Ouverture automatique page DUF et ad-w-a-r-e

indise -  
 cereal -
Bonsoir,
J'ai windows XP, Kaspersky en tant quantivirus, Outpost Firewall et ccleaner, sensés éviter virus etc... Mais j'ai, toutes les 5 minutes, une connexion automatique à internet : soit une page nommée DUF, soit http://www.ad-w-a-r-e.com/cgi-bin/PopupV3?ID={E1A86ACB-9558-DB64-8871-BFAE63833636}&type=normal&mSkip=1&rnd=25892 qui s'ouvre. Aucune n'arrive à tourver un serveur, mais ca me pollue toutes mes actions sur mon ordi (je ne peux plus rien faire tant que je ne ferme pas ces 2 pages)...

Est-ce bien un virus et Que dois-je faire, SVP ??? Je scane plusieurs fois par jours mon pc par Kasper., ccleaner et outpost, sans succes, et j'ai même essayer d'autres antivirus etc... sans résultats...

Merci.
Indise

43 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une infection sur Windows XP provoque l'ouverture répétée de pages DUF et ad-w-a-r-e toutes les cinq minutes, bloquant l'utilisation normale de l'ordinateur et perturbant l'activité en ligne. Plusieurs échanges recommandent des outils de nettoyage comme L2MFix, HijackThis et SmitfraudFix et décrivent l'exécution de commandes et l'analyse de rapports pour identifier les redirections et les DLL malveillants. Les journaux HijackThis révèlent de nombreuses entrées suspectes dans les clés de démarrage et les paramètres IE, avec des barres d'outils et des processus ajoutés, confirmant une infection complexe. En complément, les retours indiquent qu'après exécution des solutions recommandées, des rapports et analyses réduisent les paramètres malicieux, mais nécessitent une vérification finale et des nettoyages répétés.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    Salut indise,

    Télécharge l2mfix ici:

    http://www.downloads.subratam.org/l2mfix.exe

    Double clic sur l2mfix.exe pour lancer l'extraction
    Dans le dossier l2mfix, double clic sur l2mfix.bat, appuie sur n'importe quelle touche puis choisis l'option #1 (et pas autre chose) et valide avec la touche entrée.
    Le bloc note va s'ouvrir avec le résultat du scan.
    Fais un copier coller du résultat ici.
    1
  2. indise
     
    MERCI pour ta réponse si rapide !!!! MERCI !
    Voici le résultat du rapport (tu dois etre super calé pour comprendre qq chose à ca ! ;) ).

    L2MFIX find log 010406
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\lvr2099oe.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{E1A86ACB-9558-DB64-8871-BFAE63833636}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de bureau"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
    "{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}"=""
    "{A6A26350-3063-4916-9A79-5237AE29D4E1}"=""
    "{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}"=""
    "{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}"=""
    "{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}"=""
    "{F13894C3-DFFE-4A12-8A41-794F0383C7C0}"=""
    "{EB7A4613-47D1-4713-BD98-DD72B20EC486}"=""
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}"=""
    "{280E9EF9-DD4F-4925-A9AA-E7396332762B}"=""
    "{18652A89-55D2-4E38-AC72-6A8E3F819F8F}"=""
    "{6930BD0F-D4BD-4E6E-A671-E422070D49A7}"=""
    "{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}"=""
    "{49CC63F8-458A-4599-8D6F-828C8CECD16D}"=""
    "{C9639FED-F69B-4BF8-ADC5-06146423F12F}"=""
    "{9201724C-C01B-428C-9DB1-090A6FD70D20}"=""
    "{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}"=""
    "{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nvmkcert.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\EpnClass.Dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mjvcp50.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dvnput8.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mmtlsapi.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mwfutil.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\InprocServer32]
    @="C:\\WINDOWS\\system32\\donhpast.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\InprocServer32]
    @="C:\\WINDOWS\\system32\\stbcsp.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wpv8dmod.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rXsmans.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\InprocServer32]
    @="C:\\WINDOWS\\system32\\drdskres.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ngwrshe.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\zlpfldr.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mgrecr40.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rRsmans.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}]
    @=""
    "IDEx"="AD"

