Sujet Précédent Sujet Suivant

Ouverture automatique page DUF et ad-w-a-r-e

Fermé
indise - 4 févr. 2006 à 23:47
cereal Messages postés 56 Date d'inscription jeudi 8 avril 2004 Statut Membre Dernière intervention 2 février 2007 - 23 févr. 2006 à 21:12
Bonsoir,
J'ai windows XP, Kaspersky en tant quantivirus, Outpost Firewall et ccleaner, sensés éviter virus etc... Mais j'ai, toutes les 5 minutes, une connexion automatique à internet : soit une page nommée DUF, soit http://www.ad-w-a-r-e.com/cgi-bin/PopupV3?ID={E1A86ACB-9558-DB64-8871-BFAE63833636}&type=normal&mSkip=1&rnd=25892 qui s'ouvre. Aucune n'arrive à tourver un serveur, mais ca me pollue toutes mes actions sur mon ordi (je ne peux plus rien faire tant que je ne ferme pas ces 2 pages)...

Est-ce bien un virus et Que dois-je faire, SVP ??? Je scane plusieurs fois par jours mon pc par Kasper., ccleaner et outpost, sans succes, et j'ai même essayer d'autres antivirus etc... sans résultats...

Merci.
Indise
A voir également:

43 réponses

Précédent
Réponse 21 / 43
indise
5 févr. 2006 à 14:34
Bonjour Régis59 !
Oui, cette hitoire me tracasse.. Je ne comprends pas trop pkoi ca persiste et je commence à me demander si ca ne serait pas plus simple de tout formater, qu'en penses tu ?

L' option 2 n'a rien donner, comme hier... Pourtant, la dernière fois que tu me l'as demandé je crois me souvenir que s'avais marché... enfin, je crois...
0
Réponse 22 / 43
indise
5 févr. 2006 à 14:39
Mon Pc a beugé et depuis ce matin, un message est apparu 2 fois :

Service affichage message (Security monitor) pour installer qq chose sur www.patchupdate.info

Ca me parait louche, même très louche... non ?
0
Réponse 23 / 43
Utilisateur anonyme
5 févr. 2006 à 14:48
Re,

c'est une simple infection, du calme, rien de grave, on s en sortira toujours, t es bien tombé lol

Pour lm2fix, on va s en occuper manuellement, donne moi l option 1 stp

N'installe rien du tout, si on te le propose refuse toujours, c est de l arnaque. S'il reapparait tu le fermes, pour eviter cela on passera au sp2 (mises a jour windows)

a+
0
Réponse 24 / 43
indise
5 févr. 2006 à 14:52
OK !

voici le rapport de l'option 1 :

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Internet Settings]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l4j8le1u1h.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{E1A86ACB-9558-DB64-8871-BFAE63833636}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}"=""
"{A6A26350-3063-4916-9A79-5237AE29D4E1}"=""
"{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}"=""
"{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}"=""
"{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}"=""
"{F13894C3-DFFE-4A12-8A41-794F0383C7C0}"=""
"{EB7A4613-47D1-4713-BD98-DD72B20EC486}"=""
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}"=""
"{280E9EF9-DD4F-4925-A9AA-E7396332762B}"=""
"{18652A89-55D2-4E38-AC72-6A8E3F819F8F}"=""
"{6930BD0F-D4BD-4E6E-A671-E422070D49A7}"=""
"{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}"=""
"{49CC63F8-458A-4599-8D6F-828C8CECD16D}"=""
"{C9639FED-F69B-4BF8-ADC5-06146423F12F}"=""
"{9201724C-C01B-428C-9DB1-090A6FD70D20}"=""
"{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}"=""
"{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\InprocServer32]
@="C:\\WINDOWS\\system32\\nvmkcert.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\InprocServer32]
@="C:\\WINDOWS\\system32\\EpnClass.Dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjvcp50.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\InprocServer32]
@="C:\\WINDOWS\\system32\\dvnput8.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\InprocServer32]
@="C:\\WINDOWS\\system32\\mmtlsapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwfutil.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\InprocServer32]
@="C:\\WINDOWS\\system32\\donhpast.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\InprocServer32]
@="C:\\WINDOWS\\system32\\stbcsp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\InprocServer32]
@="C:\\WINDOWS\\system32\\wpv8dmod.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\InprocServer32]
@="C:\\WINDOWS\\system32\\rXsmans.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\InprocServer32]
@="C:\\WINDOWS\\system32\\drdskres.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\InprocServer32]
@="C:\\WINDOWS\\system32\\ngwrshe.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\InprocServer32]
@="C:\\WINDOWS\\system32\\zlpfldr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgrecr40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\InprocServer32]
@="C:\\WINDOWS\\system32\\rRsmans.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\InprocServer32]
@="C:\\WINDOWS\\system32\\rggwizc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\InprocServer32]
@="C:\\WINDOWS\\system32\\mphtml.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
divx.dll Wed 18 Jan 2006 20:47:36 A.... 574 976 561,50 K
dpl100.dll Mon 26 Dec 2005 22:35:12 A.... 86 016 84,00 K
dpu11.dll Fri 6 Jan 2006 17:34:58 A.... 294 912 288,00 K
dpugui11.dll Fri 6 Jan 2006 17:35:00 A.... 593 920 580,00 K
dpus11.dll Fri 6 Jan 2006 17:34:58 A.... 339 968 332,00 K
dtu100.dll Fri 6 Jan 2006 17:35:00 A.... 200 704 196,00 K
ff_vfw.dll Thu 22 Dec 2005 21:31:16 A.... 6 144 6,00 K
fp4603~1.dll Sun 5 Feb 2006 2:36:10 ..S.R 233 569 228,09 K
ktj2l7~1.dll Sun 5 Feb 2006 14:30:22 ..S.R 233 856 228,38 K
l4j8le~1.dll Sun 5 Feb 2006 2:30:32 ..S.R 237 225 231,66 K
libdivx.dll Fri 6 Jan 2006 17:17:36 A.... 1 044 480 1020,00 K
lvlm09~1.dll Sun 5 Feb 2006 14:10:02 ..S.R 233 317 227,85 K
mphtml.dll Sun 5 Feb 2006 14:30:22 ..S.R 237 225 231,66 K
qt-dx331.dll Fri 6 Jan 2006 17:35:00 A.... 3 596 288 3,43 M
rmoc3260.dll Tue 15 Nov 2005 9:38:10 A.... 176 167 172,04 K
ssldivx.dll Fri 6 Jan 2006 17:17:36 A.... 200 704 196,00 K
vp7vfw.dll Fri 2 Dec 2005 16:42:38 A.... 630 784 616,00 K
xmmi.dll Mon 30 Jan 2006 15:16:20 A.... 139 264 136,00 K
xvidcore.dll Fri 30 Dec 2005 20:10:30 A.... 761 856 744,00 K
xvidvfw.dll Fri 30 Dec 2005 20:18:26 A.... 180 224 176,00 K

