Sujet Précédent Sujet Suivant

[Analyse de mon log hijackthis] aidez moi svp

Christophe -  
 Utilisateur anonyme -
bonjour... voila je suis infecté de spyware et j'ai déja essayé une dizaine d'antispyware mais rien n'y fait. svp aidez moi j'en peu plus ces popup me hante j'en ai une qui apparait tout les 4min.... je peu plus rien faire sans que sa soi coupé par une popup... voici mon log hijackthis.... merci d'avance et par pitié répondez moi vite....

Logfile of HijackThis v1.99.1
Scan saved at 19:20:40, on 25.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\mdms.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PC cloneur\TrueImageMonitor.exe
D:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam.exe
D:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
d:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
D:\Program Files\TrustSoft AntiSpyware\TrustSoftAntiSpyware.exe
D:\Program Files\Microsoft AntiSpyware\gcasServ.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HIJACKTHIS VF\hijackthis vf.exe
D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\PC cloneur\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SysMemory manager] d:\windows\system32\mdms.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [TrustSoftAntiSpyware] D:\Program Files\TrustSoft AntiSpyware\TrustSoftAntiSpyware.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WINSOS VERIFY] "D:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [pdfSaver3] "D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'mswsck2.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://mediamax.streamload.com/Upload/XUpload.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ShellCompatibility - D:\WINDOWS\system32\m482lelo1hqc.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
A voir également:

8 réponses

Réponse 1 / 8
elo2 Messages postés 986 Statut Membre 387
 
Salut,

Passe un coup d'ewido si tu ne l'as pas fait et renvoie un hijack.
Un peu de patience, tu auras des réponses mais la plupart du temps, c'est tard le soir,où tu as plus de chance d'avoir quelqu'un pour te renseigner.

Good luck

elo2
0
christophe
 
c es quoi ewido??? je m'excuse mais je suis un peu newb....

merci
0
elo2 Messages postés 986 Statut Membre 387 > christophe
 
C'est un anti-malware en ligne.
Il est très bien.
Tu peux me faire confiance. je viens de m'en servir.
J'ai eu des problèmes de virus. Deux nuits de suite avec un membre ccm pour en arriver à bout.

a+
0
elo2 Messages postés 986 Statut Membre 387 > christophe
 
Tiens, je t'envoie le lien.
http://www.ewido.net/fr/download.
0
Réponse 2 / 8
Kristopher Messages postés 3752 Statut Contributeur 106
 
Bonsoir Christophe et elo2,

Dans l'ordre :

Christophe - Désinstalle TrustSoft AntiSpyware car il est peu efficace :
https://www.01net.com/actualites/

Très important :
- Si tu n'en n'a pas, télécharge un firewall.
Par exemple, la version GRATUITE de ZoneAlarm® : https://www.zonealarm.com#9001;=fr

Les spywares ont fait des ravages :
-Télécharge et mets à jour SpyBot - Search & Destroy :
Spybot Search & Destroy
- Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou bien F5 selon la version de Windows) et tu choisis le mode sans échec). Puis, scanne ton PC avec SpyBot - Search & Destroy et supprime tout ce qu'il trouve.
- Reviens en mode normal et fais la vaccination.

Enfin

- Télécharge et scanne ton PC avec Ewido Security Suite : https://www.01net.com/telecharger/
Copie/colle le rapport sur le forum.

Bonne chance :)

++
0
Christophe
 
merci beaucoup... je vai faire ca et je vous tien au courant...

merci aussi a toi elo2...
0
elo2 Messages postés 986 Statut Membre 387 > Christophe
 
Il n'y a vraiment pas de quoi.

elo2
0
Kristopher Messages postés 3752 Statut Contributeur 106 > Christophe
 
Bonne nuit les gars et bonne chance Christophe :)

Kristopher

++
0
Christophe > Kristopher Messages postés 3752 Statut Contributeur
 
ça marche pas... :'( je vais peter un câble... bon la je fais un scan ewido et j'attend le rapport mais je viens juste d'ouvrir IE et paf!!! une popup.... grrrrrrrr.... ça m'énerve... mais je vous montre le rapport tout de suite...
0
Kristopher Messages postés 3752 Statut Contributeur 106 > Kristopher Messages postés 3752 Statut Contributeur
 
Salut

Qu'est ce qui ne marche pas ?

