Trojan CHOPHAR.A

valérie -  
 bernie61 -
Bonjour,

Mon ordi est infecté par TROJ_CHOPHAR.A
L'antivirus (PC CILLIN de Trend Micro) le détecte, le met en quarantaine mais il revient sans arrêt.
D'autre part j'ai fait SPYBOT et AD-AWARE qui détectent (et nettoient ) sans arrêt CoolWWWSearch.Yexe ou .WCADW.
Cette infection perturbe l'affichage de la page d'internet explorer.
Au départ, à l'ouverture d'internet une page http:/secure 32 s'ouvrait et dans la barre d'adresse se déroulait le contenu du PC (style explorateur).
J'ai supprimé avec Chaos Schreder l'indication secure 32.html.
Voici ce que donne le scan en ligne de BitDefender :
C:\!Submit\05-29-2005\alledit.dll: infected with Adware.Look2me.AB
C:\!Submit\05-29-2005\aului.dll: infected with Adware.Look2me
C:\!Submit\05-29-2005\az18051ue.dll: infected with Adware.Look2me
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW10.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW11.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW12.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW12.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW13.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW13.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW14.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW14.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW15.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW15.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW16.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW16.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW17.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW17.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW18.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW18.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW19.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW19.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW20.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW20.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW21.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW21.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW22.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW22.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW23.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW23.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit10.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit11.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit12.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit12.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit13.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit13.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit14.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit14.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit15.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit15.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit16.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit16.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit17.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit17.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit18.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit18.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit19.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit19.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit20.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit20.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit21.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit21.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit22.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit22.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit23.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit23.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit24.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit24.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit25.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit25.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit26.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit26.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit27.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit27.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit28.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit28.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit29.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit29.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit30.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit30.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit31.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit31.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit32.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit32.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit33.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit33.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit34.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit34.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit35.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit35.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit36.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit36.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit37.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit37.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit38.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit38.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit39.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit39.