A voir également:
- Trojan CHOPHAR.A
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Win32 trojan gen - Forum Virus / Sécurité
- Windows defender avertissement de sécurité trojan spyware - Forum Windows 10
- Trojan wacatac ✓ - Forum Virus / Sécurité
- Trojan agent ✓ - Forum Virus / Sécurité
31 réponses
Sur l2mfix.bat j'ai vu :
1 sans le #. Voici le log obtenu
L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{50075C1D-F3EE-9492-2C2C-E5D5AC22F1A1}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}"=""
"{AD9D7765-FA22-4B12-8AD8-10F8318A95F1}"=""
"{3D896570-5D81-4CE5-B8BB-01310081EAA5}"=""
"{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}"=""
"{2A521742-CE4D-41A7-83F9-D094C22DB570}"=""
"{68B871F2-68FC-4125-A173-8C30C7C91D96}"=""
"{7D7169EC-BB29-4028-BDE0-440913B7348B}"=""
"{C4F40C09-A789-4E6A-8581-BC62781D4965}"=""
"{BEB2A1FC-CE21-420C-832E-2309FE2119E7}"=""
"{34808D6C-2603-48D4-B360-B262DD5790A6}"=""
"{C8B0E3DE-63DF-4297-8753-1ADE95B59305}"=""
"{4C0EC831-B267-441B-9C5C-5518E201AAA2}"=""
"{B8476785-BE60-4931-A4DF-F98DA9C4932C}"=""
"{8EF1A676-280A-440D-BDE5-D895797A91A8}"=""
"{B6102B5F-84B0-4392-842D-CACEE4D574FD}"=""
"{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}"=""
"{F7462E29-A6E5-4717-A540-547B1A797B63}"=""
"{87F612EE-5CF0-4FED-94FD-A83744369D59}"=""
"{01AB6D20-3924-4852-AE59-7A35261F7129}"=""
"{77FD83F0-3477-409A-AE73-D0D81DA02E0E}"=""
"{AA077F12-114A-4F74-BC80-95E26D9CC68C}"=""
"{BEBD263F-4658-413D-9293-2830DCDE481A}"=""
"{F9F59919-A8CE-4C8F-B432-04917950368F}"=""
"{2330E860-A37D-4437-A245-AC1E08C74AE1}"=""
"{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}"=""
"{9172625E-DCED-458D-9BA0-6098A7F82558}"=""
"{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}"=""
"{7B444A6E-77B2-41D2-A65A-7E491C71F864}"=""
"{40174362-F82C-4528-A6CB-545DAEFEFCFC}"=""
"{81F7AB02-3B9E-4B81-8085-273F477CA092}"=""
"{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}"=""
"{D10C07E1-F982-42E4-B7E2-452155E6751E}"=""
"{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}"=""
"{C62DA77A-D33C-4AB8-8539-5799380ED942}"=""
"{66751893-2D51-4F67-B998-B70D873A382F}"=""
"{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}"=""
"{23103B7C-D11C-43CE-971B-A534F14CD2FE}"=""
"{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}"=""
"{85EB4C38-BF06-4115-8C15-CB09C963414F}"=""
"{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}"=""
"{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}"=""
"{641D2038-0C56-4FF3-8A7D-60E1D362F05F}"=""
"{E145054C-D350-429C-879A-392C7CE06EF9}"=""
"{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}"=""
"{37086980-7796-48D7-906F-DFA7D4CABD0C}"=""
"{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}"=""
"{33735CDD-36D0-4204-BFF6-877CDDC286D8}"=""
"{BC4AE231-8295-448B-99FD-5ACCEA99D543}"=""
"{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}"=""
"{722E3735-A6F6-43DC-A477-6C105AAC6000}"=""
"{8D86A429-BDE1-4FE6-9AC1-D08F10232669}"=""
"{1BD97DE5-4056-4A5D-83FF-6598513B6E38}"=""
"{24D2C94F-9D50-48DF-8A9E-395D90BE3765}"=""
"{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}"=""
"{95BB053A-7B11-4EF6-A7B5-2958228BD37B}"=""
"{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}"=""
"{AD7279E1-AC70-4095-A6C7-19C3887EE597}"=""
"{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}"=""
"{A89EE47D-F547-46BF-BCF3-D8471F33235C}"=""
"{A3842520-5AB6-4275-95BC-926F2CC1A22D}"=""
"{871B7818-5827-4FE3-85CB-A9F844F5D7BE}"=""
"{2A021736-1362-46A8-BF28-EA33C6499AB8}"=""
"{EB519BAF-3323-4FBC-991B-EEE409D678B7}"=""
"{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}"=""
"{9220559D-23BF-4771-93F4-C9E4F17CAB74}"=""
"{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}"=""
"{3420872F-9A5A-4308-85F7-DFDE2FA5A571}"=""
"{8528AFCA-B870-492C-A97D-A6BE6E713F43}"=""
"{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}"=""
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{8FBB88C9-90C0-4891-A083-2C7309744495}"=""
"{48F45200-91E6-11CE-8A4F-0080C81A28D4}"="TMD Shell Extension"
"{771A9DA0-731A-11CE-993C-00AA004ADB6C}"="VBPropSheet"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}\InprocServer32]
@="C:\\WINDOWS\\system32\\dumsrpcn.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}\InprocServer32]
@="C:\\WINDOWS\\system32\\igenginenew.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkgeng.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwidle.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}\InprocServer32]
@="C:\\WINDOWS\\system32\\pjcCllct.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}\InprocServer32]
@="C:\\WINDOWS\\system32\\wP2time.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}\InprocServer32]
@="C:\\WINDOWS\\system32\\kndusx.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}\InprocServer32]
@="C:\\WINDOWS\\system32\\sypblb.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}\InprocServer32]
@="C:\\WINDOWS\\system32\\amivvaxx.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}\InprocServer32]
@="C:\\WINDOWS\\system32\\smdocvw.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}\InprocServer32]
@="C:\\WINDOWS\\system32\\jkcript.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}\InprocServer32]
@="C:\\WINDOWS\\system32\\cVtsrvut.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwglibnt.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}\InprocServer32]
@="C:\\WINDOWS\\system32\\wU2time.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\EGAPI2.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}\InprocServer32]
@="C:\\WINDOWS\\system32\\tVpi32.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}\InprocServer32]
@="C:\\WINDOWS\\system32\\eifpixio130.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}\InprocServer32]