20 items found: 20 files (5 H/S), 0 directories.
Total of file sizes: 10 001 599 bytes 9,54 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6438-AA29

R‚pertoire de C:\WINDOWS\System32

05/02/2006 14:30 237ÿ225 mphtml.dll
05/02/2006 14:30 233ÿ856 ktj2l71o1.dll
05/02/2006 14:10 233ÿ317 lvlm0931e.dll
05/02/2006 02:36 233ÿ569 fp4603hse.dll
05/02/2006 02:30 237ÿ225 l4j8le1u1h.dll
03/02/2006 19:05 <REP> dllcache
30/01/2006 23:03 <REP> Microsoft
30/01/2006 15:17 405ÿ504 ??rvices.exe
6 fichier(s) 1ÿ580ÿ696 octets
2 R‚p(s) 25ÿ010ÿ565ÿ120 octets libres
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 43
Utilisateur anonyme
5 févr. 2006 à 14:55
Tu permets qu on essai un petit truc? lol
J'espere que tu es bien en ma compagnie. lol

¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).

***
Relance Lm2FIX option 2

**
Redemarre en mode normal et remet un option 1

a+
0
Réponse 26 / 43
indise
5 févr. 2006 à 14:58
ok
0
Réponse 27 / 43
indise
5 févr. 2006 à 15:05
Ok, il a dabord dit comme d'hab que le fichier était introuvable, puis plein de trucs se sont écrits et mon pc a redémarrer.

Voici le rapport de l'option 1 :

