
@="C:\\WINDOWS\\system32\\wysdmoe2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\InprocServer32]
@="C:\\WINDOWS\\system32\\kjdhu1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\InprocServer32]
@="C:\\WINDOWS\\system32\\wmnscard.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C58E742B-1F12-451C-9630-FE86D31B4573}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C58E742B-1F12-451C-9630-FE86D31B4573}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C58E742B-1F12-451C-9630-FE86D31B4573}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C58E742B-1F12-451C-9630-FE86D31B4573}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
atkdisp.dll Thu 3 Nov 2005 9:45:30 A.... 227 712 222,38 K
atkdis~1.dll Mon 12 Sep 2005 11:52:48 A.... 1 667 072 1,59 M
atkogl32.dll Tue 18 Oct 2005 15:03:48 A.... 38 400 37,50 K
atkosd~1.dll Mon 31 Oct 2005 10:47:28 A.... 2 032 640 1,94 M
cdosys.dll Sat 10 Sep 2005 2:55:14 A.... 2 067 968 1,97 M
dcrawex.dll Fri 9 Dec 2005 17:34:28 ..S.R 235 867 230,34 K
dn6m01~1.dll Thu 8 Dec 2005 19:39:08 ..S.R 236 028 230,50 K
dnps01~1.dll Thu 8 Dec 2005 23:21:10 ..S.R 235 867 230,34 K
dusrslvr.dll Fri 9 Dec 2005 12:59:12 ..S.R 237 231 231,67 K
en26l1~1.dll Fri 9 Dec 2005 17:35:28 ..S.R 235 867 230,34 K
gdi32.dll Thu 6 Oct 2005 4:18:12 A.... 280 064 273,50 K
ir00l5~1.dll Thu 8 Dec 2005 23:30:42 ..S.R 236 872 231,32 K
ktpml7~1.dll Fri 9 Dec 2005 17:58:42 ..S.R 235 867 230,34 K
legitc~1.dll Fri 4 Nov 2005 16:27:24 A.... 534 280 521,76 K
mshtml.dll Tue 4 Oct 2005 17:26:06 A.... 3 013 120 2,87 M
o6rolg~1.dll Fri 9 Dec 2005 17:18:22 ..S.R 237 263 231,70 K
pzustab.dll Fri 9 Dec 2005 17:18:22 ..S.R 235 867 230,34 K
shell32.dll Fri 23 Sep 2005 4:07:00 A.... 8 506 880 8,11 M
sintf16.dll Thu 1 Dec 2005 22:20:14 A.... 12 067 11,78 K
sintf32.dll Thu 1 Dec 2005 22:20:14 A.... 17 212 16,81 K
sintfnt.dll Thu 1 Dec 2005 22:20:14 A.... 21 840 21,33 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K
wmnscard.dll Fri 9 Dec 2005 17:59:28 ..S.R 235 867 230,34 K

23 items found: 23 files (10 H/S), 0 directories.
Total of file sizes: 20 900 635 bytes 19,93 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 2074-EB43

R‚pertoire de C:\WINDOWS\System32

09/12/2005 17:59 235ÿ867 wmnscard.dll
09/12/2005 17:58 235ÿ867 ktpml7711.dll
09/12/2005 17:35 235ÿ867 en26l1fs1.dll
09/12/2005 17:34 235ÿ867 dcrawex.dll
09/12/2005 17:18 235ÿ867 pzustab.dll
09/12/2005 17:18 237ÿ263 o6rolg9316.dll
09/12/2005 12:59 237ÿ231 dusrslvr.dll
08/12/2005 23:30 236ÿ872 ir00l5dm1.dll
08/12/2005 23:21 235ÿ867 dnps0177e.dll
08/12/2005 19:39 236ÿ028 dn6m01j1e.dll
26/11/2005 22:07 <REP> dllcache
19/11/2005 19:50 <REP> Microsoft
10 fichier(s) 2ÿ362ÿ596 octets
2 R‚p(s) 35ÿ433ÿ910ÿ272 octets libres
0
Réponse 20 / 51
sand4 Messages postés 33 Statut Membre
 
et maintenant le rapport d'ewido :
---------------------------------------------------------
ewido security suite - Rapport de scan
---------------------------------------------------------

+ Créé le: 19:04:31, 09/12/2005
+ Somme de contrôle: 6756AAC6

+ Résultats du scan:

[156] C:\WINDOWS\system32\wmnscard.dll -> Spyware.Look2Me : Erreur durant le nettoyage
[520] C:\WINDOWS\system32\wmnscard.dll -> Spyware.Look2Me : Erreur durant le nettoyage
C:\Documents and Settings\Sandrine\Local Settings\Temp\Cookies\sandrine@com[2].txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder
C:\Documents and Settings\Sandrine\Local Settings\Temp\Cookies\sandrine@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
C:\WINDOWS\system32\dcrawex.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\dn6m01j1e.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\dnps0177e.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\dusrslvr.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\ir00l5dm1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\o6rolg9316.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\pzustab.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Cookies\sandrine@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Nettoyer et sauvegarder
J:\Logiciels\keygen_symentec\kgnis.exe -> Dropper.Delf.fd : Nettoyer et sauvegarder


::Fin du rapport
depuis 35 minutes je n'ai eu qu'une seul page de pub a l'écran .
a+
0