@="C:\\WINDOWS\\system32\\ibseng.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}\InprocServer32]
@="C:\\WINDOWS\\system32\\murepl40.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}\InprocServer32]
@="C:\\WINDOWS\\system32\\mnw3prt.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}\InprocServer32]
@="C:\\WINDOWS\\system32\\whspdmoe.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}\InprocServer32]
@="C:\\WINDOWS\\system32\\mJrmla911d.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}\InprocServer32]
@="C:\\WINDOWS\\system32\\kmdno1.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgsap.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}\InprocServer32]
@="C:\\WINDOWS\\system32\\dwnhpast.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}\InprocServer32]
@="C:\\WINDOWS\\system32\\fbsrch.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}\InprocServer32]
@="C:\\WINDOWS\\system32\\wrbvw.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}\InprocServer32]
@="C:\\WINDOWS\\system32\\gD402ghmg64a2.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}\InprocServer32]
@="C:\\WINDOWS\\system32\\mujet40.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}\InprocServer32]
@="C:\\WINDOWS\\system32\\wjaudsdk.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}\InprocServer32]
@="C:\\WINDOWS\\system32\\HKActiveX.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\nqxpnt.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}\InprocServer32]
@="C:\\WINDOWS\\system32\\exent97.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}\InprocServer32]
@="C:\\WINDOWS\\system32\\swlgntfy.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}\InprocServer32]
@="C:\\WINDOWS\\system32\\nsprovau.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}\InprocServer32]
@="C:\\WINDOWS\\system32\\djlayx.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}\InprocServer32]
@="C:\\WINDOWS\\system32\\iCssam.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}\InprocServer32]
@="C:\\WINDOWS\\system32\\eocwiab.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}\InprocServer32]
@="C:\\WINDOWS\\system32\\nqobjapi.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}\InprocServer32]
@="C:\\WINDOWS\\system32\\pkchdprf.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}\InprocServer32]
@="C:\\WINDOWS\\system32\\oabc16gt.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}\InprocServer32]
@="C:\\WINDOWS\\system32\\xvnroll.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}\InprocServer32]
@="C:\\WINDOWS\\system32\\iFspolcy.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}\InprocServer32]
@="C:\\WINDOWS\\system32\\minetobj.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}\InprocServer32]
@="C:\\WINDOWS\\system32\\bvowselc.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}\InprocServer32]
@="C:\\WINDOWS\\system32\\JCGI500.DLL"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}\InprocServer32]
@="C:\\WINDOWS\\system32\\EZBTEG.DLL"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}\InprocServer32]
@="C:\\WINDOWS\\system32\\aycups.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}\InprocServer32]
@="C:\\WINDOWS\\system32\\igv6mon.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}\InprocServer32]
@="C:\\WINDOWS\\system32\\oqbccr32.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}\InprocServer32]
@="C:\\WINDOWS\\system32\\awi2dvag.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}\InprocServer32]
@="C:\\WINDOWS\\system32\\scdocvw.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}\InprocServer32]
@="C:\\WINDOWS\\system32\\mqpmsnsv.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}\InprocServer32]
@="C:\\WINDOWS\\system32\\rFsman.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}\InprocServer32]
@="C:\\WINDOWS\\system32\\uglmon.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}\InprocServer32]
@="C:\\WINDOWS\\system32\\dCdramp.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}\InprocServer32]
@="C:\\WINDOWS\\system32\\dfsapi.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}\InprocServer32]
@="C:\\WINDOWS\\system32\\sxc_os.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}\InprocServer32]
@="C:\\WINDOWS\\system32\\srarddlg.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}\InprocServer32]
@="C:\\WINDOWS\\system32\\nstmsg.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}\InprocServer32]
@="C:\\WINDOWS\\system32\\wqvdmoe.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1 022 976 999,00 K
cdfview.dll Fri 21 Oct 2005 4:41:00 A.... 152 064 148,50 K
danim.dll Sat 5 Nov 2005 4:17:22 A.... 1 056 768 1,01 M
dxtrans.dll Fri 21 Oct 2005 4:41:00 A.... 205 312 200,50 K
esent.dll Thu 20 Oct 2005 23:25:54 A.... 1 097 728 1,05 M
extmgr.dll Fri 21 Oct 2005 4:41:00 A.... 55 808 54,50 K
iepeers.dll Fri 21 Oct 2005 4:41:00 A.... 251 392 245,50 K
inseng.dll Fri 21 Oct 2005 4:41:00 A.... 96 768 94,50 K
msctl32.dll Wed 4 Jan 2006 23:06:26 A.... 62 464 61,00 K
mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3 013 632 2,87 M
mshtmled.dll Fri 21 Oct 2005 4:41:04 A.... 448 512 438,00 K
msrating.dll Fri 21 Oct 2005 4:41:04 A.... 146 432 143,00 K
mstime.dll Fri 21 Oct 2005 4:41:04 A.... 530 944 518,50 K
pngfilt.dll Fri 21 Oct 2005 4:41:04 A.... 39 424 38,50 K
shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1 492 992 1,42 M
shlwapi.dll Fri 21 Oct 2005 4:41:04 A.... 474 112 463,00 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K
spmsg.dll Thu 13 Oct 2005 0:15:26 ..... 15 072 14,72 K
urlmon.dll Sat 5 Nov 2005 4:17:26 A.... 606 208 592,00 K
wininet.dll Fri 21 Oct 2005 4:41:06 A.... 662 528 647,00 K
20 items found: 20 files, 0 directories.