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MS-DOS Emulation]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\ktj2l71o1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{E1A86ACB-9558-DB64-8871-BFAE63833636}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}"=""
"{A6A26350-3063-4916-9A79-5237AE29D4E1}"=""
"{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}"=""
"{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}"=""
"{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}"=""
"{F13894C3-DFFE-4A12-8A41-794F0383C7C0}"=""
"{EB7A4613-47D1-4713-BD98-DD72B20EC486}"=""
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}"=""
"{280E9EF9-DD4F-4925-A9AA-E7396332762B}"=""
"{18652A89-55D2-4E38-AC72-6A8E3F819F8F}"=""
"{6930BD0F-D4BD-4E6E-A671-E422070D49A7}"=""
"{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}"=""
"{49CC63F8-458A-4599-8D6F-828C8CECD16D}"=""
"{C9639FED-F69B-4BF8-ADC5-06146423F12F}"=""
"{9201724C-C01B-428C-9DB1-090A6FD70D20}"=""
"{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}"=""
"{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\InprocServer32]
@="C:\\WINDOWS\\system32\\nvmkcert.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\InprocServer32]
@="C:\\WINDOWS\\system32\\EpnClass.Dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjvcp50.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\InprocServer32]
@="C:\\WINDOWS\\system32\\dvnput8.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\InprocServer32]
@="C:\\WINDOWS\\system32\\mmtlsapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwfutil.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\InprocServer32]
@="C:\\WINDOWS\\system32\\donhpast.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\InprocServer32]
@="C:\\WINDOWS\\system32\\stbcsp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\InprocServer32]
@="C:\\WINDOWS\\system32\\wpv8dmod.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\InprocServer32]
@="C:\\WINDOWS\\system32\\rXsmans.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\InprocServer32]
@="C:\\WINDOWS\\system32\\drdskres.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\InprocServer32]
@="C:\\WINDOWS\\system32\\ngwrshe.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\InprocServer32]
@="C:\\WINDOWS\\system32\\zlpfldr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgrecr40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\InprocServer32]
@="C:\\WINDOWS\\system32\\rRsmans.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\InprocServer32]
@="C:\\WINDOWS\\system32\\rggwizc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxsnap.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
divx.dll Wed 18 Jan 2006 20:47:36 A.... 574 976 561,50 K
dpl100.dll Mon 26 Dec 2005 22:35:12 A.... 86 016 84,00 K
dpu11.dll Fri 6 Jan 2006 17:34:58 A.... 294 912 288,00 K
dpugui11.dll Fri 6 Jan 2006 17:35:00 A.... 593 920 580,00 K
dpus11.dll Fri 6 Jan 2006 17:34:58 A.... 339 968 332,00 K
dtu100.dll Fri 6 Jan 2006 17:35:00 A.... 200 704 196,00 K
ff_vfw.dll Thu 22 Dec 2005 21:31:16 A.... 6 144 6,00 K
fp4603~1.dll Sun 5 Feb 2006 2:36:10 ..S.R 233 569 228,09 K
i8nmli~1.dll Sun 5 Feb 2006 15:00:22 ..S.R 235 014 229,50 K
imcvid.dll Sun 5 Feb 2006 15:00:22 ..S.R 233 856 228,38 K
ktj2l7~1.dll Sun 5 Feb 2006 14:30:22 ..S.R 233 856 228,38 K
libdivx.dll Fri 6 Jan 2006 17:17:36 A.... 1 044 480 1020,00 K
lvlm09~1.dll Sun 5 Feb 2006 14:10:02 ..S.R 233 317 227,85 K
lvru09~1.dll Sun 5 Feb 2006 15:01:50 ..S.R 234 855 229,35 K
mphtml.dll Sun 5 Feb 2006 14:30:22 ..S.R 237 225 231,66 K
mxsnap.dll Sun 5 Feb 2006 15:01:50 ..S.R 233 856 228,38 K
qt-dx331.dll Fri 6 Jan 2006 17:35:00 A.... 3 596 288 3,43 M
rmoc3260.dll Tue 15 Nov 2005 9:38:10 A.... 176 167 172,04 K
ssldivx.dll Fri 6 Jan 2006 17:17:36 A.... 200 704 196,00 K
vp7vfw.dll Fri 2 Dec 2005 16:42:38 A.... 630 784 616,00 K
xmmi.dll Mon 30 Jan 2006 15:16:20 A.... 139 264 136,00 K
xvidcore.dll Fri 30 Dec 2005 20:10:30 A.... 761 856 744,00 K
xvidvfw.dll Fri 30 Dec 2005 20:18:26 A.... 180 224 176,00 K

23 items found: 23 files (8 H/S), 0 directories.
Total of file sizes: 10 701 955 bytes 10,20 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6438-AA29

R‚pertoire de C:\WINDOWS\System32

05/02/2006 15:01 233ÿ856 mxsnap.dll
05/02/2006 15:01 234ÿ855 lvru0999e.dll
05/02/2006 15:00 233ÿ856 imcvid.dll
05/02/2006 15:00 235ÿ014 i8nmli5118.dll
05/02/2006 14:30 237ÿ225 mphtml.dll
05/02/2006 14:30 233ÿ856 ktj2l71o1.dll
05/02/2006 14:10 233ÿ317 lvlm0931e.dll
05/02/2006 02:36 233ÿ569 fp4603hse.dll
03/02/2006 19:05 <REP> dllcache
30/01/2006 23:03 <REP> Microsoft
30/01/2006 15:17 405ÿ504 ??rvices.exe
9 fichier(s) 2ÿ281ÿ052 octets
2 R‚p(s) 24ÿ948ÿ621ÿ312 octets libres



A quoi ca sert de faire ça -option 2- (si c'est simple a expliquer lol) ?
0
Réponse 28 / 43
Utilisateur anonyme
5 févr. 2006 à 15:31
Salut,

L'option 1 permet de détecter les choses lié a l infection look to me, responsable de tes pubs. L'option 2 sert à les supprimer. Voila, c est tout simple ;-)

***
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\l4j8le1u1h.dll

Télécharge: Pocket Killbox ici:
http://www.killbox.net/downloads/KillBox.exe

ouvre le bloc note et copie et colle la liste des fichiers à supprimer
ci-dessous
une fois fait, enregistre le à un endroit ou tu pourras le retrouver
facilement (sur le bureau par exemple).

