Sujet Précédent Sujet Suivant

Trojan CHOPHAR.A

valérie -  
 bernie61 -
Bonjour,

Mon ordi est infecté par TROJ_CHOPHAR.A
L'antivirus (PC CILLIN de Trend Micro) le détecte, le met en quarantaine mais il revient sans arrêt.
D'autre part j'ai fait SPYBOT et AD-AWARE qui détectent (et nettoient ) sans arrêt CoolWWWSearch.Yexe ou .WCADW.
Cette infection perturbe l'affichage de la page d'internet explorer.
Au départ, à l'ouverture d'internet une page http:/secure 32 s'ouvrait et dans la barre d'adresse se déroulait le contenu du PC (style explorateur).
J'ai supprimé avec Chaos Schreder l'indication secure 32.html.
Voici ce que donne le scan en ligne de BitDefender :
C:\!Submit\05-29-2005\alledit.dll: infected with Adware.Look2me.AB
C:\!Submit\05-29-2005\aului.dll: infected with Adware.Look2me
C:\!Submit\05-29-2005\az18051ue.dll: infected with Adware.Look2me
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW10.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW11.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW12.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW12.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW13.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW13.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW14.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW14.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW15.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW15.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW16.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW16.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW17.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW17.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW18.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW18.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW19.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW19.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW20.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW20.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW21.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW21.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW22.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW22.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW23.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW23.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchWCADW9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit10.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit11.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit12.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit12.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit13.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit13.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit14.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit14.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit15.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit15.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit16.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit16.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit17.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit17.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit18.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit18.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit19.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit19.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit20.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit20.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit21.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit21.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit22.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit22.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit23.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit23.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit24.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit24.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit25.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit25.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit26.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit26.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit27.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit27.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit28.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit28.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit29.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit29.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit30.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit30.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit31.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit31.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit32.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit32.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit33.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit33.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit34.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit34.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit35.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit35.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit36.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit36.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit37.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit37.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit38.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit38.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit39.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit39.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit40.