Total of file sizes: 11 549 920 bytes 11,01 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 84FD-C885
R‚pertoire de C:\WINDOWS\System32
25/10/2005 21:39 <REP> dllcach
1 sans le #. Voici le log obtenu
L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{50075C1D-F3EE-9492-2C2C-E5D5AC22F1A1}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}"=""
"{AD9D7765-FA22-4B12-8AD8-10F8318A95F1}"=""
"{3D896570-5D81-4CE5-B8BB-01310081EAA5}"=""
"{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}"=""
"{2A521742-CE4D-41A7-83F9-D094C22DB570}"=""
"{68B871F2-68FC-4125-A173-8C30C7C91D96}"=""
"{7D7169EC-BB29-4028-BDE0-440913B7348B}"=""
"{C4F40C09-A789-4E6A-8581-BC62781D4965}"=""
"{BEB2A1FC-CE21-420C-832E-2309FE2119E7}"=""
"{34808D6C-2603-48D4-B360-B262DD5790A6}"=""
"{C8B0E3DE-63DF-4297-8753-1ADE95B59305}"=""
"{4C0EC831-B267-441B-9C5C-5518E201AAA2}"=""
"{B8476785-BE60-4931-A4DF-F98DA9C4932C}"=""
"{8EF1A676-280A-440D-BDE5-D895797A91A8}"=""
"{B6102B5F-84B0-4392-842D-CACEE4D574FD}"=""
"{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}"=""
"{F7462E29-A6E5-4717-A540-547B1A797B63}"=""
"{87F612EE-5CF0-4FED-94FD-A83744369D59}"=""
"{01AB6D20-3924-4852-AE59-7A35261F7129}"=""
"{77FD83F0-3477-409A-AE73-D0D81DA02E0E}"=""
"{AA077F12-114A-4F74-BC80-95E26D9CC68C}"=""
"{BEBD263F-4658-413D-9293-2830DCDE481A}"=""
"{F9F59919-A8CE-4C8F-B432-04917950368F}"=""
"{2330E860-A37D-4437-A245-AC1E08C74AE1}"=""
"{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}"=""
"{9172625E-DCED-458D-9BA0-6098A7F82558}"=""
"{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}"=""
"{7B444A6E-77B2-41D2-A65A-7E491C71F864}"=""
"{40174362-F82C-4528-A6CB-545DAEFEFCFC}"=""
"{81F7AB02-3B9E-4B81-8085-273F477CA092}"=""
"{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}"=""
"{D10C07E1-F982-42E4-B7E2-452155E6751E}"=""
"{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}"=""
"{C62DA77A-D33C-4AB8-8539-5799380ED942}"=""
"{66751893-2D51-4F67-B998-B70D873A382F}"=""
"{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}"=""
"{23103B7C-D11C-43CE-971B-A534F14CD2FE}"=""
"{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}"=""
"{85EB4C38-BF06-4115-8C15-CB09C963414F}"=""
"{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}"=""
"{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}"=""
"{641D2038-0C56-4FF3-8A7D-60E1D362F05F}"=""
"{E145054C-D350-429C-879A-392C7CE06EF9}"=""
"{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}"=""
"{37086980-7796-48D7-906F-DFA7D4CABD0C}"=""
"{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}"=""
"{33735CDD-36D0-4204-BFF6-877CDDC286D8}"=""
"{BC4AE231-8295-448B-99FD-5ACCEA99D543}"=""
"{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}"=""
"{722E3735-A6F6-43DC-A477-6C105AAC6000}"=""
"{8D86A429-BDE1-4FE6-9AC1-D08F10232669}"=""
"{1BD97DE5-4056-4A5D-83FF-6598513B6E38}"=""
"{24D2C94F-9D50-48DF-8A9E-395D90BE3765}"=""
"{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}"=""
"{95BB053A-7B11-4EF6-A7B5-2958228BD37B}"=""
"{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}"=""
"{AD7279E1-AC70-4095-A6C7-19C3887EE597}"=""
"{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}"=""
"{A89EE47D-F547-46BF-BCF3-D8471F33235C}"=""
"{A3842520-5AB6-4275-95BC-926F2CC1A22D}"=""
"{871B7818-5827-4FE3-85CB-A9F844F5D7BE}"=""
"{2A021736-1362-46A8-BF28-EA33C6499AB8}"=""
"{EB519BAF-3323-4FBC-991B-EEE409D678B7}"=""
"{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}"=""
"{9220559D-23BF-4771-93F4-C9E4F17CAB74}"=""
"{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}"=""
"{3420872F-9A5A-4308-85F7-DFDE2FA5A571}"=""
"{8528AFCA-B870-492C-A97D-A6BE6E713F43}"=""
"{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}"=""
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{8FBB88C9-90C0-4891-A083-2C7309744495}"=""
"{48F45200-91E6-11CE-8A4F-0080C81A28D4}"="TMD Shell Extension"
"{771A9DA0-731A-11CE-993C-00AA004ADB6C}"="VBPropSheet"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{36CA8492-EDE4-4B70-ACC1-E021556C6DFF}\InprocServer32]
@="C:\\WINDOWS\\system32\\dumsrpcn.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{3D896570-5D81-4CE5-B8BB-01310081EAA5}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{243DFE87-2E97-43FD-B8E4-2C51F5F54F97}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{68B871F2-68FC-4125-A173-8C30C7C91D96}\InprocServer32]
@="C:\\WINDOWS\\system32\\igenginenew.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7D7169EC-BB29-4028-BDE0-440913B7348B}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C4F40C09-A789-4E6A-8581-BC62781D4965}\InprocServer32]
@="C:\\WINDOWS\\system32\\dkgeng.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BEB2A1FC-CE21-420C-832E-2309FE2119E7}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwidle.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{34808D6C-2603-48D4-B360-B262DD5790A6}\InprocServer32]