    [HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rggwizc.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\InprocServer32]
    @="C:\\WINDOWS\\system32\\qesname.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    ail.dll Tue 31 Jan 2006 0:54:54 ..S.R 235 401 229,88 K
    atmtd.dll Mon 30 Jan 2006 23:19:50 A.... 687 592 671,48 K
    divx.dll Wed 18 Jan 2006 20:47:36 A.... 574 976 561,50 K
    donhpast.dll Wed 1 Feb 2006 7:25:34 ..S.R 234 241 228,75 K
    dpl100.dll Mon 26 Dec 2005 22:35:12 A.... 86 016 84,00 K
    dpu11.dll Fri 6 Jan 2006 17:34:58 A.... 294 912 288,00 K
    dpugui11.dll Fri 6 Jan 2006 17:35:00 A.... 593 920 580,00 K
    dpus11.dll Fri 6 Jan 2006 17:34:58 A.... 339 968 332,00 K
    drdskres.dll Thu 2 Feb 2006 0:15:56 ..S.R 235 805 230,28 K
    dtu100.dll Fri 6 Jan 2006 17:35:00 A.... 200 704 196,00 K
    dvnput8.dll Tue 31 Jan 2006 20:44:38 ..S.R 235 401 229,88 K
    ff_vfw.dll Thu 22 Dec 2005 21:31:16 A.... 6 144 6,00 K
    fpro03~1.dll Wed 1 Feb 2006 7:41:36 ..S.R 234 241 228,75 K
    hrjq05~1.dll Sat 4 Feb 2006 22:28:02 ..S.R 234 390 228,89 K
    j0j60a~1.dll Thu 2 Feb 2006 0:16:00 ..S.R 236 366 230,82 K
    libdivx.dll Fri 6 Jan 2006 17:17:36 A.... 1 044 480 1020,00 K
    lv0409~1.dll Tue 31 Jan 2006 22:39:14 ..S.R 236 287 230,75 K
    lvr209~1.dll Sat 4 Feb 2006 19:02:28 ..S.R 233 875 228,39 K
    mgrecr40.dll Fri 3 Feb 2006 0:46:14 ..S.R 237 132 231,57 K
    mjencode.dll Thu 2 Feb 2006 20:45:22 ..S.R 236 290 230,75 K
    mjvcp50.dll Tue 31 Jan 2006 20:16:38 ..S.R 234 680 229,18 K
    mmtlsapi.dll Tue 31 Jan 2006 20:53:10 ..S.R 236 025 230,49 K
    ngwrshe.dll Thu 2 Feb 2006 22:31:06 ..S.R 236 290 230,75 K
    o448le~1.dll Thu 2 Feb 2006 8:41:36 ..S.R 237 085 231,53 K
    o8480i~1.dll Mon 30 Jan 2006 23:59:40 ..S.R 235 120 229,61 K
    qesname.dll Sat 4 Feb 2006 22:28:02 ..S.R 233 875 228,39 K
    qt-dx331.dll Fri 6 Jan 2006 17:35:00 A.... 3 596 288 3,43 M
    rmoc3260.dll Tue 15 Nov 2005 9:38:10 A.... 176 167 172,04 K
    rrsmans.dll Fri 3 Feb 2006 0:47:44 ..S.R 234 169 228,68 K
    rsbdyctl.dll Thu 2 Feb 2006 8:41:32 ..S.R 236 290 230,75 K
    rxsmans.dll Thu 2 Feb 2006 0:00:24 ..S.R 236 290 230,75 K
    ssldivx.dll Fri 6 Jan 2006 17:17:36 A.... 200 704 196,00 K
    stbcsp.dll Wed 1 Feb 2006 21:50:42 ..S.R 235 571 230,05 K
    vp7vfw.dll Fri 2 Dec 2005 16:42:38 A.... 630 784 616,00 K
    wpv8dmod.dll Wed 1 Feb 2006 22:04:14 ..S.R 235 571 230,05 K
    xmmi.dll Mon 30 Jan 2006 15:16:20 A.... 139 264 136,00 K
    xvidcore.dll Fri 30 Dec 2005 20:10:30 A.... 761 856 744,00 K
    xvidvfw.dll Fri 30 Dec 2005 20:18:26 A.... 180 224 176,00 K
    zlpfldr.dll Thu 2 Feb 2006 23:58:56 ..S.R 234 169 228,68 K