C:\WINDOWS\System32\mxsnap.dll
C:\WINDOWS\System32\lvru0999e.dll
C:\WINDOWS\System32\imcvid.dll
C:\WINDOWS\System32\i8nmli5118.dll
C:\WINDOWS\System32\mphtml.dll
C:\WINDOWS\System32\ktj2l71o1.dll
C:\WINDOWS\System32\lvlm0931e.dll
C:\WINDOWS\System32\fp4603hse.dll

1/ lance killbox.exe
2/ ouvre le fichier txt qui contient la liste des fichiers à supprimer,
clic sur edition dans le menu du haut et clic sur "selectionner tout"
3/ clic une seconde fois sur "edition" et clic sur "copier"
4/ referme le bloc note.
5/ Dans killbox, selectionne "Delete on Reboot" puis clic
sur "ALL FILES"
6/ Dans le menu du haut clic sur File, puis sur paste
from clipboard
(tu devrais voir apparaitre la liste des fichier qu'il va supprimer)
7/ clic sur le rond rouge
8/ une fenetre va apparaitre pour confirmation clic sur OUI
9/ une seconde fenetre te demande si tu veux redemarrer clic sur
OUI

Si le pc ne redemarre pas automatiquement ou si killbox t'envois ce message:
"Pending file Rename Operations Registry Data has been Removed by
External Process"
ignore le et redemarre le pc normallement
Remet un hijackthis + lm2fix option 1

a+
0
Réponse 29 / 43
indise
5 févr. 2006 à 16:04
Ok,
voila le rapport option 1

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l64qlgh5164.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{E1A86ACB-9558-DB64-8871-BFAE63833636}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension feuille de propri‚t‚ de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Explorateur de bureau"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}"=""
"{A6A26350-3063-4916-9A79-5237AE29D4E1}"=""
"{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}"=""
"{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}"=""
"{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}"=""
"{F13894C3-DFFE-4A12-8A41-794F0383C7C0}"=""
"{EB7A4613-47D1-4713-BD98-DD72B20EC486}"=""
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}"=""
"{280E9EF9-DD4F-4925-A9AA-E7396332762B}"=""
"{18652A89-55D2-4E38-AC72-6A8E3F819F8F}"=""
"{6930BD0F-D4BD-4E6E-A671-E422070D49A7}"=""
"{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}"=""
"{49CC63F8-458A-4599-8D6F-828C8CECD16D}"=""
"{C9639FED-F69B-4BF8-ADC5-06146423F12F}"=""
"{9201724C-C01B-428C-9DB1-090A6FD70D20}"=""
"{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}"=""
"{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{35F0DBA9-6632-4CDC-A831-1C7BFB662CB9}\InprocServer32]
@="C:\\WINDOWS\\system32\\nvmkcert.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A6A26350-3063-4916-9A79-5237AE29D4E1}\InprocServer32]
@="C:\\WINDOWS\\system32\\EpnClass.Dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F8C313C2-93DF-4AB6-B4EF-C313A5C19150}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjvcp50.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A9AD0EC4-A5D6-4E7B-A3D3-C8671784493B}\InprocServer32]
@="C:\\WINDOWS\\system32\\dvnput8.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C6F2B628-AE0D-4F4F-9A3E-3946B8C5E3B3}\InprocServer32]
@="C:\\WINDOWS\\system32\\mmtlsapi.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F13894C3-DFFE-4A12-8A41-794F0383C7C0}\InprocServer32]
@="C:\\WINDOWS\\system32\\mwfutil.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EB7A4613-47D1-4713-BD98-DD72B20EC486}\InprocServer32]
@="C:\\WINDOWS\\system32\\donhpast.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F6FF3EFA-D437-46E8-867A-745A2BE1E9B6}\InprocServer32]
@="C:\\WINDOWS\\system32\\stbcsp.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{280E9EF9-DD4F-4925-A9AA-E7396332762B}\InprocServer32]
@="C:\\WINDOWS\\system32\\wpv8dmod.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{18652A89-55D2-4E38-AC72-6A8E3F819F8F}\InprocServer32]
@="C:\\WINDOWS\\system32\\rXsmans.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6930BD0F-D4BD-4E6E-A671-E422070D49A7}\InprocServer32]
@="C:\\WINDOWS\\system32\\drdskres.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9B278E3A-6E25-478C-ACDF-0E3DACDF52B8}\InprocServer32]
@="C:\\WINDOWS\\system32\\ngwrshe.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{49CC63F8-458A-4599-8D6F-828C8CECD16D}\InprocServer32]
@="C:\\WINDOWS\\system32\\zlpfldr.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C9639FED-F69B-4BF8-ADC5-06146423F12F}\InprocServer32]
@="C:\\WINDOWS\\system32\\mgrecr40.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9201724C-C01B-428C-9DB1-090A6FD70D20}\InprocServer32]
@="C:\\WINDOWS\\system32\\rRsmans.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1FB4D8D4-7F5F-4A4D-BF2D-0EAA15C6B27C}\InprocServer32]
@="C:\\WINDOWS\\system32\\rggwizc.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{019FFF6F-AD1E-4A40-BAD7-227D91D5BA56}\InprocServer32]
@="C:\\WINDOWS\\system32\\aorsvc.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
aorsvc.dll Sun 5 Feb 2006 15:59:12 ..S.R 236 401 230,86 K
divx.dll Wed 18 Jan 2006 20:47:36 A.... 574 976 561,50 K
dpl100.dll Mon 26 Dec 2005 22:35:12 A.... 86 016 84,00 K
dpu11.dll Fri 6 Jan 2006 17:34:58 A.... 294 912 288,00 K
dpugui11.dll Fri 6 Jan 2006 17:35:00 A.... 593 920 580,00 K
dpus11.dll Fri 6 Jan 2006 17:34:58 A.... 339 968 332,00 K
dtu100.dll Fri 6 Jan 2006 17:35:00 A.... 200 704 196,00 K
ff_vfw.dll Thu 22 Dec 2005 21:31:16 A.... 6 144 6,00 K
l64qlg~1.dll Sun 5 Feb 2006 15:47:24 ..S.R 236 401 230,86 K
libdivx.dll Fri 6 Jan 2006 17:17:36 A.... 1 044 480 1020,00 K
lvlm09~1.dll Sun 5 Feb 2006 15:59:12 ..S.R 236 540 230,99 K
qt-dx331.dll Fri 6 Jan 2006 17:35:00 A.... 3 596 288 3,43 M
rmoc3260.dll Tue 15 Nov 2005 9:38:10 A.... 176 167 172,04 K
ssldivx.dll Fri 6 Jan 2006 17:17:36 A.... 200 704 196,00 K
vp7vfw.dll Fri 2 Dec 2005 16:42:38 A.... 630 784 616,00 K
xmmi.dll Mon 30 Jan 2006 15:16:20 A.... 139 264 136,00 K
xvidcore.dll Fri 30 Dec 2005 20:10:30 A.... 761 856 744,00 K
xvidvfw.dll Fri 30 Dec 2005 20:18:26 A.... 180 224 176,00 K