@="C:\\WINDOWS\\system32\\pjcCllct.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C8B0E3DE-63DF-4297-8753-1ADE95B59305}\InprocServer32]
@="C:\\WINDOWS\\system32\\wP2time.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{4C0EC831-B267-441B-9C5C-5518E201AAA2}\InprocServer32]
@="C:\\WINDOWS\\system32\\kndusx.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8476785-BE60-4931-A4DF-F98DA9C4932C}\InprocServer32]
@="C:\\WINDOWS\\system32\\sypblb.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8EF1A676-280A-440D-BDE5-D895797A91A8}\InprocServer32]
@="C:\\WINDOWS\\system32\\amivvaxx.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B6102B5F-84B0-4392-842D-CACEE4D574FD}\InprocServer32]
@="C:\\WINDOWS\\system32\\smdocvw.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{5FE265F3-F69B-4BFA-B439-3AFE36E7E218}\InprocServer32]
@="C:\\WINDOWS\\system32\\jkcript.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F7462E29-A6E5-4717-A540-547B1A797B63}\InprocServer32]
@="C:\\WINDOWS\\system32\\cVtsrvut.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{87F612EE-5CF0-4FED-94FD-A83744369D59}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwglibnt.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{01AB6D20-3924-4852-AE59-7A35261F7129}\InprocServer32]
@="C:\\WINDOWS\\system32\\wU2time.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{77FD83F0-3477-409A-AE73-D0D81DA02E0E}\InprocServer32]
@="C:\\WINDOWS\\system32\\EGAPI2.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AA077F12-114A-4F74-BC80-95E26D9CC68C}\InprocServer32]
@="C:\\WINDOWS\\system32\\tVpi32.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BEBD263F-4658-413D-9293-2830DCDE481A}\InprocServer32]
@="C:\\WINDOWS\\system32\\eifpixio130.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{F9F59919-A8CE-4C8F-B432-04917950368F}\InprocServer32]
@="C:\\WINDOWS\\system32\\ibseng.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2330E860-A37D-4437-A245-AC1E08C74AE1}\InprocServer32]
@="C:\\WINDOWS\\system32\\murepl40.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9A5386C2-E06B-481F-B8C0-B1BB11E49F30}\InprocServer32]
@="C:\\WINDOWS\\system32\\mnw3prt.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9172625E-DCED-458D-9BA0-6098A7F82558}\InprocServer32]
@="C:\\WINDOWS\\system32\\whspdmoe.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{47D4FEC4-36BA-44E7-AB78-5F950A09B55D}\InprocServer32]
@="C:\\WINDOWS\\system32\\mJrmla911d.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7B444A6E-77B2-41D2-A65A-7E491C71F864}\InprocServer32]
@="C:\\WINDOWS\\system32\\kmdno1.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{40174362-F82C-4528-A6CB-545DAEFEFCFC}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgsap.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{81F7AB02-3B9E-4B81-8085-273F477CA092}\InprocServer32]
@="C:\\WINDOWS\\system32\\dwnhpast.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C80E9B29-6074-4A41-BC8C-AA371BE7FA31}\InprocServer32]
@="C:\\WINDOWS\\system32\\fbsrch.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D10C07E1-F982-42E4-B7E2-452155E6751E}\InprocServer32]
@="C:\\WINDOWS\\system32\\wrbvw.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CE8B9347-62AD-4EFC-B037-9AE9F54B5E13}\InprocServer32]
@="C:\\WINDOWS\\system32\\gD402ghmg64a2.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C62DA77A-D33C-4AB8-8539-5799380ED942}\InprocServer32]
@="C:\\WINDOWS\\system32\\mujet40.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{66751893-2D51-4F67-B998-B70D873A382F}\InprocServer32]
@="C:\\WINDOWS\\system32\\wjaudsdk.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C9C9B6DE-2AE3-45FC-8124-46CCCE2F77DF}\InprocServer32]
@="C:\\WINDOWS\\system32\\HKActiveX.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{23103B7C-D11C-43CE-971B-A534F14CD2FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\nqxpnt.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{44E0C500-B95E-4F3D-AA5E-9B18A59D0BD5}\InprocServer32]
@="C:\\WINDOWS\\system32\\exent97.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{85EB4C38-BF06-4115-8C15-CB09C963414F}\InprocServer32]
@="C:\\WINDOWS\\system32\\swlgntfy.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CB7F2289-C371-4B1E-9AF7-E1FBF8EA58B4}\InprocServer32]
@="C:\\WINDOWS\\system32\\nsprovau.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7E69DC2D-68B6-4CFA-A59D-294D839A1D29}\InprocServer32]
@="C:\\WINDOWS\\system32\\djlayx.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{641D2038-0C56-4FF3-8A7D-60E1D362F05F}\InprocServer32]
@="C:\\WINDOWS\\system32\\iCssam.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E145054C-D350-429C-879A-392C7CE06EF9}\InprocServer32]