    39 items found: 39 files (23 H/S), 0 directories.
    Total of file sizes: 14 928 563 bytes 14,23 M
    Locate .tmp files:

    No matches found.
    **********************************************************************************
    Directory Listing of system files:
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 6438-AA29

    R‚pertoire de C:\WINDOWS\System32

    04/02/2006 22:28 233ÿ875 qesname.dll
    04/02/2006 22:28 234ÿ390 hrjq0515e.dll
    04/02/2006 19:02 233ÿ875 lvr2099oe.dll
    03/02/2006 19:05 <REP> dllcache
    03/02/2006 00:47 234ÿ169 rRsmans.dll
    03/02/2006 00:46 237ÿ132 mgrecr40.dll
    02/02/2006 23:58 234ÿ169 zlpfldr.dll
    02/02/2006 22:31 236ÿ290 ngwrshe.dll
    02/02/2006 20:45 236ÿ290 mjencode.dll
    02/02/2006 08:41 237ÿ085 o448lehu1h48.dll
    02/02/2006 08:41 236ÿ290 rsbdyctl.dll
    02/02/2006 00:15 236ÿ366 j0j60a1sed.dll
    02/02/2006 00:15 235ÿ805 drdskres.dll
    02/02/2006 00:00 236ÿ290 rXsmans.dll
    01/02/2006 22:04 235ÿ571 wpv8dmod.dll
    01/02/2006 21:50 235ÿ571 stbcsp.dll
    01/02/2006 07:41 234ÿ241 fpro0393e.dll
    01/02/2006 07:25 234ÿ241 donhpast.dll
    31/01/2006 22:39 236ÿ287 lv0409dqe.dll
    31/01/2006 20:53 236ÿ025 mmtlsapi.dll
    31/01/2006 20:44 235ÿ401 dvnput8.dll
    31/01/2006 20:16 234ÿ680 mjvcp50.dll
    31/01/2006 00:54 235ÿ401 ail.dll
    30/01/2006 23:59 235ÿ120 o8480ihue8480.dll
    30/01/2006 23:03 <REP> Microsoft
    30/01/2006 15:17 405ÿ504 ??rvices.exe
    24 fichier(s) 5ÿ820ÿ068 octets
    2 R‚p(s) 24ÿ657ÿ412ÿ096 octets libres

    Merci
    0
  3. Utilisateur anonyme
     
    Re;
    MERCI pour ta réponse si rapide !!!! MERCI !
    De rien !

    Voici le résultat du rapport (tu dois etre super calé pour comprendre qq chose à ca ! ;) ).
    Suffit d'apprendre ;-)
    Calé, bha non, pas plus que ca lol.

    ***
    Maintenant relances l2mfix.bat
    et choisis l'option 2
    Il va te demander d'appuyer sur une touche pour redémarrer

    Puis lorsque tu reviens en mode normal, remet un lm2fix option 1

    a+

    0
    1. indise
       
      Euh, j'ai un petit problème, ca ne redemarre pas. voici ce que ca me dit :
      <1,2,3,4,5,E>2
      This fix will reboot automatically.
      Passeword will be entered automatically.
      Do not press any keys till instructed to.
      Entrée le mot de passe de L2MFIX :
      Tentative de lancement de C\WINDOWS\System32\second.bat en tant qu'utilisateur "BRUKAR\L2MFIX...
      Erreur de Runas : Impossible d'executer - C\WINDOWS\System32\second.bat
      1722 / Le serveur RPC n'est pas disponible.
      Processing Cleanup
      ......

      J'ai essayé plusieurs fois... mais pareil
      Mon effichage a "veilli"... (cmme sur windows 95) est-ce normal ?
      0
  4. Utilisateur anonyme
     
    Re,

    Pour l affichage c est pas grave...on te le remettra apres

    Bon, je pensais que ca allait passer comme sur des roulettes et puis il faut toujours des problemes lol

    télécharge HijackThis ici:
    http://www.hijackthis.de/downloads/hijackthis_199.zip

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (Merci a Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    +

    Lm2fix option 1

    Bon courage

    A+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. indise
     
    Voici le texte du bloc notes :