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit40.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit41.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit41.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit42.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit42.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit43.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit43.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit44.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit44.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit45.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit45.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit46.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit46.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit47.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit47.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip=>ms1.exe: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip=>sbRecovery.ini: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>default.skn: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab2.bmp: password protected
C:\System Volume Information\_restore{1D3CE8F7-B48B-444B-8B2D-2C75DF3C00FB}\RP179\A0070147.exe: suspect Generic.Malware.Mdld.6BFBFE04
C:\WINDOWS\inet20003\mm4.exe: suspect Generic.Malware.Mdld.6BFBFE04
C:\WINDOWS\inet20003\mm4.exe.bak: suspect Generic.Malware.Mdld.6BFBFE04
C:\WINDOWS\inet20003\services.exe: suspect Generic.Malware.Sdld.5EA03D19
C:\WINDOWS\kl.exe: infected with Trojan.Spy.Agent.JL
C:\WINDOWS\system32\amivvaxx.dll: infected with Adware.Look2me
C:\WINDOWS\system32\awi2dvag.dll: infected with Adware.Look2me
C:\WINDOWS\system32\aycups.dll: infected with Adware.Look2me
C:\WINDOWS\system32\bvowselc.dll: infected with Adware.Look2me
C:\WINDOWS\system32\cVtsrvut.dll: infected with Adware.Look2me
C:\WINDOWS\system32\dCdramp.dll: infected with Adware.Look2me
C:\WINDOWS\system32\dfsapi.dll: infected with Adware.Look2me
C:\WINDOWS\system32\djlayx.dll: infected with Adware.Look2me
C:\WINDOWS\system32\dkgeng.dll: infected with Adware.Look2me
C:\WINDOWS\system32\dumsrpcn.dll: infected with Adware.Look2me
C:\WINDOWS\system32\dwnhpast.dll: infected with Adware.Look2me
C:\WINDOWS\system32\EGAPI2.dll: infected with Adware.Look2me
C:\WINDOWS\system32\eifpixio130.dll: infected with Adware.Look2me
C:\WINDOWS\system32\enrml1911.dll: infected with Adware.Look2me
C:\WINDOWS\system32\eocwiab.dll: infected with Adware.Look2me
C:\WINDOWS\system32\exent97.dll: infected with Adware.Look2me
C:\WINDOWS\system32\EZBTEG.DLL: infected with Adware.Look2me
C:\WINDOWS\system32\fbsrch.dll: infected with Adware.Look2me
C:\WINDOWS\system32\gD402ghmg64a2.dll: infected with Adware.Look2me
C:\WINDOWS\system32\HKActiveX.dll: infected with Adware.Look2me
C:\WINDOWS\system32\ibseng.dll: infected with Adware.Look2me
C:\WINDOWS\system32\iCssam.dll: infected with Adware.Look2me
C:\WINDOWS\system32\iFspolcy.dll: infected with Adware.Look2me
C:\WINDOWS\system32\igenginenew.dll: infected with Adware.Look2me
C:\WINDOWS\system32\igv6mon.dll: infected with Adware.Look2me
C:\WINDOWS\system32\JCGI500.DLL: infected with Adware.Look2me
C:\WINDOWS\system32\JDGI500.DLL: infected with Adware.Look2me
C:\WINDOWS\system32\jkcript.dll: infected with Adware.Look2me
C:\WINDOWS\system32\kmdno1.dll: infected with Adware.Look2me
C:\WINDOWS\system32\kndusx.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mgsap.dll: infected with Adware.Look2me
C:\WINDOWS\system32\minetobj.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mJrmla911d.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mnw3prt.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mqpmsnsv.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mujet40.dll: infected with Adware.Look2me
C:\WINDOWS\system32\murepl40.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mwglibnt.dll: infected with Adware.Look2me
C:\WINDOWS\system32\mwidle.dll: infected with Adware.Look2me
C:\WINDOWS\system32\nqobjapi.dll: infected with Adware.Look2me
C:\WINDOWS\system32\nqxpnt.dll: infected with Adware.Look2me
C:\WINDOWS\system32\nsprovau.dll: infected with Adware.Look2me
C:\WINDOWS\system32\nstmsg.dll: infected with Adware.Look2me
C:\WINDOWS\system32\oabc16gt.dll: infected with Adware.Look2me
C:\WINDOWS\system32\oqbccr32.dll: infected with Adware.Look2me
C:\WINDOWS\system32\paytime.exe: suspect GenPack:Generic.Malware.Ssp.C295E597
C:\WINDOWS\system32\pjcCllct.dll: infected with Adware.Look2me
C:\WINDOWS\system32\pkchdprf.dll: infected with Adware.Look2me
C:\WINDOWS\system32\rFsman.dll: infected with Adware.Look2me
C:\WINDOWS\system32\scdocvw.dll: infected with Adware.Look2me
C:\WINDOWS\system32\siredir.dll: infected with Adware.Look2me
C:\WINDOWS\system32\smdocvw.dll: infected with Adware.Look2me
C:\WINDOWS\system32\srarddlg.dll: infected with Adware.Look2me
C:\WINDOWS\system32\swlgntfy.dll: infected with Adware.Look2me
C:\WINDOWS\system32\sxc_os.dll: infected with Adware.Look2me
C:\WINDOWS\system32\sypblb.dll: infected with Adware.Look2me
C:\WINDOWS\system32\tVpi32.dll: infected with Adware.Look2me
C:\WINDOWS\system32\uglmon.dll: infected with Adware.Look2me
C:\WINDOWS\system32\whspdmoe.dll: infected with Adware.Look2me
C:\WINDOWS\system32\wjaudsdk.dll: infected with Adware.Look2me
C:\WINDOWS\system32\wP2time.dll: infected with Adware.Look2me
C:\WINDOWS\system32\wqvdmoe.dll: infected with Adware.Look2me
C:\WINDOWS\system32\wrbvw.dll: infected with Adware.Look2me
C:\WINDOWS\system32\wU2time.dll: infected with Adware.Look2me
C:\WINDOWS\system32\xvnroll.dll: infected with Adware.Look2me
C:\WINDOWS\tool1.exe: infected with BehavesLike:Win32.ExplorerHijack

Je suis donc au bout de mes ressources... Ce serait sympa de me donner un coup de main (Balltrap, Régis ??? ou autre !!). Merci
A voir également:

31 réponses

  • 1
  • 2
Réponse 1 / 31
bernie61
 
salut
applique la procédure l2mfix

http://users.skynet.be/BernieClub/#l2mfix
a+
0
Réponse 2 / 31
valérie
 
Sur l2mfix.bat j'ai vu :

1 sans le #. Voici le log obtenu

L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{50075C1D-F3EE-9492-2C2C-E5D5AC22F1A1}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}"=""
"{AD9D7765-FA22-4B12-8AD8-10F8318A95F1}"=""
"{3D896570-5D81-4CE5-B8BB-01310081EAA5}"=""
"{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}"=""
"{2A521742-CE4D-41A7-83F9-D094C22DB570}"=""
"{68B871F2-68FC-4125-A173-8C30C7C91D96}"=""
"{7D7169EC-BB29-4028-BDE0-440913B7348B}"=""
"{C4F40C09-A789-4E6A-8581-BC62781D4965}"=""
"{BEB2A1FC-CE21-420C-832E-2309FE2119E7}"=""
"{34808D6C-2603-48D4-B360-B262DD5790A6}"=""
"{C8B0E3DE-63DF-4297-8753-1ADE95B59305}"=""
"{4C0EC831-B267-441B-9C5C-5518E201AAA2}"=""
"{B8476785-BE60-4931-A4DF-F98DA9C4932C}"=""
"{8EF1A676-280A-440D-BDE5-D895797A91A8}"=""
"{B6102B5F-84B0-4392-842D-CACEE4D574FD}"=""
"{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}"=""
"{F7462E29-A6E5-4717-A540-547B1A797B63}"=""
"{87F612EE-5CF0-4FED-94FD-A83744369D59}"=""
"{01AB6D20-3924-4852-AE59-7A35261F7129}"=""
"{77FD83F0-3477-409A-AE73-D0D81DA02E0E}"=""
"{AA077F12-114A-4F74-BC80-95E26D9CC68C}"=""
"{BEBD263F-4658-413D-9293-2830DCDE481A}"=""
"{F9F59919-A8CE-4C8F-B432-04917950368F}"=""
"{2330E860-A37D-4437-A245-AC1E08C74AE1}"=""
"{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}"=""
"{9172625E-DCED-458D-9BA0-6098A7F82558}"=""
"{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}"=""
"{7B444A6E-77B2-41D2-A65A-7E491C71F864}"=""
"{40174362-F82C-4528-A6CB-545DAEFEFCFC}"=""
"{81F7AB02-3B9E-4B81-8085-273F477CA092}"=""
"{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}"=""
"{D10C07E1-F982-42E4-B7E2-452155E6751E}"=""
"{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}"=""
"{C62DA77A-D33C-4AB8-8539-5799380ED942}"=""
"{66751893-2D51-4F67-B998-B70D873A382F}"=""
"{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}"=""
"{23103B7C-D11C-43CE-971B-A534F14CD2FE}"=""
"{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}"=""
"{85EB4C38-BF06-4115-8C15-CB09C963414F}"=""
"{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}"=""
"{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}"=""
"{641D2038-0C56-4FF3-8A7D-60E1D362F05F}"=""
"{E145054C-D350-429C-879A-392C7CE06EF9}"=""
"{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}"=""
"{37086980-7796-48D7-906F-DFA7D4CABD0C}"=""
"{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}"=""
"{33735CDD-36D0-4204-BFF6-877CDDC286D8}"=""
"{BC4AE231-8295-448B-99FD-5ACCEA99D543}"=""
"{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}"=""
"{722E3735-A6F6-43DC-A477-6C105AAC6000}"=""
"{8D86A429-BDE1-4FE6-9AC1-D08F10232669}"=""
"{1BD97DE5-4056-4A5D-83FF-6598513B6E38}"=""
"{24D2C94F-9D50-48DF-8A9E-395D90BE3765}"=""
"{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}"=""
"{95BB053A-7B11-4EF6-A7B5-2958228BD37B}"=""
"{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}"=""
"{AD7279E1-AC70-4095-A6C7-19C3887EE597}"=""
"{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}"=""
"{A89EE47D-F547-46BF-BCF3-D8471F33235C}"=""
"{A3842520-5AB6-4275-95BC-926F2CC1A22D}"=""
"{871B7818-5827-4FE3-85CB-A9F844F5D7BE}"=""
"{2A021736-1362-46A8-BF28-EA33C6499AB8}"=""
"{EB519BAF-3323-4FBC-991B-EEE409D678B7}"=""
"{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}"=""
"{9220559D-23BF-4771-93F4-C9E4F17CAB74}"=""
"{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}"=""
"{3420872F-9A5A-4308-85F7-DFDE2FA5A571}"=""
"{8528AFCA-B870-492C-A97D-A6BE6E713F43}"=""
"{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}"=""
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{8FBB88C9-90C0-4891-A083-2C7309744495}"=""