@="C:\\WINDOWS\\system32\\eocwiab.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{CC05F399-9839-48CE-B2E9-85EE9B2F1BCC}\InprocServer32]
@="C:\\WINDOWS\\system32\\nqobjapi.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{37086980-7796-48D7-906F-DFA7D4CABD0C}\InprocServer32]
@="C:\\WINDOWS\\system32\\pkchdprf.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{C06541A1-DA75-4EAA-A0F0-C32EEE123F28}\InprocServer32]
@="C:\\WINDOWS\\system32\\oabc16gt.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{33735CDD-36D0-4204-BFF6-877CDDC286D8}\InprocServer32]
@="C:\\WINDOWS\\system32\\xvnroll.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BC4AE231-8295-448B-99FD-5ACCEA99D543}\InprocServer32]
@="C:\\WINDOWS\\system32\\iFspolcy.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{D7CEF9EC-5F8B-4407-8A98-D35B76F6E765}\InprocServer32]
@="C:\\WINDOWS\\system32\\minetobj.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{722E3735-A6F6-43DC-A477-6C105AAC6000}\InprocServer32]
@="C:\\WINDOWS\\system32\\bvowselc.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8D86A429-BDE1-4FE6-9AC1-D08F10232669}\InprocServer32]
@="C:\\WINDOWS\\system32\\JCGI500.DLL"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1BD97DE5-4056-4A5D-83FF-6598513B6E38}\InprocServer32]
@="C:\\WINDOWS\\system32\\EZBTEG.DLL"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{24D2C94F-9D50-48DF-8A9E-395D90BE3765}\InprocServer32]
@="C:\\WINDOWS\\system32\\aycups.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FBFC59C0-09D2-48B6-B7B7-B6DDA6C4B840}\InprocServer32]
@="C:\\WINDOWS\\system32\\igv6mon.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{95BB053A-7B11-4EF6-A7B5-2958228BD37B}\InprocServer32]
@="C:\\WINDOWS\\system32\\oqbccr32.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B02C7CAE-D25E-4AFF-B09C-E111BC901C10}\InprocServer32]
@="C:\\WINDOWS\\system32\\awi2dvag.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AD7279E1-AC70-4095-A6C7-19C3887EE597}\InprocServer32]
@="C:\\WINDOWS\\system32\\scdocvw.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{BDC12449-5A29-4A7C-86A2-F79D03ED7EE5}\InprocServer32]
@="C:\\WINDOWS\\system32\\mqpmsnsv.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A89EE47D-F547-46BF-BCF3-D8471F33235C}\InprocServer32]
@="C:\\WINDOWS\\system32\\rFsman.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A3842520-5AB6-4275-95BC-926F2CC1A22D}\InprocServer32]
@="C:\\WINDOWS\\system32\\uglmon.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{871B7818-5827-4FE3-85CB-A9F844F5D7BE}\InprocServer32]
@="C:\\WINDOWS\\system32\\dCdramp.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{2A021736-1362-46A8-BF28-EA33C6499AB8}\InprocServer32]
@="C:\\WINDOWS\\system32\\dfsapi.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{EB519BAF-3323-4FBC-991B-EEE409D678B7}\InprocServer32]
@="C:\\WINDOWS\\system32\\sxc_os.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DE49805A-6EDA-46FC-8B3A-D9BE05BEB82F}\InprocServer32]
@="C:\\WINDOWS\\system32\\srarddlg.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{9220559D-23BF-4771-93F4-C9E4F17CAB74}\InprocServer32]
@="C:\\WINDOWS\\system32\\nstmsg.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B8AD2277-D370-4CE4-B3D2-7CA70EF79E6F}\InprocServer32]
@="C:\\WINDOWS\\system32\\wqvdmoe.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{AFBBB8C4-4FA0-4DB9-AF0C-6CA78CE14C42}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{8FBB88C9-90C0-4891-A083-2C7309744495}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1 022 976 999,00 K
cdfview.dll Fri 21 Oct 2005 4:41:00 A.... 152 064 148,50 K
danim.dll Sat 5 Nov 2005 4:17:22 A.... 1 056 768 1,01 M
dxtrans.dll Fri 21 Oct 2005 4:41:00 A.... 205 312 200,50 K
esent.dll Thu 20 Oct 2005 23:25:54 A.... 1 097 728 1,05 M
extmgr.dll Fri 21 Oct 2005 4:41:00 A.... 55 808 54,50 K
iepeers.dll Fri 21 Oct 2005 4:41:00 A.... 251 392 245,50 K
inseng.dll Fri 21 Oct 2005 4:41:00 A.... 96 768 94,50 K
msctl32.dll Wed 4 Jan 2006 23:06:26 A.... 62 464 61,00 K
mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3 013 632 2,87 M
mshtmled.dll Fri 21 Oct 2005 4:41:04 A.... 448 512 438,00 K
msrating.dll Fri 21 Oct 2005 4:41:04 A.... 146 432 143,00 K
mstime.dll Fri 21 Oct 2005 4:41:04 A.... 530 944 518,50 K
pngfilt.dll Fri 21 Oct 2005 4:41:04 A.... 39 424 38,50 K
shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1 492 992 1,42 M
shlwapi.dll Fri 21 Oct 2005 4:41:04 A.... 474 112 463,00 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K
spmsg.dll Thu 13 Oct 2005 0:15:26 ..... 15 072 14,72 K
urlmon.dll Sat 5 Nov 2005 4:17:26 A.... 606 208 592,00 K
wininet.dll Fri 21 Oct 2005 4:41:06 A.... 662 528 647,00 K
20 items found: 20 files, 0 directories.