    Logfile of HijackThis v1.99.1
    Scan saved at 00:24:44, on 05/02/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\eee2.exe
    C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\KbdAp32A.exe
    C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\UnH Solutions\Easy Go Back\EasyGoBack.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijackthis_199\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
    O4 - HKLM\..\Run: [winsysban] C:\\winsysban5.exe
    O4 - HKLM\..\Run: [Winzip Application] winzip81.exe
    O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
    O4 - HKLM\..\Run: [ahmb] c:\windows\eee2.exe
    O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
    O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\KbdAp32A.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
    O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
    O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
    O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\RunServices: [Printer] C:\WINDOWS\System32\auditchk.exe
    O4 - HKLM\..\RunServices: [Winzip Application] winzip81.exe
    O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe
    O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-110-12-0000246.exe
    O4 - HKCU\..\Run: [EasyGoBack] "C:\Program Files\UnH Solutions\Easy Go Back\EasyGoBack.exe" -autorun
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)
    O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
    O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\lvr2099oe.dll
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YnJ1a2Fy\command.exe (file missing)
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe

    Merci
    0
    1. indise
       
      (ah oui, j'ai aussi relancé option 1)
      0
  7. Utilisateur anonyme
     
    Re,

    bon, y a du gros boulot, t es super infecté lol

    Télécharge ceci: (merci a S!RI pour ce petit programme).
    http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
    Copie/colle le sur le poste stp.

    *****
    Double click sur Smitfraudfix.cmd choisit l’option 3.Et rien de plus, ferme le et remet un hijack this stp

    a+

    0
  8. indise
     
    Voici le 1er rapport :

    SmitFraudFix v2.16

    Rapport fait à 0:31:54,18 le 05/02/2006
    Executé à partir de D:\logiciels\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\karbru\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin du rap

    Pour la 2e manip, j'ai reinitialisé

    Pour le 2e rapport :

    Logfile of HijackThis v1.99.1
    Scan saved at 00:36:04, on 05/02/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\eee2.exe
    C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\KbdAp32A.exe
    C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\UnH Solutions\Easy Go Back\EasyGoBack.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijackthis_199\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
    O4 - HKLM\..\Run: [winsysban] C:\\winsysban5.exe
    O4 - HKLM\..\Run: [Winzip Application] winzip81.exe
    O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe
    O4 - HKLM\..\Run: [ahmb] c:\windows\eee2.exe
    O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
    O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\KbdAp32A.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
    O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
    O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
    O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\RunServices: [Printer] C:\WINDOWS\System32\auditchk.exe
    O4 - HKLM\..\RunServices: [Winzip Application] winzip81.exe
    O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe
    O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-110-12-0000246.exe
    O4 - HKCU\..\Run: [EasyGoBack] "C:\Program Files\UnH Solutions\Easy Go Back\EasyGoBack.exe" -autorun
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)
    O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
    O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\lvr2099oe.dll
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YnJ1a2Fy\command.exe (file missing)
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
    0
  9. Utilisateur anonyme
     
    ok,
    j arrive avec une manipulation

    a+
    0
  10. Utilisateur anonyme
     
    Bonjour,

    Méthode à suivre dans l'ordre...
    ----------------------------------------------------------------------------
    ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:

    1/

    Spybot S&D 1.4 <<nouvelle version.
    http://www.safer-networking.org/fr/index.html

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/

    Ad-Aware SE 1.06 <<nouvelle version.
    http://www.lavasoftusa.com/software/adaware/
    -Une aide:
    http://www.tutopat.com/viewtopic.php?t=1191
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
    http://pageperso.aol.fr/balltrap34/adawrevid.asf

    3/ Ewido:
    http://download.ewido.net/ewido-setup.exe

    Installation puis mises à jour.
    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    ----------------------------------------------------------------------------
    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com

    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

    O3 - Toolbar: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)

    O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe

    O4 - HKLM\..\Run: [winsysban] C:\\winsysban5.exe

    O4 - HKLM\..\Run: [Winzip Application] winzip81.exe

    O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe

    O4 - HKLM\..\Run: [ahmb] c:\windows\eee2.exe

    O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe

    O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe

    O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe

    O4 - HKLM\..\Run: [wahm] C:\windows\eee2.exe

    O4 - HKLM\..\RunServices: [Printer] C:\WINDOWS\System32\auditchk.exe

    O4 - HKLM\..\RunServices: [Winzip Application] winzip81.exe

    O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe

    O4 - HKCU\..\Run: [Printer] C:\WINDOWS\System32\auditchk.exe

    O4 - HKCU\..\Run: [services32] C:\Program Files\Fichiers communs\Windows\mc-110-12-0000246.exe

    O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)

    O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll (file missing)

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

    O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\lvr2099oe.dll

    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YnJ1a2Fy\command.exe (file missing)

    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    ----------------------------------------------------------------------------
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Vide tes fichiers temps et temporary internet file:

    :: Supprimer les fichiers temporaires ::
    vider tout le contenu de ces dossiers.