Es-tu sûr d'avoir effectué toutes les manip. du poste < 5 > ?

++
0
Réponse 3 / 8
elo2 Messages postés 986 Statut Membre 387
 
Il y a boulepate et aranjuez dans le coin.

Ils ne vont pas tarder à regarder ton message.

elo2
0
Réponse 4 / 8
Kristopher Messages postés 3752 Statut Contributeur 106
 
hello

colle un nouveau log HijackThi stp.

++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
elo2 Messages postés 986 Statut Membre 387
 
Hep,

Tu en es où ?
Faut pas baisser les bras.

La patience est toujours récompensé.

elo2
0
Réponse 6 / 8
christophe
 
voici mon new log hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 10:40:47, on 26.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PC cloneur\TrueImageMonitor.exe
D:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Steam.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
d:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\PC cloneur\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WINSOS VERIFY] "D:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [pdfSaver3] "D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'mswsck2.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://mediamax.streamload.com/Upload/XUpload.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ShellCompatibility - D:\WINDOWS\system32\n66qlgj516o.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Utilisateur anonyme
 
Salut,
fait ceci

Télécharge l2mfix
http://www.downloads.subratam.org/l2mfix.exe
Mets-le sur ton bureau.
Double-clique sur l2mfix.
Dans le dossier extrait, double clique l2mfix.bat et choisis l'option 1 puis clique sur entrée

Attend qu'il termine et copie et colle ici le rapport qu'il va te generer.
0
Réponse 7 / 8
christophe
 
le voili le voila:

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout]
"Asynchronous"=dword:00000000
"DllName"="D:\\WINDOWS\\system32\\n66qlgj516o.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{627D9967-428F-007D-58CE-76C0D27E4646}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de Bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{fc181130-05a0-11d6-8140-000102e745a6}"="Mon P910i"
"{E32FB507-BC02-4807-9D77-3D9FDB143F38}"=""
"{54F77DB8-046A-4970-945A-C27DFAD5EF6E}"=""
"{328B04E9-4B66-47CC-A509-58B9E8A1668C}"=""
"{6DB99982-8D17-4A9A-9506-EA4F848CDC2B}"=""
"{FE8E2B73-0AC5-426F-81C2-3CFDA22BBE2C}"=""
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{8A99B4C8-FD4E-492F-896B-FA0E0D19E933}"=""
"{DCFDEC89-4B9F-47CB-B6BF-A5037FE380E4}"=""
"{3FFD9E3F-8BB3-46A4-A1BD-978061EEDD04}"=""
"{D646A74F-101F-4313-B7FF-96D340F7AF66}"=""
"{A06C633F-4300-42BA-9957-B6B099214AB6}"=""
"{C7DB2569-4ED8-4011-A524-C1963ADF497C}"=""
"{6062B9B0-851A-4755-9DB2-842840A2C246}"=""
"{44B04FFC-515D-4A8D-BF20-D21D356445C6}"=""
"{0E04FBF4-3C99-4C9E-85F5-622A6F5822C0}"=""
"{970626D2-D153-4C72-B847-F6F556B6A4D2}"=""
"{88DCA3D2-1DAA-48EF-B67A-2B86981F3CEF}"=""
"{6F4955C2-CFB0-4006-934F-F05DEA00C8EE}"=""
"{9E16FF1D-31B9-475A-B285-E2EC69E0A487}"=""
"{E5D6F59A-A8FF-46C5-90B0-E9F2AC8246D1}"=""
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{7AB722DE-CDEF-4188-8FA3-E8B28F26C4DF}"=""
"{C682CEBB-FFCC-4C1A-8533-6AD5A595E522}"=""
"{155CEEC5-E9F7-4121-8DE4-A416C3A1E012}"=""
"{7AC4D3C7-9259-4F83-BB4C-40A918C2949D}"=""
"{497A0E52-D833-4A8E-AE16-CB738F318042}"=""
"{02D51435-C7EA-4A34-AB2F-D7E0D7D800FA}"=""
"{3FA23058-471B-48CB-81FF-8631847ADCDB}"=""
"{A5110426-177D-4e08-AB3F-785F10B4439C}"="Gestionnaire de fichiers Sony Ericsson"
"{1B13F0C1-B7F1-4457-9ACF-2916BCEDEFA6}"=""
"{3AFC775E-7A7B-4AEE-87FD-AB71FCF72E80}"=""
"{DB2450E5-E9D3-4E07-973B-54FA1E21565F}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E32FB507-BC02-4807-9D77-3D9FDB143F38}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E32FB507-BC02-4807-9D77-3D9FDB143F38}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E32FB507-BC02-4807-9D77-3D9FDB143F38}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E32FB507-BC02-4807-9D77-3D9FDB143F38}\InprocServer32]
@="D:\\WINDOWS\\system32\\turmsrv.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{54F77DB8-046A-4970-945A-C27DFAD5EF6E}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54F77DB8-046A-4970-945A-C27DFAD5EF6E}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54F77DB8-046A-4970-945A-C27DFAD5EF6E}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{54F77DB8-046A-4970-945A-C27DFAD5EF6E}\InprocServer32]
@="D:\\WINDOWS\\system32\\gvUnCompress.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6DB99982-8D17-4A9A-9506-EA4F848CDC2B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DB99982-8D17-4A9A-9506-EA4F848CDC2B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DB99982-8D17-4A9A-9506-EA4F848CDC2B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6DB99982-8D17-4A9A-9506-EA4F848CDC2B}\InprocServer32]
@="D:\\WINDOWS\\system32\\osbcji32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{FE8E2B73-0AC5-426F-81C2-3CFDA22BBE2C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE8E2B73-0AC5-426F-81C2-3CFDA22BBE2C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE8E2B73-0AC5-426F-81C2-3CFDA22BBE2C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{FE8E2B73-0AC5-426F-81C2-3CFDA22BBE2C}\InprocServer32]
@="D:\\WINDOWS\\system32\\sscpack.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{8A99B4C8-FD4E-492F-896B-FA0E0D19E933}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8A99B4C8-FD4E-492F-896B-FA0E0D19E933}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8A99B4C8-FD4E-492F-896B-FA0E0D19E933}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{8A99B4C8-FD4E-492F-896B-FA0E0D19E933}\InprocServer32]
@="D:\\WINDOWS\\system32\\mvimtf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DCFDEC89-4B9F-47CB-B6BF-A5037FE380E4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCFDEC89-4B9F-47CB-B6BF-A5037FE380E4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCFDEC89-4B9F-47CB-B6BF-A5037FE380E4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DCFDEC89-4B9F-47CB-B6BF-A5037FE380E4}\InprocServer32]