Total of file sizes: 11 549 920 bytes 11,01 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 84FD-C885
R‚pertoire de C:\WINDOWS\System32
25/10/2005 21:39 <REP> dllcach
J'ai fait l'option 2 de l2mfix. Voici le log obtenu :
L2Mfix 1.03
Running From:
C:\DOCUME~1\VALRIE~1\Bureau\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
- removing existing ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting up for Reboot
Starting Reboot!
Je vais faire un HJT . A +
L2Mfix 1.03
Running From:
C:\DOCUME~1\VALRIE~1\Bureau\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
- removing existing ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrateurs
(NI) ALLOW Full access AUTORITE NT\SYSTEM
(IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE
Setting up for Reboot
Starting Reboot!
Je vais faire un HJT . A +
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voici donc le rapport de HJT :
Logfile of HijackThis v1.99.0
Scan saved at 22:15:25, on 05/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inet20003\services.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\pccguide.exe
C:\Program Files\Trend Micro\PCCClient.exe
C:\Program Files\Trend Micro\Pop3trap.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\WINDOWS\system32\paytime.exe
C:\Program Files\Trend Micro\WebTrap.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\inet20003\mm4.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\fotowin\RTETPISv.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Tmntsrv.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\Program Files\Trend Micro\PCCPFW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.00.13.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Bon courage et merci
Logfile of HijackThis v1.99.0
Scan saved at 22:15:25, on 05/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inet20003\services.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\pccguide.exe
C:\Program Files\Trend Micro\PCCClient.exe
C:\Program Files\Trend Micro\Pop3trap.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\WINDOWS\system32\paytime.exe
C:\Program Files\Trend Micro\WebTrap.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\inet20003\mm4.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\fotowin\RTETPISv.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Tmntsrv.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\Program Files\Trend Micro\PCCPFW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.00.13.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Bon courage et merci
resalut
j espère n'avoir rien oublié, lol,
0. Installe ce nettoyeur CCLEANER http://www.ccleaner.com/ ou lien direct là http://www.filehippo.com/download_ccleaner.html (la flèche)
Tutorial là http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ensuite
*Configure ton ordi pour tous scan à exécuter complétement, il faut pouvoir scanner tous les dossiers caché et système donc faire :
Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher
- masquer fichiers protégés du dossier système
Puis cliquer APPLIQUER à TOUS les Dossiers
1. à vérifier là http://virusscan.jotti.org/ fichier par fichier Parcourir puis SUBMIT lance ce multiple scanneur antivirus)
C:\WINDOWS\htpatch.exe
2. Relances Hijackthis et coche (puis FIX)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.00.13.dll
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
3. Effacer ces programmes .EXE et .DLL( et à la fin vider la corbeille)
C:\WINDOWS\inet20003\ > le répertoire
C:\WINDOWS\system32\paytime.exe
5. vider les répertoires temps et la corbeille, en lançant Ccleaner
Refais un hijackthis de contrôle et dis nous où en sont les problèmes
a+
j espère n'avoir rien oublié, lol,
0. Installe ce nettoyeur CCLEANER http://www.ccleaner.com/ ou lien direct là http://www.filehippo.com/download_ccleaner.html (la flèche)
Tutorial là http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ensuite
*Configure ton ordi pour tous scan à exécuter complétement, il faut pouvoir scanner tous les dossiers caché et système donc faire :
Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher
- masquer fichiers protégés du dossier système
Puis cliquer APPLIQUER à TOUS les Dossiers
1. à vérifier là http://virusscan.jotti.org/ fichier par fichier Parcourir puis SUBMIT lance ce multiple scanneur antivirus)
C:\WINDOWS\htpatch.exe
2. Relances Hijackthis et coche (puis FIX)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.00.13.dll
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
3. Effacer ces programmes .EXE et .DLL( et à la fin vider la corbeille)
C:\WINDOWS\inet20003\ > le répertoire
C:\WINDOWS\system32\paytime.exe
5. vider les répertoires temps et la corbeille, en lançant Ccleaner
Refais un hijackthis de contrôle et dis nous où en sont les problèmes
a+
incognito02
Messages postés
3487
Date d'inscription
vendredi 28 octobre 2005
Statut
Contributeur
Dernière intervention
17 août 2008
138
5 janv. 2006 à 23:06
5 janv. 2006 à 23:06
Salut Bernie ....