    * C:\Documents and Settings\ton compte\Local Settings\Temp
    * C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
    * C:\Windows\Temp

    :: Le contenu du dossier prefetch ::

    * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

    * Ne pas oublier de vider la corbeille !
    ----------------------------------------------------------------------------
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    C:\windows\winsysupd5.exe
    C:\winsysban5.exe
    C:\WINDOWS\System32\winIogon.exe <--- Celui la fait attention, c est un "I" et non un "l"
    C:\gimmygames.exe
    C:\windows\eee2.exe
    winzip81.exe
    csrssv.exe
    C:\WINDOWS\System32\auditchk.exe
    C:\Program Files\Fichiers communs\Windows\mc-110-12-0000246.exe
    C:\Program Files\Freeprod Toolbar
    C:\WINDOWS\YnJ1a2Fy
    C:\Program Files\Network Monitor
    ----------------------------------------------------------------------------
    ¤Arrête ces services :

    Clique sur Démarrer->exécuter->tape: services.msc

    Double-clique: Service: : Command Service

    Règle-le sur "Arrêté" et "Désactivé".

    De meme avec: Network Monitor
    ----------------------------------------------------------------------------
    Lance lm2fix option 2, si tu as toujours le meme soucis, laisse tomber et continue la prochaine etape.
    ----------------------------------------------------------------------------
    ¤ Lancer et exécuter Ewido pour un scan complet et copier/coller le rapport en forum.
    ----------------------------------------------------------------------------
    ¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
    ----------------------------------------------------------------------------
    ¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
    -------------------------------------------------------------------------------------------
    ¤ Lance le nettoyage avec CCleaner.
    ----------------------------------------------------------------------------
    ¤ Vide ta Corbeille.
    ----------------------------------------------------------------------------
    ¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Précise tes soucis s’il en reste....

    Tiens-moi au courant

    A+
    0
  11. indise
     
    j'ai tout telechargé, mais je ne trouve pas "outils" dans le panneau de configuration. J'ai (apparence / connexion réseau / +- programmes / sons, voix et périph / perf et maintenace / imprimante et périph / comptes utilisateur / options régionales / options d'accessibilité ).
    J'ai un peu chercher mais pas "outils"...
    0
  12. Utilisateur anonyme
     
    Re,

    lol

    C est tout en haut, tu as fichiers et a coté outil; tu vois?

    Sinon, dans le poste de travail, tu peux l avoir aussi; c est a coté de fichier, edition...

    a+
    0
  13. indise
     
    Oh je suis bete ! Oui, je l'ai trouvé... je continue à suivre tes indications
    0
  14. Utilisateur anonyme
     
    lol
    C'est pas grave, quand on connait pas, on trouve pas toujours facilement, bon courage pour la suite

    a tout a l heure ou demain (si je deco, je te previens)
    0
  15. Utilisateur anonyme
     
    Re,

    j espere que t as reussi a tout executer, je ne peux pas rester plus lontemps, je me leve tot demain

    Bonne nuit ^^
    0
  16. indise
     
    Ca y est. J'ai fini.
    Les pages ad-w-a-r-e est tjrs là...
    J4ai pas réussit a effacer Netwok Monitor et deux fichiers (je n'ai pas trouver la quarantaine sur spybot)