@="D:\\WINDOWS\\system32\\sdrio600.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3FFD9E3F-8BB3-46A4-A1BD-978061EEDD04}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3FFD9E3F-8BB3-46A4-A1BD-978061EEDD04}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3FFD9E3F-8BB3-46A4-A1BD-978061EEDD04}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3FFD9E3F-8BB3-46A4-A1BD-978061EEDD04}\InprocServer32]
@="D:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D646A74F-101F-4313-B7FF-96D340F7AF66}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D646A74F-101F-4313-B7FF-96D340F7AF66}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D646A74F-101F-4313-B7FF-96D340F7AF66}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D646A74F-101F-4313-B7FF-96D340F7AF66}\InprocServer32]
@="D:\\WINDOWS\\system32\\anrace.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A06C633F-4300-42BA-9957-B6B099214AB6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A06C633F-4300-42BA-9957-B6B099214AB6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A06C633F-4300-42BA-9957-B6B099214AB6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A06C633F-4300-42BA-9957-B6B099214AB6}\InprocServer32]
@="D:\\WINDOWS\\system32\\mbr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C7DB2569-4ED8-4011-A524-C1963ADF497C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7DB2569-4ED8-4011-A524-C1963ADF497C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7DB2569-4ED8-4011-A524-C1963ADF497C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C7DB2569-4ED8-4011-A524-C1963ADF497C}\InprocServer32]
@="D:\\WINDOWS\\system32\\iguv_32.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6062B9B0-851A-4755-9DB2-842840A2C246}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6062B9B0-851A-4755-9DB2-842840A2C246}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6062B9B0-851A-4755-9DB2-842840A2C246}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6062B9B0-851A-4755-9DB2-842840A2C246}\InprocServer32]
@="D:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{44B04FFC-515D-4A8D-BF20-D21D356445C6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44B04FFC-515D-4A8D-BF20-D21D356445C6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44B04FFC-515D-4A8D-BF20-D21D356445C6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{44B04FFC-515D-4A8D-BF20-D21D356445C6}\InprocServer32]
@="D:\\WINDOWS\\system32\\mjmxsdk.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0E04FBF4-3C99-4C9E-85F5-622A6F5822C0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0E04FBF4-3C99-4C9E-85F5-622A6F5822C0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0E04FBF4-3C99-4C9E-85F5-622A6F5822C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0E04FBF4-3C99-4C9E-85F5-622A6F5822C0}\InprocServer32]
@="D:\\WINDOWS\\system32\\mzminst.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{970626D2-D153-4C72-B847-F6F556B6A4D2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{970626D2-D153-4C72-B847-F6F556B6A4D2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{970626D2-D153-4C72-B847-F6F556B6A4D2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{970626D2-D153-4C72-B847-F6F556B6A4D2}\InprocServer32]
@="D:\\WINDOWS\\system32\\mraudite.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{88DCA3D2-1DAA-48EF-B67A-2B86981F3CEF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88DCA3D2-1DAA-48EF-B67A-2B86981F3CEF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88DCA3D2-1DAA-48EF-B67A-2B86981F3CEF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88DCA3D2-1DAA-48EF-B67A-2B86981F3CEF}\InprocServer32]
@="D:\\WINDOWS\\system32\\nxtman.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6F4955C2-CFB0-4006-934F-F05DEA00C8EE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F4955C2-CFB0-4006-934F-F05DEA00C8EE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F4955C2-CFB0-4006-934F-F05DEA00C8EE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6F4955C2-CFB0-4006-934F-F05DEA00C8EE}\InprocServer32]
@="D:\\WINDOWS\\system32\\cxwmdm.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9E16FF1D-31B9-475A-B285-E2EC69E0A487}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E16FF1D-31B9-475A-B285-E2EC69E0A487}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E16FF1D-31B9-475A-B285-E2EC69E0A487}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9E16FF1D-31B9-475A-B285-E2EC69E0A487}\InprocServer32]