"{48F45200-91E6-11CE-8A4F-0080C81A28D4}"="TMD Shell Extension"
"{771A9DA0-731A-11CE-993C-00AA004ADB6C}"="VBPropSheet"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}\InprocServer32]
@="C:\\WINDOWS\\system32\\dumsrpcn.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}\InprocServer32]
@="C:\\WINDOWS\\system32\\igenginenew.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkgeng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwidle.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}\InprocServer32]
@="C:\\WINDOWS\\system32\\pjcCllct.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}\InprocServer32]
@="C:\\WINDOWS\\system32\\wP2time.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}\InprocServer32]
@="C:\\WINDOWS\\system32\\kndusx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}\InprocServer32]
@="C:\\WINDOWS\\system32\\sypblb.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}\InprocServer32]
@="C:\\WINDOWS\\system32\\amivvaxx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}\InprocServer32]
@="C:\\WINDOWS\\system32\\smdocvw.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}\InprocServer32]
@="C:\\WINDOWS\\system32\\jkcript.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}\InprocServer32]
@="C:\\WINDOWS\\system32\\cVtsrvut.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwglibnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}\InprocServer32]
@="C:\\WINDOWS\\system32\\wU2time.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\EGAPI2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}\InprocServer32]
@="C:\\WINDOWS\\system32\\tVpi32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}\InprocServer32]
@="C:\\WINDOWS\\system32\\eifpixio130.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}\InprocServer32]
@="C:\\WINDOWS\\system32\\ibseng.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}\InprocServer32]
@="C:\\WINDOWS\\system32\\murepl40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}\InprocServer32]
@="C:\\WINDOWS\\system32\\mnw3prt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}\InprocServer32]
@="C:\\WINDOWS\\system32\\whspdmoe.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}\InprocServer32]
@="C:\\WINDOWS\\system32\\mJrmla911d.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}\InprocServer32]
@="C:\\WINDOWS\\system32\\kmdno1.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgsap.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}\InprocServer32]
@="C:\\WINDOWS\\system32\\dwnhpast.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}\InprocServer32]
@="C:\\WINDOWS\\system32\\fbsrch.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}\InprocServer32]
@="C:\\WINDOWS\\system32\\wrbvw.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}\InprocServer32]
@="C:\\WINDOWS\\system32\\gD402ghmg64a2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}\InprocServer32]
@="C:\\WINDOWS\\system32\\mujet40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}\InprocServer32]
@="C:\\WINDOWS\\system32\\wjaudsdk.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}\InprocServer32]
@="C:\\WINDOWS\\system32\\HKActiveX.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\nqxpnt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}\InprocServer32]
@="C:\\WINDOWS\\system32\\exent97.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}\InprocServer32]
@="C:\\WINDOWS\\system32\\swlgntfy.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}\InprocServer32]
@="C:\\WINDOWS\\system32\\nsprovau.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}\InprocServer32]
@="C:\\WINDOWS\\system32\\djlayx.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}\InprocServer32]