18 items found: 18 files (3 H/S), 0 directories.
Total of file sizes: 9 535 749 bytes 9,09 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 6438-AA29

R‚pertoire de C:\WINDOWS\System32

05/02/2006 15:59 236ÿ401 aorsvc.dll
05/02/2006 15:59 236ÿ540 lvlm0931e.dll
05/02/2006 15:47 236ÿ401 l64qlgh5164.dll
03/02/2006 19:05 <REP> dllcache
30/01/2006 23:03 <REP> Microsoft
30/01/2006 15:17 405ÿ504 ??rvices.exe
4 fichier(s) 1ÿ114ÿ846 octets
2 R‚p(s) 24ÿ644ÿ296ÿ704 octets libres


Merci,
0
Réponse 30 / 43
indise
5 févr. 2006 à 16:24
Il a encore beugé et cette fois j'ai noé le message :

STOP = C000021a {Erreur Systeme irrecupérable}
Le processus systeme windows Logan Process s'est terminé de façon inattendu avec.
Le systeme a été arrete.

Je ne sais pas si cette info peut t'aider...
0
Réponse 31 / 43
Utilisateur anonyme
5 févr. 2006 à 17:30
Re,

1/Demarre en mode sans echec

2/Lance ewido pour un nettoyage

3/ouvre le bloc note et copie et colle la liste des fichiers à supprimer
ci-dessous
une fois fait, enregistre le à un endroit ou tu pourras le retrouver
facilement (sur le bureau par exemple).

C:\WINDOWS\System32\aorsvc.dll
C:\WINDOWS\System32\lvlm0931e.dll
C:\WINDOWS\System32\l64qlgh5164.dll

1/ lance killbox.exe
2/ ouvre le fichier txt qui contient la liste des fichiers à supprimer,
clic sur edition dans le menu du haut et clic sur "selectionner tout"
3/ clic une seconde fois sur "edition" et clic sur "copier"
4/ referme le bloc note.
5/ Dans killbox, selectionne "Delete on Reboot" puis clic
sur "ALL FILES"
6/ Dans le menu du haut clic sur File, puis sur paste
from clipboard
(tu devrais voir apparaitre la liste des fichier qu'il va supprimer)
7/ clic sur le rond rouge
8/ une fenetre va apparaitre pour confirmation clic sur OUI
9/ une seconde fenetre te demande si tu veux redemarrer clic sur
OUI

Si le pc ne redemarre pas automatiquement ou si killbox t'envois ce message:
"Pending file Rename Operations Registry Data has been Removed by
External Process"
ignore le et redemarre le pc normallement

Remet un hijackthis + lm2fix option 1 +

Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\WINDOWS\System32\??rvices.exe
Clik send et colle le rapport stp

a+
0
Réponse 32 / 43
indise
6 févr. 2006 à 19:32
Bonjur Régis 59,

Jete remercie pour ton aide et ton temps passé à m'aider, mais on ami a formaté tout ca, et ca roule à nouveau pour le moment !

