Searc-h.com et look2me !?..

sand4 Messages postés 33 Statut Membre -  
 Utilisateur anonyme -
bonsoir , tous les 2/3 jours lorsque je fais une analyse anti-virus , norton trouve un virus "look2me" ; et j'ai des page de pub qui apparaissent a l'écran meme quand je n'utilise pas internet . type : searc-h.com ou analyse en ligne ou encore des coupons de réductions .... J'ai vu que Feline20 dans son message : "page à l'ouverture d'internet" du 31/10/2005 avait les memes symptomes ; est-ce-que je peux utiliser la meme medecine ?
D'avance merci .a+

51 réponses

Précédent
Réponse 21 / 51
Utilisateur anonyme
 
re


telecharge ceci

Télécharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe

:: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
http://pageperso.aol.fr/balltrap34/killbox.htm

avec la methode du bloc note, voici la liste:

C:\WINDOWS\system32\wmnscard.dll
C:\WINDOWS\system32\wmnscard.dll
C:\WINDOWS\system32\dcrawex.dll
C:\WINDOWS\system32\dn6m01j1e.dll
C:\WINDOWS\system32\dnps0177e.dll
C:\WINDOWS\system32\dusrslvr.dll
C:\WINDOWS\system32\ir00l5dm1.dll
C:\WINDOWS\system32\o6rolg9316.dll
C:\WINDOWS\system32\pzustab.dll

Une fois fais, le pc va se relancer, mais ne le laisse pas redemarrer en mode normal, bascule en mode sans echec lorsque killbox redemarre ton pc


Une fois en sans echec,

Lance hijack this et fixe la ligne 020
O20 - Winlogon Notify: Control Panel ...

Puis lance lm2fix option 2 !

Redemarre en mode normal, remet un hijack this

a+

0
Réponse 22 / 51
sand4 Messages postés 33 Statut Membre
 
le rapport d'ewido :
---------------------------------------------------------
ewido security suite - Rapport de scan
---------------------------------------------------------

+ Créé le: 19:04:31, 09/12/2005
+ Somme de contrôle: 6756AAC6

+ Résultats du scan:

[156] C:\WINDOWS\system32\wmnscard.dll -> Spyware.Look2Me : Erreur durant le nettoyage
[520] C:\WINDOWS\system32\wmnscard.dll -> Spyware.Look2Me : Erreur durant le nettoyage
C:\Documents and Settings\Sandrine\Local Settings\Temp\Cookies\sandrine@com[2].txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder
C:\Documents and Settings\Sandrine\Local Settings\Temp\Cookies\sandrine@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
C:\WINDOWS\system32\dcrawex.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\dn6m01j1e.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\dnps0177e.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\dusrslvr.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\ir00l5dm1.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\o6rolg9316.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\system32\pzustab.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
C:\WINDOWS\Temp\Cookies\sandrine@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Nettoyer et sauvegarder
J:\Logiciels\keygen_symentec\kgnis.exe -> Dropper.Delf.fd : Nettoyer et sauvegarder


::Fin du rapport
et maintenant avec killbox , a suivre
0
Réponse 23 / 51
sand4 Messages postés 33 Statut Membre
 
et voila le rapport de hijack :
Logfile of HijackThis v1.99.1
Scan saved at 19:41:06, on 09/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
J:\Logiciels\OpwareSE2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Documents and Settings\Sandrine\Mes documents\searc-h.com_look2me(spy)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neuf.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "J:\Logiciels\OpwareSE2.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132436808562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132437360156
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\ktpml7711.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

l'ordinateur a redemarré sans pb apparant mais une fenetre de pub est encore venues a la réouverture du forum .
a+
0
Réponse 24 / 51
sand4 Messages postés 33 Statut Membre
 
j'ai toujours ces pages de pub et apres qlq secondes une fenetre est apparue avec comme message : "winlogon.exe-erreur d'application .
l'instruction à "0x10013eee" emploie l'adresse mémoire "0x145b000" .la mémoire ne peut pas etre "read"
cliquez sur : OK ou ANNULER . j'ai cliqué sur "ok" et l'ordinateur a redemarré tout seul .
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 51
sand4 Messages postés 33 Statut Membre
 
norton vient de me trouver 2 virus , 2adware look2me
0
Réponse 26 / 51
Utilisateur anonyme
 
re

dans panneau de configuration < option internet <onglet confidentialité < met moyen et valide