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit40.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit40.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit41.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit41.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit42.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit42.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit43.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit43.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit44.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit44.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit45.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit45.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit46.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit46.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit47.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit47.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip=>ms1.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip=>sbRecovery.ini: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>default.skn: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab2.bmp: password protected
C:\System Volume Information\_restore{1D3CE8F7-B48B-444B-8B2D-2C75DF3C00FB}\RP179\A0070147.exe: suspect Generic.Malware.Mdld.6BFBFE04
C:\WINDOWS\inet20003\mm4.exe: suspect Generic.Malware.Mdld.6BFBFE04
C:\WINDOWS\inet20003\mm4.exe.bak: suspect Generic.Malware.Mdld.6BFBFE04
C:\WINDOWS\inet20003\services.exe: suspect Generic.Malware.Sdld.5EA03D19
C:\WINDOWS\kl.exe: infected with Trojan.Spy.Agent.JL
C:\WINDOWS\system32\amivvaxx.dll: infected with Adware.Look2me
C:\WINDOWS\system32\awi2dvag.dll: infected with Adware.Look2me
C:\WINDOWS\system32\aycups.dll: infected with Adware.Look2me
C:\WINDOWS\system32\bvowselc.dll: infected with Adware.Look2me
C:\WINDOWS\system32\cVtsrvut.dll: infected with Adware.Look2me
C:\WINDOWS\system32\dCdramp.dll: infected with Adware.Look2me
C:\WINDOWS\system32\dfsapi.dll: infected with Adware.Look2me
C:\WINDOWS\system32\djlayx.dll: infected with Adware.Look2me
C:\WINDOWS\system32\dkgeng.dll: infected with Adware.Look2me
C:\WINDOWS\system32\dumsrpcn.dll: infected with Adware.Look2me
C:\WINDOWS\system32\dwnhpast.dll: infected with Adware.Look2me
C:\WINDOWS\system32\EGAPI2.dll: infected with Adware.Look2me
C:\WINDOWS\system32\eifpixio130.dll: infected with Adware.Look2me
C:\WINDOWS\system32\enrml1911.dll: infected with Adware.Look2me
C:\WINDOWS\system32\eocwiab.dll: infected with Adware.Look2me
C:\WINDOWS\system32\exent97.dll: infected with Adware.Look2me
C:\WINDOWS\system32\EZBTEG.DLL: infected with Adware.Look2me
C:\WINDOWS\system32\fbsrch.dll: infected with Adware.Look2me
C:\WINDOWS\system32\gD402ghmg64a2.dll: infected with Adware.Look2me
C:\WINDOWS\system32\HKActiveX.dll: infected with Adware.Look2me
C:\WINDOWS\system32\ibseng.dll: infected with Adware.Look2me
C:\WINDOWS\system32\iCssam.dll: infected with Adware.Look2me
C:\WINDOWS\system32\iFspolcy.dll: infected with Adware.Look2me
C:\WINDOWS\system32\igenginenew.dll: infected with Adware.Look2me
C:\WINDOWS\system32\igv6mon.dll: infected with Adware.Look2me
C:\WINDOWS\system32\JCGI500.DLL: infected with Adware.Look2me
C:\WINDOWS\system32\JDGI500.DLL: infected with Adware.Look2me
C:\WINDOWS\system32\jkcript.dll: infected with Adware.Look2me
C:\WINDOWS\system32\kmdno1.dll: infected with Adware.Look2me
C:\WINDOWS\system32\kndusx.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mgsap.dll: infected with Adware.Look2me
C:\WINDOWS\system32\minetobj.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mJrmla911d.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mnw3prt.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mqpmsnsv.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mujet40.dll: infected with Adware.Look2me
C:\WINDOWS\system32\murepl40.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mwglibnt.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mwidle.dll: infected with Adware.Look2me
C:\WINDOWS\system32\nqobjapi.dll: infected with Adware.Look2me
C:\WINDOWS\system32\nqxpnt.dll: infected with Adware.Look2me
C:\WINDOWS\system32\nsprovau.dll: infected with Adware.Look2me
C:\WINDOWS\system32\nstmsg.dll: infected with Adware.Look2me
C:\WINDOWS\system32\oabc16gt.dll: infected with Adware.Look2me
C:\WINDOWS\system32\oqbccr32.dll: infected with Adware.Look2me
C:\WINDOWS\system32\paytime.exe: suspect GenPack:Generic.Malware.Ssp.C295E597
C:\WINDOWS\system32\pjcCllct.dll: infected with Adware.Look2me
C:\WINDOWS\system32\pkchdprf.dll: infected with Adware.Look2me
C:\WINDOWS\system32\rFsman.dll: infected with Adware.Look2me
C:\WINDOWS\system32\scdocvw.dll: infected with Adware.Look2me
C:\WINDOWS\system32\siredir.dll: infected with Adware.Look2me
C:\WINDOWS\system32\smdocvw.dll: infected with Adware.Look2me
C:\WINDOWS\system32\srarddlg.dll: infected with Adware.Look2me
C:\WINDOWS\system32\swlgntfy.dll: infected with Adware.Look2me
C:\WINDOWS\system32\sxc_os.dll: infected with Adware.Look2me
C:\WINDOWS\system32\sypblb.dll: infected with Adware.Look2me
C:\WINDOWS\system32\tVpi32.dll: infected with Adware.Look2me
C:\WINDOWS\system32\uglmon.dll: infected with Adware.Look2me
C:\WINDOWS\system32\whspdmoe.dll: infected with Adware.Look2me
C:\WINDOWS\system32\wjaudsdk.dll: infected with Adware.Look2me
C:\WINDOWS\system32\wP2time.dll: infected with Adware.Look2me
C:\WINDOWS\system32\wqvdmoe.dll: infected with Adware.Look2me
C:\WINDOWS\system32\wrbvw.dll: infected with Adware.Look2me
C:\WINDOWS\system32\wU2time.dll: infected with Adware.Look2me
C:\WINDOWS\system32\xvnroll.dll: infected with Adware.Look2me
C:\WINDOWS\tool1.exe: infected with BehavesLike:Win32.ExplorerHijack