MERCI biz
0
Réponse 33 / 43
Utilisateur anonyme
6 févr. 2006 à 20:56
Salut indise

D'accord, merci de m'avoir informé

bonne continuation
0
Réponse 34 / 43
cereal Messages postés 56 Date d'inscription jeudi 8 avril 2004 Statut Membre Dernière intervention 2 février 2007 2
8 févr. 2006 à 03:14
salut regis59

je me suis pas mal interessé à ce post, je me suis trouver pas mal de points communs avec le probleme initiale.
la page duf qui s'ouvre intempestivement et surtout bitdefender qui n'arrête pas de signaler des trojan et autres.

j'ai donc suis tes conseils, ewido, spybot et adaware en mode sans echec. j'ai fixé avec HijackThis les lignes que tu conseillais de fixer.

la cadence de croisiere de mon proc est retomber à 0 mais des alertes virus persistes.

je solicite donc ta connaissance. moi je n'y comprend rien a tou c'est rapport, mais bon

voilà mon rapport L2MFIX.

tu trouveras ensuite mon rapport HijackThis

merci pour ton aide



L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Extension de la page de propri‚t‚s de mise … jour automatique"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice Property Sheet Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"CLSID\\{EBDF1F20-C829-14D1-8234-1420AF3E97A9}"="LeechGet \"Copy Here\" Shell Extension"
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v9"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{23170F69-40C1-278A-1000-000100020000}"="7-Zip Shell Extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{34F4B935-17DC-4885-8BC9-CCD1ADF42F93}"="Record ISO Image to CD"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
clrviddc.dll Mon 12 Dec 2005 21:48:56 A.... 203 776 199,00 K
gccoll~1.dll Tue 15 Nov 2005 12:12:08 A.... 126 680 123,71 K
gcunco~1.dll Tue 15 Nov 2005 12:12:06 A.... 95 448 93,21 K
hashlib.dll Tue 15 Nov 2005 12:12:08 A.... 117 976 115,21 K
livesnth.dll Mon 12 Dec 2005 21:48:58 A.... 278 528 272,00 K
lsprst7.dll Sat 17 Dec 2005 11:42:28 A.... 205 0,20 K
rewire.dll Mon 12 Dec 2005 15:39:10 A.... 225 280 220,00 K
rexsha~1.dll Mon 12 Dec 2005 15:39:10 A.... 233 472 228,00 K
sockspy.dll Tue 15 Nov 2005 13:13:24 A.... 61 440 60,00 K
ssprs.dll Sat 17 Dec 2005 11:42:28 A.... 73 0,07 K
xcomm.dll Mon 23 Jan 2006 16:22:08 A.... 77 824 76,00 K

11 items found: 11 files, 0 directories.
Total of file sizes: 1 420 702 bytes 1,35 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle Syxtem
Le num‚ro de s‚rie du volume est 30C2-7ADE

R‚pertoire de C:\WINDOWS\System32

07/02/2006 22:07 <REP> dllcache
27/10/2005 01:14 184ÿ565 patcher.exe
04/08/2005 21:27 <REP> Microsoft
16/08/2003 20:56 579ÿ584 cd.exe
2 fichier(s) 764ÿ149 octets
2 R‚p(s) 9ÿ355ÿ497ÿ472 octets libres























Logfile of HijackThis v1.99.1
Scan saved at 03:09:01, on 08/02/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\FreshDevices\FreshDownload\fd.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\cyrillus\LOCALS~1\Temp\Rar$EX00.734\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133820534937
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
Réponse 35 / 43
Utilisateur anonyme
8 févr. 2006 à 08:29
Salut cereal

Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 3.

et remet un hijack this

a+
0
Réponse 36 / 43
cereal Messages postés 56 Date d'inscription jeudi 8 avril 2004 Statut Membre Dernière intervention 2 février 2007 2
8 févr. 2006 à 10:04
Merci regis59 d'être revenu,

voilà mon rapport HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 09:58:13, on 08/02/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\progra~1\softwin\bitdef~1\bdswitch.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Luna3\App\bin\Luna.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\cyrillus\LOCALS~1\Temp\Rar$EX00.312\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133820534937
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Performance True Type Fonts (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
Réponse 37 / 43
Utilisateur anonyme
8 févr. 2006 à 13:22
Salut

il n y a pas de soucis ^^

1/Tu as fait l option 3 comme je te le conseillais?

2/Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\patcher.exe
C:\WINDOWS\System32\cd.exe

Clik send et colle les rapports stp

A+
0
Réponse 38 / 43
cereal Messages postés 56 Date d'inscription jeudi 8 avril 2004 Statut Membre Dernière intervention 2 février 2007 2
8 févr. 2006 à 18:36
bonjour,

1 - oui j'ai bien fait l'option 3 de Smitfraudfix

2 - voilà les rapport de VirusTotal:

en bref seul Fortinet (suspicious) suspect patcher.exe d'avoir une infection.