@="D:\\WINDOWS\\system32\\mcltus40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E5D6F59A-A8FF-46C5-90B0-E9F2AC8246D1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E5D6F59A-A8FF-46C5-90B0-E9F2AC8246D1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E5D6F59A-A8FF-46C5-90B0-E9F2AC8246D1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E5D6F59A-A8FF-46C5-90B0-E9F2AC8246D1}\InprocServer32]
@="D:\\WINDOWS\\system32\\mzvideo.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7AB722DE-CDEF-4188-8FA3-E8B28F26C4DF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AB722DE-CDEF-4188-8FA3-E8B28F26C4DF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AB722DE-CDEF-4188-8FA3-E8B28F26C4DF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AB722DE-CDEF-4188-8FA3-E8B28F26C4DF}\InprocServer32]
@="D:\\WINDOWS\\system32\\ctmrepl.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C682CEBB-FFCC-4C1A-8533-6AD5A595E522}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C682CEBB-FFCC-4C1A-8533-6AD5A595E522}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C682CEBB-FFCC-4C1A-8533-6AD5A595E522}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C682CEBB-FFCC-4C1A-8533-6AD5A595E522}\InprocServer32]
@="D:\\WINDOWS\\system32\\tEpi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{155CEEC5-E9F7-4121-8DE4-A416C3A1E012}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{155CEEC5-E9F7-4121-8DE4-A416C3A1E012}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{155CEEC5-E9F7-4121-8DE4-A416C3A1E012}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{155CEEC5-E9F7-4121-8DE4-A416C3A1E012}\InprocServer32]
@="D:\\WINDOWS\\system32\\mqjet35.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7AC4D3C7-9259-4F83-BB4C-40A918C2949D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AC4D3C7-9259-4F83-BB4C-40A918C2949D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AC4D3C7-9259-4F83-BB4C-40A918C2949D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7AC4D3C7-9259-4F83-BB4C-40A918C2949D}\InprocServer32]
@="D:\\WINDOWS\\system32\\ivmp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{497A0E52-D833-4A8E-AE16-CB738F318042}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{497A0E52-D833-4A8E-AE16-CB738F318042}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{497A0E52-D833-4A8E-AE16-CB738F318042}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{497A0E52-D833-4A8E-AE16-CB738F318042}\InprocServer32]
@="D:\\WINDOWS\\system32\\cal3dv2.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{02D51435-C7EA-4A34-AB2F-D7E0D7D800FA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{02D51435-C7EA-4A34-AB2F-D7E0D7D800FA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{02D51435-C7EA-4A34-AB2F-D7E0D7D800FA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{02D51435-C7EA-4A34-AB2F-D7E0D7D800FA}\InprocServer32]
@="D:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3FA23058-471B-48CB-81FF-8631847ADCDB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3FA23058-471B-48CB-81FF-8631847ADCDB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3FA23058-471B-48CB-81FF-8631847ADCDB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3FA23058-471B-48CB-81FF-8631847ADCDB}\InprocServer32]
@="D:\\WINDOWS\\system32\\CkdbLangJA.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1B13F0C1-B7F1-4457-9ACF-2916BCEDEFA6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B13F0C1-B7F1-4457-9ACF-2916BCEDEFA6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B13F0C1-B7F1-4457-9ACF-2916BCEDEFA6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B13F0C1-B7F1-4457-9ACF-2916BCEDEFA6}\InprocServer32]
@="D:\\WINDOWS\\system32\\mqdxmlc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3AFC775E-7A7B-4AEE-87FD-AB71FCF72E80}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3AFC775E-7A7B-4AEE-87FD-AB71FCF72E80}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3AFC775E-7A7B-4AEE-87FD-AB71FCF72E80}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3AFC775E-7A7B-4AEE-87FD-AB71FCF72E80}\InprocServer32]
@="D:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{DB2450E5-E9D3-4E07-973B-54FA1E21565F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DB2450E5-E9D3-4E07-973B-54FA1E21565F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DB2450E5-E9D3-4E07-973B-54FA1E21565F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{DB2450E5-E9D3-4E07-973B-54FA1E21565F}\InprocServer32]
@="D:\\WINDOWS\\system32\\tad32.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