Je suis donc au bout de mes ressources... Ce serait sympa de me donner un coup de main (Balltrap, Régis ??? ou autre !!). Merci
Configuration: WINDOWS XP

31 réponses

  • 1
  • 2
Résumé de la discussion

Des symptômes d'infection apparaissent avec TROJ_CHOPHAR.A détecté par Trend Micro, qui le met en quarantaine mais le voit réapparaître continuellement, accompagnés de perturbations d'affichage dans Internet Explorer. Des outils tels que Spybot et Ad-Aware détectent et nettoient des composants comme Look2me et CoolWWWSearchWCADW, mais des archives de récupération protégées et des éléments cryptés compliquent le nettoyage et la suppression durable. Par ailleurs, un scan en ligne BitDefender énumère des fichiers infectés, notamment des dll liées à Look2me et de nombreuses Recovery protégées par mot de passe, indiquant une infection étendue et complexe.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. valérie
     
    Sur l2mfix.bat j'ai vu :

    1 sans le #. Voici le log obtenu

    L2MFIX find log 1.03
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
    "Asynchronous"=dword:00000000
    "DllName"=""
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{50075C1D-F3EE-9492-2C2C-E5D5AC22F1A1}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
    "{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
    "{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}"=""
    "{AD9D7765-FA22-4B12-8AD8-10F8318A95F1}"=""
    "{3D896570-5D81-4CE5-B8BB-01310081EAA5}"=""
    "{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}"=""
    "{2A521742-CE4D-41A7-83F9-D094C22DB570}"=""
    "{68B871F2-68FC-4125-A173-8C30C7C91D96}"=""
    "{7D7169EC-BB29-4028-BDE0-440913B7348B}"=""
    "{C4F40C09-A789-4E6A-8581-BC62781D4965}"=""
    "{BEB2A1FC-CE21-420C-832E-2309FE2119E7}"=""
    "{34808D6C-2603-48D4-B360-B262DD5790A6}"=""
    "{C8B0E3DE-63DF-4297-8753-1ADE95B59305}"=""
    "{4C0EC831-B267-441B-9C5C-5518E201AAA2}"=""
    "{B8476785-BE60-4931-A4DF-F98DA9C4932C}"=""
    "{8EF1A676-280A-440D-BDE5-D895797A91A8}"=""
    "{B6102B5F-84B0-4392-842D-CACEE4D574FD}"=""
    "{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}"=""
    "{F7462E29-A6E5-4717-A540-547B1A797B63}"=""
    "{87F612EE-5CF0-4FED-94FD-A83744369D59}"=""
    "{01AB6D20-3924-4852-AE59-7A35261F7129}"=""
    "{77FD83F0-3477-409A-AE73-D0D81DA02E0E}"=""
    "{AA077F12-114A-4F74-BC80-95E26D9CC68C}"=""
    "{BEBD263F-4658-413D-9293-2830DCDE481A}"=""
    "{F9F59919-A8CE-4C8F-B432-04917950368F}"=""
    "{2330E860-A37D-4437-A245-AC1E08C74AE1}"=""
    "{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}"=""
    "{9172625E-DCED-458D-9BA0-6098A7F82558}"=""
    "{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}"=""
    "{7B444A6E-77B2-41D2-A65A-7E491C71F864}"=""
    "{40174362-F82C-4528-A6CB-545DAEFEFCFC}"=""
    "{81F7AB02-3B9E-4B81-8085-273F477CA092}"=""
    "{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}"=""
    "{D10C07E1-F982-42E4-B7E2-452155E6751E}"=""
    "{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}"=""
    "{C62DA77A-D33C-4AB8-8539-5799380ED942}"=""
    "{66751893-2D51-4F67-B998-B70D873A382F}"=""
    "{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}"=""
    "{23103B7C-D11C-43CE-971B-A534F14CD2FE}"=""
    "{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}"=""
    "{85EB4C38-BF06-4115-8C15-CB09C963414F}"=""
    "{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}"=""
    "{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}"=""
    "{641D2038-0C56-4FF3-8A7D-60E1D362F05F}"=""
    "{E145054C-D350-429C-879A-392C7CE06EF9}"=""
    "{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}"=""
    "{37086980-7796-48D7-906F-DFA7D4CABD0C}"=""
    "{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}"=""
    "{33735CDD-36D0-4204-BFF6-877CDDC286D8}"=""
    "{BC4AE231-8295-448B-99FD-5ACCEA99D543}"=""
    "{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}"=""
    "{722E3735-A6F6-43DC-A477-6C105AAC6000}"=""
    "{8D86A429-BDE1-4FE6-9AC1-D08F10232669}"=""
    "{1BD97DE5-4056-4A5D-83FF-6598513B6E38}"=""
    "{24D2C94F-9D50-48DF-8A9E-395D90BE3765}"=""
    "{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}"=""
    "{95BB053A-7B11-4EF6-A7B5-2958228BD37B}"=""
    "{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}"=""
    "{AD7279E1-AC70-4095-A6C7-19C3887EE597}"=""
    "{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}"=""
    "{A89EE47D-F547-46BF-BCF3-D8471F33235C}"=""
    "{A3842520-5AB6-4275-95BC-926F2CC1A22D}"=""
    "{871B7818-5827-4FE3-85CB-A9F844F5D7BE}"=""
    "{2A021736-1362-46A8-BF28-EA33C6499AB8}"=""
    "{EB519BAF-3323-4FBC-991B-EEE409D678B7}"=""
    "{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}"=""
    "{9220559D-23BF-4771-93F4-C9E4F17CAB74}"=""
    "{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}"=""
    "{3420872F-9A5A-4308-85F7-DFDE2FA5A571}"=""
    "{8528AFCA-B870-492C-A97D-A6BE6E713F43}"=""
    "{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}"=""
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
    "{8FBB88C9-90C0-4891-A083-2C7309744495}"=""
    "{48F45200-91E6-11CE-8A4F-0080C81A28D4}"="TMD Shell Extension"
    "{771A9DA0-731A-11CE-993C-00AA004ADB6C}"="VBPropSheet"
    "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dumsrpcn.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}\InprocServer32]
    @="C:\\WINDOWS\\system32\\igenginenew.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dkgeng.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mwidle.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}\InprocServer32]
    @="C:\\WINDOWS\\system32\\pjcCllct.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wP2time.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}\InprocServer32]