Ca ressemble à du smitfraud, tu ne trouves pas ?
A+
Ca ressemble à du smitfraud, tu ne trouves pas ?
A+
salut
merci, c'est en effet aussi possible mais au départ son infection est look2me qu on nettoie avec l2mfix
valérie,
passes ce smitfrau comme nous ne conseilles incognito,
option 1 puis 2
http://users.skynet.be/BernieClub/#frau
a+
merci, c'est en effet aussi possible mais au départ son infection est look2me qu on nettoie avec l2mfix
valérie,
passes ce smitfrau comme nous ne conseilles incognito,
option 1 puis 2
http://users.skynet.be/BernieClub/#frau
a+
Voici le rapport SMITFRAUDfIX OPTION 1
SmitFraudFix v2.11
Rapport fait à 23:17:43,42 le 05/01/2006
Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
C:\WINDOWS\kl.exe PRESENT !
C:\WINDOWS\icont.exe PRESENT !
C:\WINDOWS\tool1.exe PRESENT !
C:\WINDOWS\tool4.exe PRESENT !
C:\WINDOWS\tool5.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
C:\WINDOWS\system32\paytime.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Val‚rie\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"
"{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}"="OutPost FireWall"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
je lance l'option 2
SmitFraudFix v2.11
Rapport fait à 23:17:43,42 le 05/01/2006
Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
C:\WINDOWS\kl.exe PRESENT !
C:\WINDOWS\icont.exe PRESENT !
C:\WINDOWS\tool1.exe PRESENT !
C:\WINDOWS\tool4.exe PRESENT !
C:\WINDOWS\tool5.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
C:\WINDOWS\system32\paytime.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Val‚rie\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"
"{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}"="OutPost FireWall"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
je lance l'option 2
Voici le rapport de l'option 2 du smitfraud :
SmitFraudFix v2.11
Rapport fait à 23:50:02,51 le 05/01/2006
Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
Voici le rapport de l'HJT :
Logfile of HijackThis v1.99.0
Scan saved at 23:54:50, on 05/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inet20003\services.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\pccguide.exe
C:\Program Files\Trend Micro\PCCClient.exe
C:\Program Files\Trend Micro\Pop3trap.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\Trend Micro\WebTrap.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\inet20003\mm4.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\fotowin\RTETPISv.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\Program Files\Trend Micro\Tmntsrv.exe
C:\Program Files\Trend Micro\PCCPFW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Bon courage !! A +
SmitFraudFix v2.11
Rapport fait à 23:50:02,51 le 05/01/2006
Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
Voici le rapport de l'HJT :
Logfile of HijackThis v1.99.0
Scan saved at 23:54:50, on 05/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inet20003\services.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\pccguide.exe
C:\Program Files\Trend Micro\PCCClient.exe
C:\Program Files\Trend Micro\Pop3trap.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\Trend Micro\WebTrap.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\inet20003\mm4.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\fotowin\RTETPISv.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\Program Files\Trend Micro\Tmntsrv.exe
C:\Program Files\Trend Micro\PCCPFW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Bon courage !! A +
La chasse reprend....
Voici :
1 ) le rapport de Smitfraud option 1
SmitFraudFix v2.11
Rapport fait à 17:46:07,90 le 06/01/2006
Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Val‚rie\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
Voici le rapport Smitfraud option 2 en mode sans échec :
SmitFraudFix v2.11
Rapport fait à 17:50:44,17 le 06/01/2006
Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
et enfin l'HJT :
Logfile of HijackThis v1.99.0
Scan saved at 17:54:30, on 06/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inet20003\services.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\pccguide.exe
C:\Program Files\Trend Micro\PCCClient.exe
C:\Program Files\Trend Micro\Pop3trap.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\inet20003\mm4.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\fotowin\RTETPISv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Tmntsrv.exe
C:\Program Files\Trend Micro\PCCPFW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Je l'avais déjà fait hier soir ....
Faut-il désactiver la restauration du système avt de faire ttes ces manip ?
Encore merci
Voici :
1 ) le rapport de Smitfraud option 1
SmitFraudFix v2.11
Rapport fait à 17:46:07,90 le 06/01/2006
Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Val‚rie\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
Voici le rapport Smitfraud option 2 en mode sans échec :
SmitFraudFix v2.11
Rapport fait à 17:50:44,17 le 06/01/2006
Executé à partir de C:\Documents and Settings\Val‚rie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
et enfin l'HJT :
Logfile of HijackThis v1.99.0
Scan saved at 17:54:30, on 06/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inet20003\services.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\pccguide.exe
C:\Program Files\Trend Micro\PCCClient.exe
C:\Program Files\Trend Micro\Pop3trap.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\inet20003\mm4.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\fotowin\RTETPISv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Tmntsrv.exe
C:\Program Files\Trend Micro\PCCPFW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Je l'avais déjà fait hier soir ....
Faut-il désactiver la restauration du système avt de faire ttes ces manip ?