Télécharge cet uninstaller.
http://www.ad-w-a-r-e.com/cgi-bin/UnInstaller
Lance-le, exécute le, puis, redémarre et poste un nouveau log.
Note : Lorsque tu click sur « I accept » Note la Key, elle te servira

a+
0
Réponse 27 / 51
sand4 Messages postés 33 Statut Membre
 
apres avoir cliquer sur : "i accept" une fenetre me dit que les parametres de securitées ne me permettent pas de charger ce fichier .
0
Réponse 28 / 51
Utilisateur anonyme
 
re,
relance ewido et donne le rapport

a+
0
Réponse 29 / 51
sand4 Messages postés 33 Statut Membre
 
rebonjour , impossible de faire la mise a jour d'ewido .
j'ai lancer l'analyse et qlq secondes plus tard j'ai eu une fenetre avec le meme message qu'hiere : "winlogon.exe-erreur d'application "(l'instruction à "0x10013eee.....peut pas etre "read") , cette fois j'ai cliquer sur :"annuler" mais meme resultat , l'ordinateur c'est relancer tout seul .
donc j'ai refais une 2° analyse avec ewido voici le rapport :
---------------------------------------------------------
ewido security suite - Rapport de scan
---------------------------------------------------------

+ Créé le: 08:27:57, 10/12/2005
+ Somme de contrôle: DBDFFA82

+ Résultats du scan:

[1608] C:\WINDOWS\system32\sdi_ci.dll -> Spyware.Look2Me : Erreur durant le nettoyage
[492] C:\WINDOWS\system32\sdi_ci.dll -> Spyware.Look2Me : Erreur durant le nettoyage
C:\Documents and Settings\Sandrine\Local Settings\Temp\Cookies\sandrine@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
C:\WINDOWS\system32\e4jm0e11eh.dll -> Spyware.Look2Me : Nettoyer et sauvegarder


::Fin du rapport
et maintanant je clique sur la croix en haut à droite de la fenetre de dialogue pour voir le resultat !
0
Réponse 30 / 51
sand4 Messages postés 33 Statut Membre
 
le résultat est le meme , a savoir : redemarrage de l'ordinateur !
ca me Gon...!
0
Réponse 31 / 51
Utilisateur anonyme
 
salut

avec kill box,voici la liste

C:\WINDOWS\system32\sdi_ci.dll
C:\WINDOWS\system32\e4jm0e11eh.dll

Au redemarrage, bascule en sans echec (une fois que tu as utilisé kill box ne reviens pas en mode normal)

Fixe ceci
O20 - Winlogon Notify:.........

Puis relance lm2fix option 2

Reste en mode sans echec, relance ewido
S il trouve des fichiers look 2 me, supprime les avec kill box

Redemarre en normal et remet un hijack this

a+

0
Réponse 32 / 51
sand4 Messages postés 33 Statut Membre
 
bonjour , est ce que je dois etre en mode f8 pour travailler avec "killbox" , car quand je rentre le nom des fichiers à supprimer et que je tape sur la croix rouge , j'ai un message me disant d'attendre qu'il verifie puis un second me demandant confirmation de la suppression et enfin un 3° : "PendingFileRenameOperations Registry Data has been Removed by External Process" ; est ce que c'est normal ?
0
Réponse 33 / 51
Utilisateur anonyme
 
ok,
oui c est pas grave, une fois que tu as fait kill box, tu passe en mode sans echec lorsqu il redemare ton pc

Peux tu faire la suite de la procedure?

a+
0
Réponse 34 / 51
sand4 Messages postés 33 Statut Membre
 
je suis en train de passer "ewido" il a deja trouvé 2 "look2Me" , mais j'ai fait "supprimer" car je ne sais pas comment faire avec "killbox" .
0
Réponse 35 / 51
sand4 Messages postés 33 Statut Membre
 
au faite quand j'ai lancer "Lm2fix" option2 , lorsqu'il a terminer avant de m'afficher le rapport ; en bas de la fenetre il était écris : "zip error : Nothing to do ! ( backup.zip)
Appuyez sur une touche pour continuer"
je l'ai fait et est redemmarer en mode F8 pour "ewido"
0
Réponse 36 / 51
sand4 Messages postés 33 Statut Membre
 
voila le rapport de "hijack" :
Logfile of HijackThis v1.99.1
Scan saved at 14:22:17, on 10/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\qttask.exe
J:\Logiciels\OpwareSE2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Sandrine\Mes documents\searc-h.com_look2me(spy)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neuf.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE2] "J:\Logiciels\OpwareSE2.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132436808562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132437360156
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\m846lihs1846.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
0
Réponse 37 / 51
Utilisateur anonyme
 
ok,

peux tu me remettre un lm2fix et un ewido stp?