    @="C:\\WINDOWS\\system32\\kndusx.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sypblb.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}\InprocServer32]
    @="C:\\WINDOWS\\system32\\amivvaxx.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}\InprocServer32]
    @="C:\\WINDOWS\\system32\\smdocvw.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}\InprocServer32]
    @="C:\\WINDOWS\\system32\\jkcript.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}\InprocServer32]
    @="C:\\WINDOWS\\system32\\cVtsrvut.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mwglibnt.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wU2time.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}\InprocServer32]
    @="C:\\WINDOWS\\system32\\EGAPI2.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\tVpi32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}\InprocServer32]
    @="C:\\WINDOWS\\system32\\eifpixio130.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ibseng.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\murepl40.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mnw3prt.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}\InprocServer32]
    @="C:\\WINDOWS\\system32\\whspdmoe.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mJrmla911d.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}\InprocServer32]
    @="C:\\WINDOWS\\system32\\kmdno1.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mgsap.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dwnhpast.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}\InprocServer32]
    @="C:\\WINDOWS\\system32\\fbsrch.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wrbvw.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}\InprocServer32]
    @="C:\\WINDOWS\\system32\\gD402ghmg64a2.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mujet40.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wjaudsdk.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}\InprocServer32]
    @="C:\\WINDOWS\\system32\\HKActiveX.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nqxpnt.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}\InprocServer32]
    @="C:\\WINDOWS\\system32\\exent97.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\swlgntfy.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nsprovau.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}\InprocServer32]
    @="C:\\WINDOWS\\system32\\djlayx.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\iCssam.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}\InprocServer32]
    @="C:\\WINDOWS\\system32\\eocwiab.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nqobjapi.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\pkchdprf.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}\InprocServer32]
    @="C:\\WINDOWS\\system32\\oabc16gt.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}\InprocServer32]
    @="C:\\WINDOWS\\system32\\xvnroll.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}\InprocServer32]
    @="C:\\WINDOWS\\system32\\iFspolcy.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}\InprocServer32]
    @="C:\\WINDOWS\\system32\\minetobj.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}\InprocServer32]
    @="C:\\WINDOWS\\system32\\bvowselc.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}\InprocServer32]
    @="C:\\WINDOWS\\system32\\JCGI500.DLL"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}\InprocServer32]
    @="C:\\WINDOWS\\system32\\EZBTEG.DLL"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}\InprocServer32]
    @="C:\\WINDOWS\\system32\\aycups.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}\InprocServer32]
    @="C:\\WINDOWS\\system32\\igv6mon.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\oqbccr32.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}\InprocServer32]
    @="C:\\WINDOWS\\system32\\awi2dvag.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}\InprocServer32]
    @="C:\\WINDOWS\\system32\\scdocvw.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mqpmsnsv.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rFsman.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\uglmon.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dCdramp.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dfsapi.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}\InprocServer32]
    @="C:\\WINDOWS\\system32\\sxc_os.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\srarddlg.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nstmsg.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wqvdmoe.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1 022 976 999,00 K
    cdfview.dll Fri 21 Oct 2005 4:41:00 A.... 152 064 148,50 K
    danim.dll Sat 5 Nov 2005 4:17:22 A.... 1 056 768 1,01 M
    dxtrans.dll Fri 21 Oct 2005 4:41:00 A.... 205 312 200,50 K
    esent.dll Thu 20 Oct 2005 23:25:54 A.... 1 097 728 1,05 M
    extmgr.dll Fri 21 Oct 2005 4:41:00 A.... 55 808 54,50 K
    iepeers.dll Fri 21 Oct 2005 4:41:00 A.... 251 392 245,50 K
    inseng.dll Fri 21 Oct 2005 4:41:00 A.... 96 768 94,50 K
    msctl32.dll Wed 4 Jan 2006 23:06:26 A.... 62 464 61,00 K
    mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3 013 632 2,87 M
    mshtmled.dll Fri 21 Oct 2005 4:41:04 A.... 448 512 438,00 K
    msrating.dll Fri 21 Oct 2005 4:41:04 A.... 146 432 143,00 K
    mstime.dll Fri 21 Oct 2005 4:41:04 A.... 530 944 518,50 K
    pngfilt.dll Fri 21 Oct 2005 4:41:04 A.... 39 424 38,50 K
    shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1 492 992 1,42 M
    shlwapi.dll Fri 21 Oct 2005 4:41:04 A.... 474 112 463,00 K
    sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K
    spmsg.dll Thu 13 Oct 2005 0:15:26 ..... 15 072 14,72 K
    urlmon.dll Sat 5 Nov 2005 4:17:26 A.... 606 208 592,00 K
    wininet.dll Fri 21 Oct 2005 4:41:06 A.... 662 528 647,00 K