C:\WINDOWS\system32\cmd.exe :

Antivirus Version Update Result
AntiVir 6.33.0.81 02.08.2006 no virus found
Avast 4.6.695.0 02.07.2006 no virus found
AVG 718 02.07.2006 no virus found
Avira 6.33.0.81 02.08.2006 no virus found
BitDefender 7.2 02.08.2006 no virus found
CAT-QuickHeal 8.00 02.08.2006 no virus found
ClamAV devel-20060126 02.07.2006 no virus found
DrWeb 4.33 02.08.2006 no virus found
eTrust-InoculateIT 23.71.71 02.08.2006 no virus found
eTrust-Vet 12.4.2071 02.08.2006 no virus found
Ewido 3.5 02.07.2006 no virus found
Fortinet 2.54.0.0 02.08.2006 no virus found
F-Prot 3.16c 02.07.2006 no virus found
Ikarus 0.2.59.0 02.08.2006 no virus found
Kaspersky 4.0.2.24 02.08.2006 no virus found
McAfee 4692 02.08.2006 no virus found
NOD32v2 1.1399 02.08.2006 no virus found
Norman 5.70.10 02.08.2006 no virus found
Panda 9.0.0.4 02.08.2006 no virus found
Sophos 4.02.0 02.08.2006 no virus found
Symantec 8.0 02.08.2006 no virus found
TheHacker 5.9.3.092 02.07.2006 no virus found
UNA 1.83 02.07.2006 no virus found
VBA32 3.10.5 02.08.2006 no virus found


C:\WINDOWS\System32\patcher.exe :

Antivirus Version Update Result
AntiVir 6.33.0.81 02.08.2006 no virus found
Avast 4.6.695.0 02.07.2006 no virus found
AVG 718 02.07.2006 no virus found
Avira 6.33.0.81 02.08.2006 no virus found
BitDefender 7.2 02.08.2006 no virus found
CAT-QuickHeal 8.00 02.08.2006 no virus found
ClamAV devel-20060126 02.07.2006 no virus found
DrWeb 4.33 02.08.2006 no virus found
eTrust-InoculateIT 23.71.71 02.08.2006 no virus found
eTrust-Vet 12.4.2071 02.08.2006 no virus found
Ewido 3.5 02.07.2006 no virus found
Fortinet 2.54.0.0 02.08.2006 suspicious
F-Prot 3.16c 02.07.2006 no virus found
Ikarus 0.2.59.0 02.08.2006 no virus found
Kaspersky 4.0.2.24 02.08.2006 no virus found
McAfee 4692 02.08.2006 no virus found
NOD32v2 1.1399 02.08.2006 no virus found
Norman 5.70.10 02.08.2006 no virus found
Panda 9.0.0.4 02.08.2006 no virus found
Sophos 4.02.0 02.08.2006 no virus found
Symantec 8.0 02.08.2006 no virus found
TheHacker 5.9.3.092 02.07.2006 no virus found
UNA 1.83 02.07.2006 no virus found
VBA32 3.10.5 02.08.2006 no virus found

C:\WINDOWS\System32\cd.exe :

AntiVir 6.33.0.81 02.08.2006 no virus found
Avast 4.6.695.0 02.07.2006 no virus found
AVG 718 02.07.2006 no virus found
Avira 6.33.0.81 02.08.2006 no virus found
BitDefender 7.2 02.08.2006 no virus found
CAT-QuickHeal 8.00 02.08.2006 no virus found
ClamAV devel-20060126 02.07.2006 no virus found
DrWeb 4.33 02.08.2006 no virus found
eTrust-InoculateIT 23.71.71 02.08.2006 no virus found
eTrust-Vet 12.4.2071 02.08.2006 no virus found
Ewido 3.5 02.07.2006 no virus found
Fortinet 2.54.0.0 02.08.2006 no virus found
F-Prot 3.16c 02.07.2006 no virus found
Ikarus 0.2.59.0 02.08.2006 no virus found
Kaspersky 4.0.2.24 02.08.2006 no virus found
McAfee 4692 02.08.2006 no virus found
NOD32v2 1.1399 02.08.2006 no virus found
Norman 5.70.10 02.08.2006 no virus found
Panda 9.0.0.4 02.08.2006 no virus found
Sophos 4.02.0 02.08.2006 no virus found
Symantec 8.0 02.08.2006 no virus found
TheHacker 5.9.3.092 02.07.2006 no virus found
UNA 1.83 02.07.2006 no virus found
VBA32 3.10.5 02.08.2006 no virus found


a+
0
Réponse 39 / 43
cereal Messages postés 56 Date d'inscription jeudi 8 avril 2004 Statut Membre Dernière intervention 2 février 2007 2
8 févr. 2006 à 18:45
bonjour,

1 - oui j'ai bien fait l'option 3 de Smitfraudfix

2 - voilà les rapport de VirusTotal:

en bref seul Fortinet (suspicious) suspect patcher.exe d'avoir une infection.