@="C:\\WINDOWS\\system32\\iCssam.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}\InprocServer32]
@="C:\\WINDOWS\\system32\\eocwiab.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}\InprocServer32]
@="C:\\WINDOWS\\system32\\nqobjapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}\InprocServer32]
@="C:\\WINDOWS\\system32\\pkchdprf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}\InprocServer32]
@="C:\\WINDOWS\\system32\\oabc16gt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}\InprocServer32]
@="C:\\WINDOWS\\system32\\xvnroll.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}\InprocServer32]
@="C:\\WINDOWS\\system32\\iFspolcy.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}\InprocServer32]
@="C:\\WINDOWS\\system32\\minetobj.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}\InprocServer32]
@="C:\\WINDOWS\\system32\\bvowselc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}\InprocServer32]
@="C:\\WINDOWS\\system32\\JCGI500.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}\InprocServer32]
@="C:\\WINDOWS\\system32\\EZBTEG.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}\InprocServer32]
@="C:\\WINDOWS\\system32\\aycups.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}\InprocServer32]
@="C:\\WINDOWS\\system32\\igv6mon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}\InprocServer32]
@="C:\\WINDOWS\\system32\\oqbccr32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}\InprocServer32]
@="C:\\WINDOWS\\system32\\awi2dvag.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}\InprocServer32]
@="C:\\WINDOWS\\system32\\scdocvw.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}\InprocServer32]
@="C:\\WINDOWS\\system32\\mqpmsnsv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}\InprocServer32]
@="C:\\WINDOWS\\system32\\rFsman.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}\InprocServer32]
@="C:\\WINDOWS\\system32\\uglmon.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}\InprocServer32]
@="C:\\WINDOWS\\system32\\dCdramp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}\InprocServer32]
@="C:\\WINDOWS\\system32\\dfsapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}\InprocServer32]
@="C:\\WINDOWS\\system32\\sxc_os.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}\InprocServer32]
@="C:\\WINDOWS\\system32\\srarddlg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}\InprocServer32]
@="C:\\WINDOWS\\system32\\nstmsg.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}\InprocServer32]
@="C:\\WINDOWS\\system32\\wqvdmoe.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1 022 976 999,00 K
cdfview.dll Fri 21 Oct 2005 4:41:00 A.... 152 064 148,50 K
danim.dll Sat 5 Nov 2005 4:17:22 A.... 1 056 768 1,01 M
dxtrans.dll Fri 21 Oct 2005 4:41:00 A.... 205 312 200,50 K
esent.dll Thu 20 Oct 2005 23:25:54 A.... 1 097 728 1,05 M
extmgr.dll Fri 21 Oct 2005 4:41:00 A.... 55 808 54,50 K
iepeers.dll Fri 21 Oct 2005 4:41:00 A.... 251 392 245,50 K
inseng.dll Fri 21 Oct 2005 4:41:00 A.... 96 768 94,50 K
msctl32.dll Wed 4 Jan 2006 23:06:26 A.... 62 464 61,00 K
mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3 013 632 2,87 M
mshtmled.dll Fri 21 Oct 2005 4:41:04 A.... 448 512 438,00 K
msrating.dll Fri 21 Oct 2005 4:41:04 A.... 146 432 143,00 K
mstime.dll Fri 21 Oct 2005 4:41:04 A.... 530 944 518,50 K
pngfilt.dll Fri 21 Oct 2005 4:41:04 A.... 39 424 38,50 K
shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1 492 992 1,42 M
shlwapi.dll Fri 21 Oct 2005 4:41:04 A.... 474 112 463,00 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K
spmsg.dll Thu 13 Oct 2005 0:15:26 ..... 15 072 14,72 K
urlmon.dll Sat 5 Nov 2005 4:17:26 A.... 606 208 592,00 K
wininet.dll Fri 21 Oct 2005 4:41:06 A.... 662 528 647,00 K