    20 items found: 20 files, 0 directories.
    Total of file sizes: 11 549 920 bytes 11,01 M
    Locate .tmp files:

    No matches found.
    **********************************************************************************
    Directory Listing of system files:
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 84FD-C885

    R‚pertoire de C:\WINDOWS\System32

    25/10/2005 21:39 <REP> dllcach
    0
  2. valerie
     
    J'ai fait l'option 2 de l2mfix. Voici le log obtenu :

    L2Mfix 1.03

    Running From:
    C:\DOCUME~1\VALRIE~1\Bureau\l2mfix

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (CI) DENY --C------- BUILTIN\Administrateurs
    (NI) ALLOW Full access AUTORITE NT\SYSTEM
    (IO) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\Utilisateurs
    (ID-IO) ALLOW Read BUILTIN\Utilisateurs
    (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (ID-NI) ALLOW Full access BUILTIN\Administrateurs
    (ID-IO) ALLOW Full access BUILTIN\Administrateurs
    (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

    Setting registry permissions:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Denying C(CI) access for predefined group "Administrators"
    - adding new ACCESS DENY entry
    - removing existing ACCESS DENY entry

    Registry Permissions set too:

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (CI) DENY --C------- BUILTIN\Administrateurs
    (NI) ALLOW Full access AUTORITE NT\SYSTEM
    (IO) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\Utilisateurs
    (ID-IO) ALLOW Read BUILTIN\Utilisateurs
    (ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
    (ID-NI) ALLOW Full access BUILTIN\Administrateurs
    (ID-IO) ALLOW Full access BUILTIN\Administrateurs
    (ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
    (ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

    Setting up for Reboot

    Starting Reboot!

    Je vais faire un HJT . A +
    0
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. valérie
     
    Voici donc le rapport de HJT :

    Logfile of HijackThis v1.99.0
    Scan saved at 22:15:25, on 05/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\inet20003\services.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Trend Micro\pccguide.exe
    C:\Program Files\Trend Micro\PCCClient.exe
    C:\Program Files\Trend Micro\Pop3trap.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\system32\paytime.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
    C:\WINDOWS\system32\paytime.exe
    C:\Program Files\Trend Micro\WebTrap.EXE
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\WINDOWS\inet20003\mm4.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\fotowin\RTETPISv.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\Tmntsrv.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\Program Files\Trend Micro\PCCPFW.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
    O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.00.13.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
    O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
    O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
    O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