Encore merci
bonsoir
désactiver restauration et vider fais ça après nettouyage quand il n'y aura plus de pbm
*Configure ton ordi pour tous scan à exécuter complétement, il faut pouvoir scanner tous les dossiers caché et système donc faire :
Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher
- masquer fichiers protégés du dossier système
Puis cliquer APPLIQUER à TOUS les Dossiers
1. à vérifier là http://virusscan.jotti.org/ fichier par fichier Parcourir puis SUBMIT lance ce multiple scanneur antivirus)
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
2. Relances Hijackthis et coche (puis FIX)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
3. Effacer ces programmes .EXE et .DLL( et à la fin vider la corbeille)
C:\WINDOWS\inet20003\ > le répertoire
C:\WINDOWS\system32\paytime.exe
puis ccleaner et un nouveau Hijack
a+
désactiver restauration et vider fais ça après nettouyage quand il n'y aura plus de pbm
*Configure ton ordi pour tous scan à exécuter complétement, il faut pouvoir scanner tous les dossiers caché et système donc faire :
Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher
- masquer fichiers protégés du dossier système
Puis cliquer APPLIQUER à TOUS les Dossiers
1. à vérifier là http://virusscan.jotti.org/ fichier par fichier Parcourir puis SUBMIT lance ce multiple scanneur antivirus)
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
2. Relances Hijackthis et coche (puis FIX)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O23 - Service: Journal des événements - Unknown - C:\WINDOWS\system32\services.exe
3. Effacer ces programmes .EXE et .DLL( et à la fin vider la corbeille)
C:\WINDOWS\inet20003\ > le répertoire
C:\WINDOWS\system32\paytime.exe
puis ccleaner et un nouveau Hijack
a+
re
le bouton "APPLIQUER A TOUS LES DOSSIERS " n'est pas opérationnel, je n'ai que le choix en bas de la fenêtre à droite de APPLIQUER
dois-je continuer le reste malgré ça ?
A+
le bouton "APPLIQUER A TOUS LES DOSSIERS " n'est pas opérationnel, je n'ai que le choix en bas de la fenêtre à droite de APPLIQUER
dois-je continuer le reste malgré ça ?
A+
re
tu es admnistrateur? si pas log to sous un nom qui administrateur
sinon continue
a+
tu es admnistrateur? si pas log to sous un nom qui administrateur
sinon continue
a+
Voici le rapport HJT après avoir supp les temps et vidé la corbeille :
Logfile of HijackThis v1.99.0
Scan saved at 22:49:42, on 06/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\fotowin\RTETPISv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inet20003\services.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\pccguide.exe
C:\Program Files\Trend Micro\PCCClient.exe
C:\Program Files\Trend Micro\Pop3trap.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Trend Micro\WebTrap.EXE
C:\Program Files\Trend Micro\PCCPFW.exe
C:\WINDOWS\inet20003\mm4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Logfile of HijackThis v1.99.0
Scan saved at 22:49:42, on 06/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\fotowin\RTETPISv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inet20003\services.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\pccguide.exe
C:\Program Files\Trend Micro\PCCClient.exe
C:\Program Files\Trend Micro\Pop3trap.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Trend Micro\WebTrap.EXE
C:\Program Files\Trend Micro\PCCPFW.exe
C:\WINDOWS\inet20003\mm4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\WINDOWS\ServicePackFiles\i386\IExplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Valérie\Mes documents\utilitaires\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\Pop3trap.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [second] C:\Documents and Settings\Val‚rie\Bureau\l2mfix\second.bat
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RTEGPRS] "C:\Program Files\Fichiers communs\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exe
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://els6.ac-toulouse.fr/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {952F9A71-131A-11D5-8404-00500445A7D0} (ActiveMiniplug Class) - https://intranet.unss.org/plugins/mplugax.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PC-cillin PersonalFirewall - Trend Micro Inc. - C:\Program Files\Trend Micro\PCCPFW.exe
O23 - Service: Plug-and-Play - Unknown - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RTE : Partage TAPI - Unknown - c:\fotowin\RTETPISv.exe
O23 - Service: Carte à puce - Unknown - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Tmntsrv.exe
O23 - Service: Cliché instantané de volume - Unknown - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Je pense être administrateur (pas de mutisessions qd je démarre le PC).
J'ai déjà continué.
Impossible de supprimer (même avec chaos schreder) : dans inet 20003 mm4.exe et services.exe
imp. trouver paytime.exe
Je lance un CCcleaner et HJT
A+
J'ai déjà continué.
Impossible de supprimer (même avec chaos schreder) : dans inet 20003 mm4.exe et services.exe
imp. trouver paytime.exe
Je lance un CCcleaner et HJT
A+
salut Valerie
Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
PS:Bernie n a pas l air trop en accord avec ce prog lol
Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
PS:Bernie n a pas l air trop en accord avec ce prog lol
salut régis
on a déjà passe Smitfrau san résultat
valérie, utilise l'effaceur de Hijack pour tous les fichiers dans inet2003
effaceur Hijackthis
ouvrir Hijackthis là en bas droite CONFIG puis onglet MISCtools, là " Delete a file on reboot ", cliq dessus et suivre chemin de fichier à effacer, il indique alors " voulez-vous redémarrer maintenant ", cliq sur NON si d'autres fichiers sont à sélectionner et à nouveau " Delete a file on reboot " .. puis cliq OUI quand tous les fichiers sont sélectionnés
a+
on a déjà passe Smitfrau san résultat
valérie, utilise l'effaceur de Hijack pour tous les fichiers dans inet2003
effaceur Hijackthis
ouvrir Hijackthis là en bas droite CONFIG puis onglet MISCtools, là " Delete a file on reboot ", cliq dessus et suivre chemin de fichier à effacer, il indique alors " voulez-vous redémarrer maintenant ", cliq sur NON si d'autres fichiers sont à sélectionner et à nouveau " Delete a file on reboot " .. puis cliq OUI quand tous les fichiers sont sélectionnés
a+