a+

ps:ne desespere pas, merci lol
0
Réponse 38 / 51
sand4 Messages postés 33 Statut Membre
 
l2mfix avec quelle option ? 1 ou 2
0
Réponse 39 / 51
Utilisateur anonyme
 
option 1, excuse lol
0
Réponse 40 / 51
sand4 Messages postés 33 Statut Membre
 
rapport de "lm2fix" :
L2MFIX find log 120305
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\m846lihs1846.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{21128376-2F08-9336-D517-5CDD15CE3024}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"="{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
"{D66DC78C-4F61-447F-942B-3FB6980118CF}"="{D66DC78C-4F61-447F-942B-3FB6980118CF}"
"{32C5B668-3455-4A1B-8772-686ACD1AB317}"=""
"{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}"=""
"{8F901377-BE5A-44D9-A5F4-9E40974854D1}"=""
"{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}"=""
"{9EA297CC-705E-470B-80FC-B6884DEDBEF6}"=""
"{69AFB339-1528-4514-860E-75BA8D190EB0}"=""
"{6DF0C984-F55D-48C9-B029-374A8674EC7C}"=""
"{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}"=""
"{CAC67916-21A5-48AE-9675-3896620B68D0}"=""
"{D1C35A02-64CA-4A06-80B9-51AB7C822062}"=""
"{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}"=""
"{418B9F47-3AC2-4337-A836-F12BA45D4259}"=""
"{E0A59CA4-D907-4049-B04B-498A950BD689}"=""
"{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}"=""
"{3B0B1982-342F-49DC-AE35-2010E3998192}"=""
"{68B5644A-A044-4161-A3DB-E769357C1BC5}"=""
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{E2072638-7F3C-47BD-919D-7B6EA3421B0E}"=""
"{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}"=""
"{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}"=""
"{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}"=""
"{acb4a560-3606-11d3-aef4-00104bd0f92d}"="KodakShellExtension"
"{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}"=""
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{0E6C58A9-F592-4862-B35F-CA45E24003B3}"="CloneCD"
"{C58E742B-1F12-451C-9630-FE86D31B4573}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{32C5B668-3455-4A1B-8772-686ACD1AB317}\InprocServer32]
@="C:\\WINDOWS\\system32\\cxl3dv2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{46FAA9EE-8998-4347-8DF3-5EDCFF748F9E}\InprocServer32]
@="C:\\WINDOWS\\system32\\hmicons.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8F901377-BE5A-44D9-A5F4-9E40974854D1}\InprocServer32]
@="C:\\WINDOWS\\system32\\uehisapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3DBA243F-5174-4ECB-AD2B-8DEFA01A1F89}\InprocServer32]
@="C:\\WINDOWS\\system32\\wrsdmod.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9EA297CC-705E-470B-80FC-B6884DEDBEF6}\InprocServer32]
@="C:\\WINDOWS\\system32\\bVsesrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{69AFB339-1528-4514-860E-75BA8D190EB0}\InprocServer32]
@="C:\\WINDOWS\\system32\\nutmsg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DF0C984-F55D-48C9-B029-374A8674EC7C}\InprocServer32]
@="C:\\WINDOWS\\system32\\ddlayx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{50B16968-181F-4A8F-A4BA-AFE09B38EBF9}\InprocServer32]
@="C:\\WINDOWS\\system32\\wcaueng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CAC67916-21A5-48AE-9675-3896620B68D0}\InprocServer32]
@="C:\\WINDOWS\\system32\\pzrfts.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D1C35A02-64CA-4A06-80B9-51AB7C822062}\InprocServer32]
@="C:\\WINDOWS\\system32\\hhetmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC64D322-6AF2-49DC-95D6-0EB3EF18891F}\InprocServer32]