    Bon courage et merci
    0
  5. bernie61
     
    resalut
    j espère n'avoir rien oublié, lol,

    0. Installe ce nettoyeur CCLEANER http://www.ccleaner.com/ ou lien direct là http://www.filehippo.com/download_ccleaner.html (la flèche)
    Tutorial là http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
    ensuite
    *Configure ton ordi pour tous scan à exécuter complétement, il faut pouvoir scanner tous les dossiers caché et système donc faire :
    Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
    - afficher les fichiers et dossier cachés
    - afficher contenu dossier système
    décocher
    - masquer fichiers protégés du dossier système
    Puis cliquer APPLIQUER à TOUS les Dossiers

    1. à vérifier là http://virusscan.jotti.org/ fichier par fichier Parcourir puis SUBMIT lance ce multiple scanneur antivirus)
    C:\WINDOWS\htpatch.exe

    2. Relances Hijackthis et coche (puis FIX)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
    O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.00.13.dll
    O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe

    3. Effacer ces programmes .EXE et .DLL( et à la fin vider la corbeille)
    C:\WINDOWS\inet20003\ > le répertoire
    C:\WINDOWS\system32\paytime.exe

    5. vider les répertoires temps et la corbeille, en lançant Ccleaner
    Refais un hijackthis de contrôle et dis nous où en sont les problèmes

    a+
    0
    1. valérie
       
      J'ai besoin de qq précisions .
      A l'étape 0, faut -il lancer le CCleaner avant

      *Configure ton ordi pour tous scan à......

      ou après ? En plus qd on fait cette config le bouton APPLIQUER A TOUS LES DOSSIERS n'est pas actif.

      A+
      0
  6. incognito02 Messages postés 3487 Statut Contributeur 138
     
    Salut Bernie ....

    Ca ressemble à du smitfraud, tu ne trouves pas ?

    A+
    0
    1. bernie61
       
      salut
      merci, c'est en effet aussi possible mais au départ son infection est look2me qu on nettoie avec l2mfix

      valérie,
      passes ce smitfrau comme nous ne conseilles incognito,
      option 1 puis 2
      http://users.skynet.be/BernieClub/#frau
      a+
      0
  7. valérie
     
    Voici le rapport SMITFRAUDfIX OPTION 1

    SmitFraudFix v2.11

    Rapport fait à 23:17:43,42 le 05/01/2006
    Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

    C:\WINDOWS\kl.exe PRESENT !
    C:\WINDOWS\icont.exe PRESENT !
    C:\WINDOWS\tool1.exe PRESENT !
    C:\WINDOWS\tool4.exe PRESENT !
    C:\WINDOWS\tool5.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

    C:\WINDOWS\system32\paytime.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Val‚rie\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"
    "{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}"="OutPost FireWall"

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

    je lance l'option 2
    0
  8. valérie
     
    Voici le rapport de l'option 2 du smitfraud :

    SmitFraudFix v2.11

    Rapport fait à 23:50:02,51 le 05/01/2006
    Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

    Voici le rapport de l'HJT :

    Logfile of HijackThis v1.99.0
    Scan saved at 23:54:50, on 05/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\inet20003\services.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Trend Micro\pccguide.exe
    C:\Program Files\Trend Micro\PCCClient.exe
    C:\Program Files\Trend Micro\Pop3trap.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
    C:\Program Files\Trend Micro\WebTrap.EXE
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\WINDOWS\inet20003\mm4.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\fotowin\RTETPISv.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\Program Files\Trend Micro\Tmntsrv.exe
    C:\Program Files\Trend Micro\PCCPFW.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
    O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
    O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
    O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

    Bon courage !! A +
    0
  9. bernie61
     
    re
    relance smitfrau option 1 puis option2
    reposte ensuite un Hijack
    a+
    0
  10. bernie61
     
    j'insiste sur option2 en mode sans échec stp
    a+
    0
  11. valérie
     
    La chasse reprend....
    Voici :

    1 ) le rapport de Smitfraud option 1

    SmitFraudFix v2.11

    Rapport fait à 17:46:07,90 le 06/01/2006
    Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Val‚rie\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

    Voici le rapport Smitfraud option 2 en mode sans échec :

    SmitFraudFix v2.11

    Rapport fait à 17:50:44,17 le 06/01/2006
    Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

    et enfin l'HJT :

    Logfile of HijackThis v1.99.0
    Scan saved at 17:54:30, on 06/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\inet20003\services.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\htpatch.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Trend Micro\pccguide.exe
    C:\Program Files\Trend Micro\PCCClient.exe
    C:\Program Files\Trend Micro\Pop3trap.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\WINDOWS\inet20003\mm4.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\fotowin\RTETPISv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\Tmntsrv.exe
    C:\Program Files\Trend Micro\PCCPFW.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
    O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
    O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
    O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
    O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
    O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

    Je l'avais déjà fait hier soir ....