20 items found: 20 files, 0 directories.
Total of file sizes: 11 549 920 bytes 11,01 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 84FD-C885

R‚pertoire de C:\WINDOWS\System32

25/10/2005 21:39 <REP> dllcach
0
Réponse 3 / 31
bernie61
 
ok
relances avec option 2
a+
0
Réponse 4 / 31
valerie
 
J'ai fait l'option 2 de l2mfix. Voici le log obtenu :

L2Mfix 1.03

Running From:
C:\DOCUME~1\VALRIE~1\Bureau\l2mfix

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

Setting registry permissions:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
- removing existing ACCESS DENY entry

Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE

Setting up for Reboot

Starting Reboot!

Je vais faire un HJT . A +
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 31
valérie
 
Voici donc le rapport de HJT :

Logfile of HijackThis v1.99.0
Scan saved at 22:15:25, on 05/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inet20003\services.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\pccguide.exe
C:\Program Files\Trend Micro\PCCClient.exe
C:\Program Files\Trend Micro\Pop3trap.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\WINDOWS\system32\paytime.exe
C:\Program Files\Trend Micro\WebTrap.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\inet20003\mm4.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\fotowin\RTETPISv.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Tmntsrv.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\Program Files\Trend Micro\PCCPFW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.00.13.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Bon courage et merci
0
Réponse 6 / 31
bernie61
 
resalut
j espère n'avoir rien oublié, lol,

0. Installe ce nettoyeur CCLEANER http://www.ccleaner.com/ ou lien direct là http://www.filehippo.com/download_ccleaner.html (la flèche)
Tutorial là http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ensuite
*Configure ton ordi pour tous scan à exécuter complétement, il faut pouvoir scanner tous les dossiers caché et système donc faire :
Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher
- masquer fichiers protégés du dossier système
Puis cliquer APPLIQUER à TOUS les Dossiers

1. à vérifier là http://virusscan.jotti.org/ fichier par fichier Parcourir puis SUBMIT lance ce multiple scanneur antivirus)
C:\WINDOWS\htpatch.exe

2. Relances Hijackthis et coche (puis FIX)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.00.13.dll
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe

3. Effacer ces programmes .EXE et .DLL( et à la fin vider la corbeille)
C:\WINDOWS\inet20003\ > le répertoire
C:\WINDOWS\system32\paytime.exe

5. vider les répertoires temps et la corbeille, en lançant Ccleaner
Refais un hijackthis de contrôle et dis nous où en sont les problèmes

a+
0
valérie
 
J'ai besoin de qq précisions .
A l'étape 0, faut -il lancer le CCleaner avant

*Configure ton ordi pour tous scan à......

ou après ? En plus qd on fait cette config le bouton APPLIQUER A TOUS LES DOSSIERS n'est pas actif.

A+
0
Réponse 7 / 31
incognito02 Messages postés 3487 Statut Contributeur 138
 
Salut Bernie ....

Ca ressemble à du smitfraud, tu ne trouves pas ?

A+
0
bernie61
 
salut
merci, c'est en effet aussi possible mais au départ son infection est look2me qu on nettoie avec l2mfix

valérie,
passes ce smitfrau comme nous ne conseilles incognito,
option 1 puis 2
http://users.skynet.be/BernieClub/#frau
a+
0
Réponse 8 / 31
valérie
 
Voici le rapport SMITFRAUDfIX OPTION 1

SmitFraudFix v2.11

Rapport fait à 23:17:43,42 le 05/01/2006
Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

C:\WINDOWS\kl.exe PRESENT !
C:\WINDOWS\icont.exe PRESENT !
C:\WINDOWS\tool1.exe PRESENT !
C:\WINDOWS\tool4.exe PRESENT !
C:\WINDOWS\tool5.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

C:\WINDOWS\system32\paytime.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Val‚rie\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"
"{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}"="OutPost FireWall"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

je lance l'option 2
0
Réponse 9 / 31
bernie61
 
re
oui ok
0
Réponse 10 / 31
valérie
 
Voici le rapport de l'option 2 du smitfraud :

SmitFraudFix v2.11

Rapport fait à 23:50:02,51 le 05/01/2006
Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Voici le rapport de l'HJT :

Logfile of HijackThis v1.99.0
Scan saved at 23:54:50, on 05/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inet20003\services.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\pccguide.exe
C:\Program Files\Trend Micro\PCCClient.exe
C:\Program Files\Trend Micro\Pop3trap.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\Trend Micro\WebTrap.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\inet20003\mm4.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\fotowin\RTETPISv.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\Program Files\Trend Micro\Tmntsrv.exe
C:\Program Files\Trend Micro\PCCPFW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Bon courage !! A +
0
Réponse 11 / 31
bernie61
 
re
relance smitfrau option 1 puis option2
reposte ensuite un Hijack
a+
0
Réponse 12 / 31
bernie61
 
j'insiste sur option2 en mode sans échec stp
a+
0
Réponse 13 / 31
valérie
 
La chasse reprend....
Voici :