D:\WINDOWS\SYSTEM32\
browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1'022'976 999.00 K
cdfview.dll Fri 21 Oct 2005 4:41:00 A.... 152'064 148.50 K
danim.dll Sat 5 Nov 2005 4:17:22 A.... 1'056'768 1.01 M
dxtrans.dll Fri 21 Oct 2005 4:41:00 A.... 205'312 200.50 K
esent.dll Thu 20 Oct 2005 23:25:54 A.... 1'097'728 1.05 M
extmgr.dll Fri 21 Oct 2005 4:41:00 ..... 55'808 54.50 K
fontsub.dll Mon 17 Oct 2005 22:21:08 A.... 80'896 79.00 K
ftserui2.dll Wed 30 Nov 2005 14:12:44 A.... 48'631 47.49 K
gccoll~1.dll Tue 15 Nov 2005 12:12:08 A.... 126'680 123.71 K
gcunco~1.dll Tue 15 Nov 2005 12:12:06 A.... 95'448 93.21 K
gdi32.dll Thu 29 Dec 2005 3:56:04 A.... 280'064 273.50 K
hashlib.dll Tue 15 Nov 2005 12:12:08 A.... 117'976 115.21 K
hr6005~1.dll Mon 26 Dec 2005 10:45:34 ..S.R 234'096 228.61 K
iepeers.dll Fri 21 Oct 2005 4:41:00 A.... 251'392 245.50 K
inseng.dll Fri 21 Oct 2005 4:41:00 A.... 96'768 94.50 K
ir4ql5~1.dll Fri 16 Dec 2005 13:28:06 A.... 0 0.00 K
ivmp.dll Mon 26 Dec 2005 10:45:34 ..S.R 234'031 228.54 K
jt2607~1.dll Mon 26 Dec 2005 0:20:08 ..S.R 236'922 231.37 K
legitc~1.dll Fri 4 Nov 2005 16:27:24 A.... 534'280 521.76 K
mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3'013'632 2.87 M
mshtmled.dll Fri 21 Oct 2005 4:41:04 A.... 448'512 438.00 K
msrating.dll Fri 21 Oct 2005 4:41:04 A.... 146'432 143.00 K
mstime.dll Fri 21 Oct 2005 4:41:04 A.... 530'944 518.50 K
mv86l9~1.dll Tue 10 Jan 2006 5:34:02 ..S.R 237'292 231.73 K
n66qlg~1.dll Sun 25 Dec 2005 22:42:08 ..S.R 234'031 228.54 K
pngfilt.dll Fri 21 Oct 2005 4:41:04 A.... 39'424 38.50 K
setupnt.dll Sun 20 Nov 2005 19:54:56 A.... 37'888 37.00 K
shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1'492'992 1.42 M
shlwapi.dll Fri 21 Oct 2005 4:41:04 A.... 474'112 463.00 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118'784 116.00 K
snapapi.dll Sun 20 Nov 2005 19:54:54 A.... 126'976 124.00 K
spmsg.dll Thu 13 Oct 2005 0:15:26 ..... 15'072 14.72 K
sporder.dll Thu 1 Dec 2005 23:55:32 A.... 8'704 8.50 K
t2embed.dll Mon 17 Oct 2005 22:21:08 A.... 118'272 115.50 K
urlmon.dll Sat 5 Nov 2005 4:17:26 A.... 606'208 592.00 K
vsdata.dll Tue 15 Nov 2005 0:50:30 A.... 83'720 81.76 K
vsinit.dll Tue 15 Nov 2005 0:50:42 A.... 141'064 137.76 K
vsmonapi.dll Tue 15 Nov 2005 0:50:52 A.... 104'208 101.77 K
vspubapi.dll Tue 15 Nov 2005 0:50:56 A.... 227'088 221.77 K
vsregexp.dll Tue 15 Nov 2005 0:51:00 A.... 71'440 69.77 K
vsutil.dll Tue 15 Nov 2005 0:51:12 A.... 382'728 373.76 K
vsutil~1.dll Tue 15 Nov 2005 0:37:08 A.... 54'960 53.67 K
vsxml.dll Tue 15 Nov 2005 0:51:20 A.... 100'104 97.76 K
wininet.dll Fri 21 Oct 2005 4:41:06 A.... 662'528 647.00 K
zlcomm.dll Tue 15 Nov 2005 0:51:40 A.... 79'624 77.76 K
zlcommdb.dll Tue 15 Nov 2005 0:51:44 A.... 71'440 69.77 K