    Faut-il désactiver la restauration du système avt de faire ttes ces manip ?

    Encore merci
    0
  12. bernie61
     
    bonsoir
    désactiver restauration et vider fais ça après nettouyage quand il n'y aura plus de pbm

    *Configure ton ordi pour tous scan à exécuter complétement, il faut pouvoir scanner tous les dossiers caché et système donc faire :
    Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
    - afficher les fichiers et dossier cachés
    - afficher contenu dossier système
    décocher
    - masquer fichiers protégés du dossier système
    Puis cliquer APPLIQUER à TOUS les Dossiers

    1. à vérifier là http://virusscan.jotti.org/ fichier par fichier Parcourir puis SUBMIT lance ce multiple scanneur antivirus)
    C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe

    2. Relances Hijackthis et coche (puis FIX)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
    O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
    O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
    O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe

    3. Effacer ces programmes .EXE et .DLL( et à la fin vider la corbeille)
    C:\WINDOWS\inet20003\ > le répertoire
    C:\WINDOWS\system32\paytime.exe

    puis ccleaner et un nouveau Hijack
    a+
    0
  13. valérie
     
    re
    le bouton "APPLIQUER A TOUS LES DOSSIERS " n'est pas opérationnel, je n'ai que le choix en bas de la fenêtre à droite de APPLIQUER
    dois-je continuer le reste malgré ça ?

    A+
    0
  14. bernie61
     
    re
    tu es admnistrateur? si pas log to sous un nom qui administrateur

    sinon continue
    a+
    0
    1. valérie
       
      Voici le rapport HJT après avoir supp les temps et vidé la corbeille :

      Logfile of HijackThis v1.99.0
      Scan saved at 22:49:42, on 06/01/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      c:\fotowin\RTETPISv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Trend Micro\Tmntsrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\inet20003\services.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\htpatch.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Trend Micro\pccguide.exe
      C:\Program Files\Trend Micro\PCCClient.exe
      C:\Program Files\Trend Micro\Pop3trap.exe
      C:\Program Files\MessengerPlus! 3\MsgPlus.exe
      C:\Program Files\Java\jre1.5.0\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\Program Files\Trend Micro\WebTrap.EXE
      C:\Program Files\Trend Micro\PCCPFW.exe
      C:\WINDOWS\inet20003\mm4.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
      C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
      C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
      C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
      C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
      C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
      C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
      C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
      O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
      O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
      O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
      O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
      O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
      O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
      O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
      O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
      O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
      O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
      O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
      O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
      O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
      O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
      O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
      O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
      O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
      O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
      O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
      O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
      O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
      O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
      O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
      O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
      0
  15. valerie
     
    Je pense être administrateur (pas de mutisessions qd je démarre le PC).
    J'ai déjà continué.

    Impossible de supprimer (même avec chaos schreder) : dans inet 20003 mm4.exe et services.exe
    imp. trouver paytime.exe

    Je lance un CCcleaner et HJT
    A+
    0
  16. Utilisateur anonyme
     
    salut Valerie

    Télécharge ceci: (merci a S!RI pour ce petit programme).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.

    PS:Bernie n a pas l air trop en accord avec ce prog lol
    0
  17. Utilisateur anonyme
     
    Tu peux faire ce que je te proposes au 20?

    Merci
    0
  18. bernie61
     
    salut régis
    on a déjà passe Smitfrau san résultat

    valérie, utilise l'effaceur de Hijack pour tous les fichiers dans inet2003

    effaceur Hijackthis
    ouvrir Hijackthis là en bas droite CONFIG puis onglet MISCtools, là " Delete a file on reboot ", cliq dessus et suivre chemin de fichier à effacer, il indique alors " voulez-vous redémarrer maintenant ", cliq sur NON si d'autres fichiers sont à sélectionner et à nouveau " Delete a file on reboot " .. puis cliq OUI quand tous les fichiers sont sélectionnés

    a+
    0
  • 1
  • 2