    Voici le 1er rapport :
    Ewido

    HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl -> Spyware.MediaMotor : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Classes\IObjSafety.DemoCtl\Clsid -> Spyware.MediaMotor : Nettoyer et sauvegarder
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Spyware.MediaMotor : Nettoyer et sauvegarder
    HKU\.DEFAULT\Software\Avenue Media -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
    HKU\.DEFAULT\Software\DNS -> Adware.Shorty : Nettoyer et sauvegarder
    HKU\.DEFAULT\Software\Effective-i -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder
    HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder
    HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder
    HKU\.DEFAULT\Software\Maxthon\Plugin\toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E} -> Spyware.UCmore : Nettoyer et sauvegarder
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
    HKU\.DEFAULT\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
    HKU\S-1-5-21-57989841-73586283-1801674531-1003\Software\DNS -> Adware.Shorty : Nettoyer et sauvegarder
    HKU\S-1-5-18\Software\Avenue Media -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
    HKU\S-1-5-18\Software\DNS -> Adware.Shorty : Nettoyer et sauvegarder
    HKU\S-1-5-18\Software\Effective-i -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder
    HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder
    HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Nettoyer et sauvegarder
    HKU\S-1-5-18\Software\Maxthon\Plugin\toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E} -> Spyware.UCmore : Nettoyer et sauvegarder
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
    HKU\S-1-5-18\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Nettoyer et sauvegarder
    [688] C:\WINDOWS\system32\syell32.dll -> Spyware.Look2Me : Erreur durant le nettoyage
    [816] C:\WINDOWS\system32\syell32.dll -> Spyware.Look2Me : Erreur durant le nettoyage
    C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000401.asw -> Adware.CommAd : Nettoyer et sauvegarder
    C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\quarantine\00000402.asw -> Spyware.CommAd : Nettoyer et sauvegarder
    C:\WINDOWS\Downloaded Program Files\UERSV_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Nettoyer et sauvegarder
    C:\WINDOWS\system32\ail.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Nettoyer et sauvegarder
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@revenue[1].txt -> Spyware.Cookie.Revenue : Nettoyer et sauvegarder
    C:\WINDOWS\system32\donhpast.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\drdskres.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\dvnput8.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\fpro0393e.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\hrjq0515e.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\j0j60a1sed.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\lv0409dqe.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\lvr2099oe.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\mgrecr40.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\mjencode.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\mjvcp50.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\mmtlsapi.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\mvuni11.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\ngwrshe.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\o448lehu1h48.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\o8480ihue8480.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\ribdyctl.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\rRsmans.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\rsbdyctl.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\rXsmans.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\stbcsp.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\wpv8dmod.dll -> Spyware.Look2Me : Nettoyer et sauvegarder
    C:\WINDOWS\system32\zlpfldr.dll -> Spyware.Look2Me : Nettoyer et sauvegarder

    ::Fin du rapport

    2e rapport :

    Logfile of HijackThis v1.99.1
    Scan saved at 03:17:11, on 05/02/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
    C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\KbdAp32A.exe
    C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\UnH Solutions\Easy Go Back\EasyGoBack.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\hijackthis_199\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\KbdAp32A.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\305KS WIRELESS OPTICAL DESKSET\lwbwheel.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice
    O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [EasyGoBack] "C:\Program Files\UnH Solutions\Easy Go Back\EasyGoBack.exe" -autorun
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
    O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\l4j8le1u1h.dll
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe

    MERCI pout ton aide
    0
  17. indise
     
    Merci et bonne nuit.

    Je viendrais aux nouvelles demain.

    ;)
    0
  18. Utilisateur anonyme
     
    Bonjour indise

    Peux tu mettre un lm2fix option 1 stp

    a+
    0
  19. indise
     
    Bonjour Regis59,

    J'ai fait l'action que tu m'as demandé et voici le résultat :