C:\WINDOWS\system32\cmd.exe :

Antivirus Version Update Result
AntiVir 6.33.0.81 02.08.2006 no virus found
Avast 4.6.695.0 02.07.2006 no virus found
AVG 718 02.07.2006 no virus found
Avira 6.33.0.81 02.08.2006 no virus found
BitDefender 7.2 02.08.2006 no virus found
CAT-QuickHeal 8.00 02.08.2006 no virus found
ClamAV devel-20060126 02.07.2006 no virus found
DrWeb 4.33 02.08.2006 no virus found
eTrust-InoculateIT 23.71.71 02.08.2006 no virus found
eTrust-Vet 12.4.2071 02.08.2006 no virus found
Ewido 3.5 02.07.2006 no virus found
Fortinet 2.54.0.0 02.08.2006 no virus found
F-Prot 3.16c 02.07.2006 no virus found
Ikarus 0.2.59.0 02.08.2006 no virus found
Kaspersky 4.0.2.24 02.08.2006 no virus found
McAfee 4692 02.08.2006 no virus found
NOD32v2 1.1399 02.08.2006 no virus found
Norman 5.70.10 02.08.2006 no virus found
Panda 9.0.0.4 02.08.2006 no virus found
Sophos 4.02.0 02.08.2006 no virus found
Symantec 8.0 02.08.2006 no virus found
TheHacker 5.9.3.092 02.07.2006 no virus found
UNA 1.83 02.07.2006 no virus found
VBA32 3.10.5 02.08.2006 no virus found


C:\WINDOWS\System32\patcher.exe :

Antivirus Version Update Result
AntiVir 6.33.0.81 02.08.2006 no virus found
Avast 4.6.695.0 02.07.2006 no virus found
AVG 718 02.07.2006 no virus found
Avira 6.33.0.81 02.08.2006 no virus found
BitDefender 7.2 02.08.2006 no virus found
CAT-QuickHeal 8.00 02.08.2006 no virus found
ClamAV devel-20060126 02.07.2006 no virus found
DrWeb 4.33 02.08.2006 no virus found
eTrust-InoculateIT 23.71.71 02.08.2006 no virus found
eTrust-Vet 12.4.2071 02.08.2006 no virus found
Ewido 3.5 02.07.2006 no virus found
Fortinet 2.54.0.0 02.08.2006 suspicious
F-Prot 3.16c 02.07.2006 no virus found
Ikarus 0.2.59.0 02.08.2006 no virus found
Kaspersky 4.0.2.24 02.08.2006 no virus found
McAfee 4692 02.08.2006 no virus found
NOD32v2 1.1399 02.08.2006 no virus found
Norman 5.70.10 02.08.2006 no virus found
Panda 9.0.0.4 02.08.2006 no virus found
Sophos 4.02.0 02.08.2006 no virus found
Symantec 8.0 02.08.2006 no virus found
TheHacker 5.9.3.092 02.07.2006 no virus found
UNA 1.83 02.07.2006 no virus found
VBA32 3.10.5 02.08.2006 no virus found

C:\WINDOWS\System32\cd.exe :

AntiVir 6.33.0.81 02.08.2006 no virus found
Avast 4.6.695.0 02.07.2006 no virus found
AVG 718 02.07.2006 no virus found
Avira 6.33.0.81 02.08.2006 no virus found
BitDefender 7.2 02.08.2006 no virus found
CAT-QuickHeal 8.00 02.08.2006 no virus found
ClamAV devel-20060126 02.07.2006 no virus found
DrWeb 4.33 02.08.2006 no virus found
eTrust-InoculateIT 23.71.71 02.08.2006 no virus found
eTrust-Vet 12.4.2071 02.08.2006 no virus found
Ewido 3.5 02.07.2006 no virus found
Fortinet 2.54.0.0 02.08.2006 no virus found
F-Prot 3.16c 02.07.2006 no virus found
Ikarus 0.2.59.0 02.08.2006 no virus found
Kaspersky 4.0.2.24 02.08.2006 no virus found
McAfee 4692 02.08.2006 no virus found
NOD32v2 1.1399 02.08.2006 no virus found
Norman 5.70.10 02.08.2006 no virus found
Panda 9.0.0.4 02.08.2006 no virus found
Sophos 4.02.0 02.08.2006 no virus found
Symantec 8.0 02.08.2006 no virus found
TheHacker 5.9.3.092 02.07.2006 no virus found
UNA 1.83 02.07.2006 no virus found
VBA32 3.10.5 02.08.2006 no virus found


a+
0
Réponse 40 / 43
cereal Messages postés 56 Date d'inscription jeudi 8 avril 2004 Statut Membre Dernière intervention 2 février 2007 2
9 févr. 2006 à 02:43
bonsoir

Bon ba ! pas de nouvelles alertes depuis l'option 3

merci pour ton aides précieuses

à bientôt

cereal
0

Discussions similaires

"R" à l'envers
Rival -
Allan -

10 réponses
problème avec ad doubleclick sur android
monnalie -
bazfile -

6 réponses
recherche d'u
mimi -
brucine -

1 réponse