@="C:\\WINDOWS\\system32\\dfnaddr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{418B9F47-3AC2-4337-A836-F12BA45D4259}\InprocServer32]
@="C:\\WINDOWS\\system32\\km1394.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E0A59CA4-D907-4049-B04B-498A950BD689}\InprocServer32]
@="C:\\WINDOWS\\system32\\dIdim700.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C5C422D2-FF99-4ACE-BA31-96E8FA272DB2}\InprocServer32]
@="C:\\WINDOWS\\system32\\unbmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B0B1982-342F-49DC-AE35-2010E3998192}\InprocServer32]
@="C:\\WINDOWS\\system32\\vvrifier.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68B5644A-A044-4161-A3DB-E769357C1BC5}\InprocServer32]
@="C:\\WINDOWS\\system32\\mfsnap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E2072638-7F3C-47BD-919D-7B6EA3421B0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\fyntext.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A27BBCC8-D93F-4C32-97F1-52AEC6C13304}\InprocServer32]
@="C:\\WINDOWS\\system32\\tmbyuv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6D973DE9-D6DF-41EB-B23B-A7B83CAB018A}\InprocServer32]
@="C:\\WINDOWS\\system32\\wysdmoe2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{84D42BA7-2DE5-4B2C-84FD-750D57FF166D}\InprocServer32]
@="C:\\WINDOWS\\system32\\kjdhu1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0C52390E-3BA6-4BBF-AC4B-B2CCAFA9EAAF}\InprocServer32]
@="C:\\WINDOWS\\system32\\MXRDO20.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C58E742B-1F12-451C-9630-FE86D31B4573}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C58E742B-1F12-451C-9630-FE86D31B4573}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C58E742B-1F12-451C-9630-FE86D31B4573}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C58E742B-1F12-451C-9630-FE86D31B4573}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
atkdisp.dll Thu 3 Nov 2005 9:45:30 A.... 227 712 222,38 K
atkdis~1.dll Mon 12 Sep 2005 11:52:48 A.... 1 667 072 1,59 M
atkogl32.dll Tue 18 Oct 2005 15:03:48 A.... 38 400 37,50 K
atkosd~1.dll Mon 31 Oct 2005 10:47:28 A.... 2 032 640 1,94 M
azao0g~1.dll Sat 10 Dec 2005 14:49:46 ..S.R 236 900 231,35 K
gdi32.dll Thu 6 Oct 2005 4:18:12 A.... 280 064 273,50 K
jt2407~1.dll Sat 10 Dec 2005 14:59:16 ..S.R 236 615 231,07 K
legitc~1.dll Fri 4 Nov 2005 16:27:24 A.... 534 280 521,76 K
m846li~1.dll Sat 10 Dec 2005 13:42:36 ..S.R 236 188 230,65 K
mshtml.dll Tue 4 Oct 2005 17:26:06 A.... 3 013 120 2,87 M
mxrdo20.dll Sat 10 Dec 2005 14:59:16 ..S.R 236 188 230,65 K
o6ro0g~1.dll Sat 10 Dec 2005 14:19:38 ..S.R 234 540 229,04 K
shell32.dll Fri 23 Sep 2005 4:07:00 A.... 8 506 880 8,11 M
sintf16.dll Thu 1 Dec 2005 22:20:14 A.... 12 067 11,78 K
sintf32.dll Thu 1 Dec 2005 22:20:14 A.... 17 212 16,81 K
sintfnt.dll Thu 1 Dec 2005 22:20:14 A.... 21 840 21,33 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K

17 items found: 17 files (5 H/S), 0 directories.
Total of file sizes: 17 650 502 bytes 16,83 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 2074-EB43

R‚pertoire de C:\WINDOWS\System32

10/12/2005 14:59 236ÿ188 MXRDO20.DLL
10/12/2005 14:59 236ÿ615 jt2407fqe.dll
10/12/2005 14:49 236ÿ900 azao0g93e6.dll
10/12/2005 14:19 234ÿ540 o6ro0g93e6.dll
10/12/2005 13:42 236ÿ188 m846lihs1846.dll
26/11/2005 22:07 <REP> dllcache
19/11/2005 19:50 <REP> Microsoft
5 fichier(s) 1ÿ180ÿ431 octets
2 R‚p(s) 35ÿ195ÿ998ÿ208 octets libres

je passe "ewido" et te tiens aux nouvelles .
a+
0