    L2MFIX find log 010406
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SMDEn]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\l4j8le1u1h.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{E1A86ACB-9558-DB64-8871-BFAE63833636}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de bureau"
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
    "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
    "{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}"=""
    "{A6A26350-3063-4916-9A79-5237AE29D4E1}"=""
    "{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}"=""
    "{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}"=""
    "{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}"=""
    "{F13894C3-DFFE-4A12-8A41-794F0383C7C0}"=""
    "{EB7A4613-47D1-4713-BD98-DD72B20EC486}"=""
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}"=""
    "{280E9EF9-DD4F-4925-A9AA-E7396332762B}"=""
    "{18652A89-55D2-4E38-AC72-6A8E3F819F8F}"=""
    "{6930BD0F-D4BD-4E6E-A671-E422070D49A7}"=""
    "{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}"=""
    "{49CC63F8-458A-4599-8D6F-828C8CECD16D}"=""
    "{C9639FED-F69B-4BF8-ADC5-06146423F12F}"=""
    "{9201724C-C01B-428C-9DB1-090A6FD70D20}"=""
    "{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}"=""
    "{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\InprocServer32]
    @="C:\\WINDOWS\\system32\\nvmkcert.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\EpnClass.Dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mjvcp50.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dvnput8.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mmtlsapi.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mwfutil.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\InprocServer32]
    @="C:\\WINDOWS\\system32\\donhpast.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\InprocServer32]
    @="C:\\WINDOWS\\system32\\stbcsp.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wpv8dmod.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rXsmans.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\InprocServer32]
    @="C:\\WINDOWS\\system32\\drdskres.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ngwrshe.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\zlpfldr.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\InprocServer32]
    @="C:\\WINDOWS\\system32\\mgrecr40.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rRsmans.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}]
    @=""
    "IDEx"="AD"

    [HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\rggwizc.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ijsutil.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    divx.dll Wed 18 Jan 2006 20:47:36 A.... 574 976 561,50 K
    dpl100.dll Mon 26 Dec 2005 22:35:12 A.... 86 016 84,00 K
    dpu11.dll Fri 6 Jan 2006 17:34:58 A.... 294 912 288,00 K
    dpugui11.dll Fri 6 Jan 2006 17:35:00 A.... 593 920 580,00 K
    dpus11.dll Fri 6 Jan 2006 17:34:58 A.... 339 968 332,00 K
    dtu100.dll Fri 6 Jan 2006 17:35:00 A.... 200 704 196,00 K
    ff_vfw.dll Thu 22 Dec 2005 21:31:16 A.... 6 144 6,00 K
    fp4603~1.dll Sun 5 Feb 2006 2:36:10 ..S.R 233 569 228,09 K
    ijsutil.dll Sun 5 Feb 2006 14:10:02 ..S.R 237 225 231,66 K
    l4j8le~1.dll Sun 5 Feb 2006 2:30:32 ..S.R 237 225 231,66 K
    libdivx.dll Fri 6 Jan 2006 17:17:36 A.... 1 044 480 1020,00 K
    lvlm09~1.dll Sun 5 Feb 2006 14:10:02 ..S.R 233 317 227,85 K
    qt-dx331.dll Fri 6 Jan 2006 17:35:00 A.... 3 596 288 3,43 M
    rmoc3260.dll Tue 15 Nov 2005 9:38:10 A.... 176 167 172,04 K
    ssldivx.dll Fri 6 Jan 2006 17:17:36 A.... 200 704 196,00 K
    vp7vfw.dll Fri 2 Dec 2005 16:42:38 A.... 630 784 616,00 K
    xmmi.dll Mon 30 Jan 2006 15:16:20 A.... 139 264 136,00 K
    xvidcore.dll Fri 30 Dec 2005 20:10:30 A.... 761 856 744,00 K
    xvidvfw.dll Fri 30 Dec 2005 20:18:26 A.... 180 224 176,00 K

    19 items found: 19 files (4 H/S), 0 directories.
    Total of file sizes: 9 767 743 bytes 9,31 M
    Locate .tmp files:

    No matches found.
    **********************************************************************************
    Directory Listing of system files:
    Le volume dans le lecteur C n'a pas de nom.
    Le num‚ro de s‚rie du volume est 6438-AA29

    R‚pertoire de C:\WINDOWS\System32

    05/02/2006 14:10 237ÿ225 ijsutil.dll
    05/02/2006 14:10 233ÿ317 lvlm0931e.dll
    05/02/2006 02:36 233ÿ569 fp4603hse.dll
    05/02/2006 02:30 237ÿ225 l4j8le1u1h.dll
    03/02/2006 19:05 <REP> dllcache
    30/01/2006 23:03 <REP> Microsoft
    30/01/2006 15:17 405ÿ504 ??rvices.exe
    5 fichier(s) 1ÿ346ÿ840 octets
    2 R‚p(s) 25ÿ178ÿ464ÿ256 octets libres
    0
  20. Utilisateur anonyme
     
    Déja levé lol

    Maintenant fait l option 2 si tu peux sinon dis le moi

    a+
    0
  • 1
  • 2
  • 3