46 items found: 46 files (5 H/S), 0 directories.
Total of file sizes: 15'556'019 bytes 14.83 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur D s'appelle SYSTEM
Le num‚ro de s‚rie du volume est 5CFA-6EC9

R‚pertoire de D:\WINDOWS\System32

10.01.2006 05:34 237'292 mv86l9ls1.dll
26.12.2005 10:45 234'031 ivmp.dll
26.12.2005 10:45 234'096 hr6005jme.dll
26.12.2005 00:20 236'922 jt2607fse.dll
25.12.2005 22:42 234'031 n66qlgj516o.dll
25.12.2005 20:37 <REP> dllcache
20.11.2005 19:05 <REP> Microsoft
5 fichier(s) 1'176'372 octets
2 R‚p(s) 5'413'773'312 octets libres
0
Utilisateur anonyme
 
Oki fait ceci

Relances l2mfix.bat et sélectionne l'option 2
L'ordi va redémarrer automatiquement attend un peu sinon fait le de toi même
Recopie le rapport et colle le ici

Ensuite, relance HijackThis et colle le rapport ici
0
christophe
 
voila c'est fait mais l2mfix ne ma pas fait de rapport.

voila quand même mon rapport hijackthis:


Logfile of HijackThis v1.99.1
Scan saved at 11:08:24, on 26.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PC cloneur\TrueImageMonitor.exe
D:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
d:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\PC cloneur\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WINSOS VERIFY] "D:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [pdfSaver3] "D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'mswsck2.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://mediamax.streamload.com/Upload/XUpload.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: OptimalLayout - D:\WINDOWS\system32\n66qlgj516o.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Utilisateur anonyme > christophe
 
Oki pas grave il à fait son travail :-)

Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
O4 - HKCU\..\Run: [WINSOS VERIFY] "D:\Program Files\Winsos\WINSOS.EXE" MINI
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://mediamax.streamload.com/Upload/XUpload.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: OptimalLayout - D:\WINDOWS\system32\n66qlgj516o.dll (file missing)


Clique sur demarrer, poste de travail, D:, program files, cherche et supprime ce dossier:

Winsos

Clique sur demarrer, rechercher, cherche et supprime ce fichier:

WINSOS.EXE


tu as quoi comme logiciel anti-spyware?

Puis remet un rapport HijackThis
0
christophe > christophe
 
oki c'est fait. comme antispyware j'ai spybot et ewido.


voili le rapport:


Logfile of HijackThis v1.99.1
Scan saved at 11:30:20, on 26.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PC cloneur\TrueImageMonitor.exe
D:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
D:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
d:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\PC cloneur\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "D:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [pdfSaver3] "D:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'mswsck2.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - D:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Utilisateur anonyme > christophe
 
Oki

Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"


O10 - Broken Internet access because of LSP provider 'mswsck2.dll' missing


Clique sur demarrer, poste de travail, C:, program files, cherche et supprime ce dossier si present:

newdonet

Clique sur demarrer, rechercher, cherche et supprime ce fichier si present:

mswsck2.dll

Telecharge ces deux anti-spywares(gratuit)et scan ton pc:

Ad-Aware SE Personal:(en anglais)
Ad-aware
-Le patch pour le faire fonctionner Ad-Aware SE en français: Patch FR pour Ad-aware

spycatcher express free
http://www.tenebril.com/downloads/


Une fois que c'est fait, fais ceci:

¤Telecharge et installe ceci, dans la colonne de gauche clique sur "erreurs" coche toute les cases, puis clique en bas sur "chercher des erreurs" une fois finit, clique sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs

CCleaner:(à telecharger à côté de la fléche verte en haut à droite)
https://filehippo.com/download_ccleaner/


¤Telecharge ceci, installe le et clique en haut sur cleanup!Une fois qu'il à finit clique sur "close" et au message qui va apparaître tu choisis "oui"

Cleanup:
http://downloads.stevengould.org/cleanup/CleanUp40.exe


Puis dit nous ou en sont tes problémes
0
Réponse 8 / 8
christophe
 
ben ecoute ca a l'air de marcher.... en tout cas je n'ai plus de popup qui s'affiche. merci infiniment à tous et surtout à toi boulepate pour ta rapidité et la fiabilité de tes propos... merci mille fois....
0
Utilisateur anonyme
 
Derien, pense quand meme à installer les deux logiciel que je t'ai donné car ewido et spybot ne suffisent pas

A++ ;-)
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse
TI college plus (calculatrice probleme)
help39 -
Utilisateur anonyme -

3 réponses
Huawei P8 Lite "nouveau tag ajouté"
ArianeKathleen -
Mn -

25 réponses
Nouveau tag ajouté - Utilité
Eerfers -
madmyke -

1 réponse