1 ) le rapport de Smitfraud option 1

SmitFraudFix v2.11

Rapport fait à 17:46:07,90 le 06/01/2006
Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Val‚rie\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Voici le rapport Smitfraud option 2 en mode sans échec :

SmitFraudFix v2.11

Rapport fait à 17:50:44,17 le 06/01/2006
Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

et enfin l'HJT :

Logfile of HijackThis v1.99.0
Scan saved at 17:54:30, on 06/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inet20003\services.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\pccguide.exe
C:\Program Files\Trend Micro\PCCClient.exe
C:\Program Files\Trend Micro\Pop3trap.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\inet20003\mm4.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\fotowin\RTETPISv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Tmntsrv.exe
C:\Program Files\Trend Micro\PCCPFW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

Je l'avais déjà fait hier soir ....

Faut-il désactiver la restauration du système avt de faire ttes ces manip ?

Encore merci
0
Réponse 14 / 31
bernie61
 
bonsoir
désactiver restauration et vider fais ça après nettouyage quand il n'y aura plus de pbm

*Configure ton ordi pour tous scan à exécuter complétement, il faut pouvoir scanner tous les dossiers caché et système donc faire :
Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher
- masquer fichiers protégés du dossier système
Puis cliquer APPLIQUER à TOUS les Dossiers

1. à vérifier là http://virusscan.jotti.org/ fichier par fichier Parcourir puis SUBMIT lance ce multiple scanneur antivirus)
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe

2. Relances Hijackthis et coche (puis FIX)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe

3. Effacer ces programmes .EXE et .DLL( et à la fin vider la corbeille)
C:\WINDOWS\inet20003\ > le répertoire
C:\WINDOWS\system32\paytime.exe

puis ccleaner et un nouveau Hijack
a+
0
Réponse 15 / 31
valérie
 
re
le bouton "APPLIQUER A TOUS LES DOSSIERS " n'est pas opérationnel, je n'ai que le choix en bas de la fenêtre à droite de APPLIQUER
dois-je continuer le reste malgré ça ?

A+
0
Réponse 16 / 31
bernie61
 
re
tu es admnistrateur? si pas log to sous un nom qui administrateur

sinon continue
a+
0
valérie
 
Voici le rapport HJT après avoir supp les temps et vidé la corbeille :

Logfile of HijackThis v1.99.0
Scan saved at 22:49:42, on 06/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\fotowin\RTETPISv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inet20003\services.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\pccguide.exe
C:\Program Files\Trend Micro\PCCClient.exe
C:\Program Files\Trend Micro\Pop3trap.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Trend Micro\WebTrap.EXE
C:\Program Files\Trend Micro\PCCPFW.exe
C:\WINDOWS\inet20003\mm4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
0
Réponse 17 / 31
valerie
 
Je pense être administrateur (pas de mutisessions qd je démarre le PC).
J'ai déjà continué.

Impossible de supprimer (même avec chaos schreder) : dans inet 20003 mm4.exe et services.exe
imp. trouver paytime.exe

Je lance un CCcleaner et HJT
A+
0
Réponse 18 / 31
Utilisateur anonyme
 
salut Valerie

Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.

PS:Bernie n a pas l air trop en accord avec ce prog lol
0
Réponse 19 / 31
Utilisateur anonyme
 
Tu peux faire ce que je te proposes au 20?

Merci
0
Réponse 20 / 31
bernie61
 
salut régis
on a déjà passe Smitfrau san résultat

valérie, utilise l'effaceur de Hijack pour tous les fichiers dans inet2003

effaceur Hijackthis
ouvrir Hijackthis là en bas droite CONFIG puis onglet MISCtools, là " Delete a file on reboot ", cliq dessus et suivre chemin de fichier à effacer, il indique alors " voulez-vous redémarrer maintenant ", cliq sur NON si d'autres fichiers sont à sélectionner et à nouveau " Delete a file on reboot " .. puis cliq OUI quand tous les fichiers sont sélectionnés

a+
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses