pb avec internet explorer IE6

Question

Bonjour a Tous et un grand grand merci pour vos effort qui nous sont bien utiles donc bon courage et bonne continuation a vous tous.J un soucis avec ma machine j utilise XP PRO SP2 j du chope une bete qd j essaye de techarge un crack depuis le site www.andr.net, j telecharge une panopli d'anti spyware, j reussi a resoudre certains pb tels que lié au message "your computer is infected" mais maintenant j n peux plus me connecte sur internet via IE6 ni firefox. ci dessous le Logfile of HijackThis v1.99.1 Pouvez vs m'aidez svp , Merci d'avance. Mon mail est benkhelifa_medali@yahoo.fr Logfile of HijackThis v1.99.1 Scan saved at 09:37:14, on 30/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\dXNlcg\command.exe C:\Program Files\Network Monitor
etmon.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\eoRezo\EoEngine.exe C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\shellbn.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\DOCUME~1\ADMINI~2\LOCALS~1\Temp\C1.tmp3584.exe C:\DOCUME~1\ADMINI~2\LOCALS~1\Temp\C1.tmp3584.exe C:\Program Files\Eset
od32krn.exe C:\Program Files\Poste de Travail Sans Fil Labtec\MagicKey.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Documents and Settings\administrator\Bureau\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1 O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\system32\shellbn.exe O4 - HKLM\..\Run: [PCPitStopEraser] C:\Program Files\PCPitstop\Erase\PCPitStopErase.exe /remindme O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [shellbn] C:\WINDOWS\system32\shellbn.exe O4 - HKCU\..\Run: [WinMedia] "C:\DOCUME~1\ADMINI~2\LOCALS~1\Temp\C1.tmp3584.exe" O4 - HKCU\..\Run: [Key] C:\DOCUME~1\ADMINI~2\LOCALS~1\Temp\C6.tmp O4 - Global Startup: Activer le Poste de Travail Sans Fil Labtec.lnk = C:\Program Files\Poste de Travail Sans Fil Labtec\MagicKey.exe O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing) O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = POWAIR.local O17 - HKLM\Software\..\Telephony: DomainName = POWAIR.local O17 - HKLM\System\CCS\Services\Tcpip\..\{C409BE28-7104-4822-9AA8-39151EB19C0C}: NameServer = 193.95.75.10,193.95.75.13 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = POWAIR.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = POWAIR.local O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\WINDOWS\system32	mp_51.dll O20 - Winlogon Notify: 1_32bean32_1reg - C:\Documents and Settings\All Users\Documents\Settings\1_32bean32_1.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\mdw3prt.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dXNlcg\command.exe O23 - Service: Fonction Commande à distance de Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor
etmon.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset
od32krn.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Kristopher · Answer

Bonjour ;)

Tu es très infecté. Pour commencer, je t'invite à suivre les démarches détaillées à cette adresse :

https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc

Bon courage.

dalithebest · Answer

tout d'abord merci pour votre reponse.
j un soucis qd je lance Ewido, a un moment donne , il se plance et il me met le message suivant Security suite .exe a rencontre un pb et doit fermer.Nous vous prions de nous excuser pour le desagrement encouru, ce ci qd il est a 100% des fichier scanné( j teste le scan rapide et complet meme constat
Du coup j ne peux pas affiche le rapport pour le poster sur le Forum

en plus je ne peux pas me connecter a internet sur le site de bitdefender afin de faire scan on line , internet explorer me met le message suivant: server introuvable - Micorosoft internet Explorer

idem par Firefox, impossible de se connecte, j verifie l'accee reseau aucn pb.

Merci de m'aider.
BGRDS

Kristopher · Answer

Re Bonsoir dalithebest,

Je devine : tu nous écris de Tunisie ? ;)

Je n'ai pas beaucoup de temps, donc je fais très vite...

Déjà, vu l'ampleur des infection, est ce que ton antivirus Nod32 est actif et mis à jour ? (très important).

1/ Lance HijackThis, puis -> Do a system scan only et
coche ces lignes :

O4 - HKLM\..\Run: [shellbn] C:\WINDOWS\system32\shellbn.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [shellbn] C:\WINDOWS\system32\shellbn.exe
O4 - HKCU\..\Run: [WinMedia] "C:\DOCUME~1\ADMINI~2\LOCALS~1\Temp\C1.tmp3584.exe"
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\ADMINI~2\LOCALS~1\Temp\C6.tmp
O4 - Global Startup: Activer le Poste de Travail Sans Fil Labtec.lnk = C:\Program Files\Poste de Travail Sans Fil Labtec\MagicKey.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dXNlcg\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

Ensuite, clique sur "Fix checked".

2/ Cherche et efface ces fichiers si tu les trouve :

C:\WINDOWS\dXNlcg <-- le dossier
C:\Program Files\Network Monitor <-- le dossier
C:\WINDOWS\system32\shellbn.exe

3/ Clique sur "démarrer"-> "Exécuter…" et tape "services.msc"

Repère ces services néfastes :

Command Service
Network Monitor

Double clic sur ces services, puis clique sur "Arrêter" et mets les sur "Désactivé".

4/ Réessaie de faire les manipulations que tu avais entamé au début mais qui ne marchaient pas vraiment...

++

dalithebest · Answer

je viens de faire ce que vous m'avez dit de faire.en ce qui concerne le scan online via Bitdefender, j pas peu me connecte a internet que ce soit via IE6 ou bien Firefox, j tjrs le message d'erreur " iexplorer a rencontré un pb....pour Firefox, il me met serveur introuvable.y a pas moyen de faire une desinfection en local et non pas en se connectant a internet, j peux faire une mise a jour depuis un autre PC.ci dessous le nouveau rapport Hijackthis apres les suppression que vs m'avez recommander de faire.Encore merci pour votre aide. Vraiment sans vous je suis planté. encore merci Logfile of HijackThis v1.99.1Scan saved at 14:17:21, on 03/04/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Eset
od32krn.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\eoRezo\EoEngine.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\userinit.exeC:\Documents and Settings\administrator\Bureau\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bab-el-web.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - Default URLSearchHook is missingO4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGINO4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [JAVA_IBM] Java (IBM)O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = POWAIR.localO17 - HKLM\Software\..\Telephony: DomainName = POWAIR.localO17 - HKLM\System\CCS\Services\Tcpip\..\{C409BE28-7104-4822-9AA8-39151EB19C0C}: NameServer = 193.95.75.10,193.95.75.13O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = POWAIR.localO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = POWAIR.localO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - AppInit_DLLs: C:\WINDOWS\system32	mp_51.dllO20 - Winlogon Notify: 1_32bean32_1reg - C:\Documents and Settings\All Users\Documents\Settings\1_32bean32_1.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dllO20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\mdw3prt.dll (file missing)O23 - Service: Fonction Commande à distance de Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXEO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset
od32krn.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Kristopher · Answer

Bonjour,

Réponds à cette question stp :

- Est ce que ton antivirus Nod32 est actif et mis à jour ? (très important).

1/ Télécharge et nettoie ton PC avec ces deux logiciels :

CCLEANER https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

Utilisation : Dans l'onglet "Nettoyeur" cliquez sur "Analyse". Une fois l'analyse terminée, cliquez sur "Lancer le Nettoyage".
Ensuite, dans l'onglet "Erreurs" cliquez sur "Chercher des erreurs" puis, avant de cliquer sur "Réparer les erreurs sélectionnées" effectuez une sauvegarde de votre registre (comme proposé).

CleanUp40
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
Démo d’utilisation :
http://pageperso.aol.fr/balltrap34/democleanup.htm

2/ Télécharge l2mfix.exe sur http://www.downloads.subratam.org/l2mfix.exe

- Quitte le net, le navigateur, et toutes autres fenêtres d'applications
- Dézippe l2mfix.exe sur le bureau
- Dans le dossier du programme, double-cliquer sur l2mfix.bat
- Choisis OPTION 1 (Run find log) et valide par la touche [Entrée]
=> Un rapport sera généré dans le Bloc-notes, poste le ici stp.

Bonne chance :)

++

dalithebest · Answer

merci de votre aide

qd j lance ccleaner ou bien cleanUp, c comme qg j lance internet explorer, j le message ....a rencontre un pb et doit se fermer.

a propos de NOD32, qd j etais infecté j l installe mais j ne peux pas faire de mise a jour.

a Propos de NOD a 49.1 % il se plante et je le message :

nod ou autre a rencontre un pb et doit se fermer.

J n sais pas quoi faire!!!!!!!

dalithebest · Answer

ci joint le rapport gnere par L2MFix Toll:

L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\1_32bean32_1reg]
"DllName"="C:\\Documents and Settings\\All Users\\Documents\\Settings\\1_32bean32_1.dll"
"Startup"="1_32bean32_1reg"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensSrv]
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"StartShell"="Entry"
"DllName"="senssrv.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ThemeManager]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mdw3prt.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Analyseur de la barre d'adresses"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{51550900-DCAC-11d4-AA0F-0080C87C465B}"="WayTech MultiMouse"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{EEB5B6C2-E405-11d0-9318-0004AC946C18}"="AS/400 Shell Extensions - AS/400 IPL"
"{38482e00-0ad5-11cf-bc9d-0004ac325a18}"="AS/400 Network"
"{DCA251A0-38AC-11d0-82BD-08005AA74F5C}"="AS/400 Shell Extensions - AS/400 Network"
"{8CA2EBC1-40C7-4451-AD01-7DEEB4690358}"="AS/400 Related Tasks"
"{5E44E520-2F69-11d1-9318-0004AC946C18}"="AS/400 Shell Extensions - Auto Refresh"
"{C94AFD20-98C1-11d1-9E01-0004AC760C57}"="AS/400 Shell Extensions - Drag Drop Handler"
"{870C83E1-FF73-11cf-B7F1-0004AC7609F6}"="AS/400 Shell Extensions - File Systems Properties"
"{1827A857-9C20-11d1-96C3-00062912C9B2}"="AS/400 Shell Extensions - Java Components"
"{DCAF7D81-60C4-11d1-9E01-0004AC760C57}"="AS/400 Shell Extensions - Send Message"
"{C60EF841-2F98-11d1-A19A-08005A4F659F}"="AS/400 Shell Extensions - NFS Server"
"{8D742A40-77FF-11CF-8877-444553540000}"="AS/400 Shell Extensions - Security"
"{963C0C00-39B0-11d1-8743-08005AC22F32}"="AS/400 Shell Extensions - IP Security"
"{040606B2-1C19-11d2-AA12-08005AD17735}"="AS/400 Shell Extensions - Visual Basic Components"
"{D63E20C4-3F6D-11d3-BCE6-002035C0A6DA}"="AS/400 Shell Extensions - Journaling"
"{01FE9570-15A3-11d2-8309-000629AA1859}"="AS/400 Shell Extensions - Management Central"
"{7D7E1B60-0EF8-11d2-8307-000629AA1859}"="AS/400 Shell Extensions - Management Central Task Activity/Scheduled Tasks"
"{3B453C20-21CD-11d2-8318-000629AA1859}"="AS/400 Shell Extensions - Management Central SW Inventory"
"{4CE18940-3E8B-11d2-834B-000629AA1859}"="AS/400 Shell Extensions - Management Central HW Inventory"
"{B08B7EAD-2FD4-11d3-917F-00203531488C}"="AS/400 Shell Extensions - Management Central Inventory Tasks"
"{90BE6B50-1041-11d2-8307-000629AA1859}"="AS/400 Shell Extensions - Management Central Endpoint Systems"
"{E4C59510-1050-11d2-8307-000629AA1859}"="AS/400 Shell Extensions - Management Central System Groups"
"{C2661801-FFE8-11cf-B14B-08005AA7218E}"="AS/400 Shell Extensions - Messages"
"{22982561-EEC8-11cf-B14B-08005AA7218E}"="AS/400 Shell Extensions - Spool Files"
"{8514E881-FF45-11cf-B14B-08005AA7218E}"="AS/400 Shell Extensions - Printers"
"{FF142762-FAB1-11cf-B14B-08005AA7218E}"="AS/400 Shell Extensions - Jobs"
"{85142F21-87FA-11cf-B7F1-0004AC7609F6}"="AS/400 Shell Extensions - Hardware Inventory"
"{D2EF10E6-1DB9-11d2-BA43-0006296A8ED2}"="AS/400 Shell Extensions - Collection Services"
"{38E423E4-2F35-11d3-917F-00203531488C}"="AS/400 Shell Extensions - Management Central Collection Services Tasks"
"{07173161-93C3-11cf-B7F1-0004AC7609F6}"="AS/400 Shell Extensions - Software Inventory"
"{94D923E0-20E3-11d2-8317-000629AA1859}"="AS/400 Shell Extensions - Management Central Fixes"
"{07AF64BD-3000-11d3-917F-00203531488C}"="AS/400 Shell Extensions - Management Central Fixes Tasks"
"{2FE31D81-A5C8-11d0-82BD-08005AA74F5C}"="AS/400 Shell Extensions - Internet"
"{525FE6D1-D3A2-11d0-8F5A-08005ACF81FE}"="AS/400 Shell Extensions - Socks"
"{5D5D8AC1-AC35-11d0-8E51-444553540000}"="AS/400 Shell Extensions - TCPIPServers"
"{46184AE1-AAA4-11d0-8E51-444553540000}"="AS/400 Shell Extensions - BaseTCPIP"
"{E7CA4E41-AB46-11d0-8E51-444553540000}"="AS/400 Shell Extensions - DHCP"
"{A206FAC3-B636-11d0-8E51-444553540000}"="AS/400 Shell Extensions - Remote Access Services"
"{847FF4A1-AB61-11d0-8E51-444553540000}"="AS/400 Shell Extensions - DNS"
"{F8AB7201-C6FE-11d0-A16D-08005A4F659F}"="AS/400 Shell Extensions - WinNetHood"
"{044E2A21-BFBD-11d0-B776-0004AC940D52}"="AS/400 Shell Extensions - RPC Server"
"{97091301-157E-11d1-BE6C-0004AC32757F}"="AS/400 Shell Extensions - Distributed Computing Environment"
"{3BA92222-0F54-11d1-BB98-0004AC946B70}"="AS/400 Shell Extensions - Directory Server"
"{AA3B74D8-481F-11d2-BD9F-0006296A7BFD}"="AS/400 Shell Extensions - Server Subsystem Configuration"
"{5F058520-C229-11d1-A2D8-0004ACEA99C1}"="AS/400 Shell Extensions - SecWiz"
"{BF5B0321-6793-11CF-8877-444553540000}"="AS/400 Shell Extensions - Users and Groups"
"{4360EE25-EB84-11d2-9145-00203531916D}"="AS/400 Shell Extensions - Management Central User Admin (Inventory)"
"{26CA5BB1-0318-11d3-914C-00203531916D}"="AS/400 Shell Extensions - Management Central User Admin (Definition)"
"{A7CE1A9B-5991-11d3-9195-002035AE9862}"="AS/400 Shell Extensions - Management Central User Admin (Tasks)"
"{974C6FC0-7866-11CF-8877-444553540000}"="AS/400 Shell Extensions - Database"
"{E1FC7C51-E5D9-11d1-AA87-0004AC97A46B}"="AS/400 Shell Extensions - SQL Performance Monitors"
"{333195D9-CE4E-11d1-B33D-0004AC760C57}"="AS/400 Shell Extensions - File Shares Properties"
"{DF99C160-B894-11cf-BB91-08005ACECA20}"="AS/400 Shell Extensions - Backup"
"{BC3247B1-C17D-11d0-99FB-0004ACFCA52A}"="AS/400 Shell Extensions - IPC"
"{DAB1B0F0-0F7A-11d2-8307-000629AA1859}"="AS/400 Shell Extensions - Management Central Command"
"{2AC4CC1B-2A53-11d3-917A-00203531488C}"="AS/400 Shell Extensions - Management Central Command Tasks"
"{1BE914D0-217E-11d2-8318-000629AA1859}"="AS/400 Shell Extensions - Management Central Packages"
"{3C6D4FB0-1F53-11d3-9169-00203531917D}"="AS/400 Shell Extensions - Management Central Products"
"{4B8388FD-2FF9-11d3-917F-00203531488C}"="AS/400 Shell Extensions - Management Central Packages Tasks"
"{64B95947-1759-11d2-ABC8-000629AB3FA1}"="AS/400 Shell Extensions - System Monitors"
"{0637AEF4-4998-11d1-B4BF-0004ACEA60A2}"="AS/400 Shell Extensions - Application Administration"
"{8C190250-D9F1-11d1-9EBB-00062912CA23}"="AS/400 User Page Extension - Application Wiz"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{1B1CFF94-E54C-45B2-A1F3-8F28538B1948}"=""
"{B089FE88-FB52-11d3-BDF1-0050DA34150D}"="NOD32 Context Menu Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1B1CFF94-E54C-45B2-A1F3-8F28538B1948}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{1B1CFF94-E54C-45B2-A1F3-8F28538B1948}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B1CFF94-E54C-45B2-A1F3-8F28538B1948}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B1CFF94-E54C-45B2-A1F3-8F28538B1948}\InprocServer32]
@="C:\\WINDOWS\\system32\\mdw3prt.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
atmtd.dll Tue 28 Mar 2006 14:47:12 A.... 687 592 671,48 K
authz.dll Wed 2 Mar 2005 20:10:36 A.... 56 832 55,50 K
browseui.dll Thu 24 Nov 2005 2:08:34 A.... 1 022 976 999,00 K
capicom.dll Thu 27 Jan 2005 15:59:02 A.... 466 944 456,00 K
catsrv.dll Tue 26 Jul 2005 6:39:54 A.... 225 792 220,50 K
catsrvut.dll Tue 26 Jul 2005 6:39:54 A.... 625 152 610,50 K
cdfview.dll Fri 21 Oct 2005 5:41:00 A.... 152 064 148,50 K
cdm.dll Thu 26 May 2005 4:16:24 A.... 75 544 73,77 K
cdosys.dll Sat 10 Sep 2005 3:55:14 A.... 2 067 968 1,97 M
clbcatex.dll Tue 26 Jul 2005 6:39:56 A.... 110 080 107,50 K
clbcatq.dll Tue 26 Jul 2005 6:39:56 A.... 498 688 487,00 K
colbact.dll Tue 26 Jul 2005 6:39:56 A.... 60 416 59,00 K
comrepl.dll Tue 26 Jul 2005 6:39:56 A.... 97 792 95,50 K
comsvcs.dll Tue 26 Jul 2005 6:39:58 A.... 1 267 200 1,21 M
comuid.dll Tue 26 Jul 2005 6:39:58 A.... 540 160 527,50 K
danim.dll Sat 5 Nov 2005 5:17:22 A.... 1 056 768 1,01 M
dxtrans.dll Fri 21 Oct 2005 5:41:00 A.... 205 312 200,50 K
es.dll Tue 26 Jul 2005 6:39:58 A.... 243 200 237,50 K
esent.dll Fri 21 Oct 2005 0:25:54 A.... 1 097 728 1,05 M
extmgr.dll Fri 21 Oct 2005 5:41:00 ..... 55 808 54,50 K
fontsub.dll Mon 17 Oct 2005 23:21:08 A.... 80 896 79,00 K
gdi32.dll Thu 29 Dec 2005 4:56:04 A.... 280 064 273,50 K
hhsetup.dll Fri 27 May 2005 4:08:06 A.... 41 472 40,50 K
icm32.dll Wed 29 Jun 2005 3:49:42 A.... 254 976 249,00 K
iepeers.dll Fri 21 Oct 2005 5:41:00 A.... 251 392 245,50 K
imon.dll Wed 29 Mar 2006 10:42:06 A.... 245 760 240,00 K
inseng.dll Fri 21 Oct 2005 5:41:00 A.... 96 768 94,50 K
itircl.dll Fri 27 May 2005 4:08:06 A.... 155 136 151,50 K
itss.dll Fri 27 May 2005 4:08:06 A.... 137 216 134,00 K
iuengine.dll Thu 26 May 2005 4:16:24 A.... 198 424 193,77 K
kerberos.dll Wed 15 Jun 2005 19:50:32 A.... 295 936 289,00 K
linkinfo.dll Thu 1 Sep 2005 3:43:38 A.... 19 968 19,50 K
mscms.dll Wed 29 Jun 2005 3:49:42 A.... 74 240 72,50 K
msdtcprx.dll Tue 26 Jul 2005 6:39:58 A.... 425 472 415,50 K
msdtctm.dll Tue 26 Jul 2005 6:40:00 A.... 945 152 923,00 K
msdtcuiu.dll Tue 26 Jul 2005 6:40:00 A.... 161 280 157,50 K
mshtml.dll Thu 24 Nov 2005 2:08:36 A.... 3 013 632 2,87 M
mshtmled.dll Fri 21 Oct 2005 5:41:04 A.... 448 512 438,00 K
msi.dll Wed 4 May 2005 14:45:32 A.... 2 890 240 2,75 M
msihnd.dll Mon 21 Mar 2005 15:00:22 A.... 271 360 265,00 K
msimsg.dll Mon 21 Mar 2005 15:00:22 A.... 884 736 864,00 K
msisip.dll Mon 21 Mar 2005 15:00:22 A.... 15 360 15,00 K
msrating.dll Fri 21 Oct 2005 5:41:04 A.... 146 432 143,00 K
msssc.dll Sat 19 Mar 2005 1:15:18 A.... 44 0,04 K
mstime.dll Fri 21 Oct 2005 5:41:04 A.... 530 944 518,50 K
msvcp71.dll Wed 6 Jul 2005 18:13:32 A.... 499 712 488,00 K
msvcr71.dll Wed 6 Jul 2005 18:13:32 A.... 348 160 340,00 K
mtxclu.dll Tue 26 Jul 2005 6:40:00 A.... 66 560 65,00 K
mtxoci.dll Tue 26 Jul 2005 6:40:00 A.... 91 136 89,00 K
netman.dll Mon 22 Aug 2005 20:35:10 A.... 197 632 193,00 K
nms32.dll Wed 29 Mar 2006 10:42:06 A.... 114 688 112,00 K
nwwks.dll Thu 11 Aug 2005 17:11:40 A.... 65 024 63,50 K
ole32.dll Tue 26 Jul 2005 6:40:00 A.... 1 284 608 1,22 M
olecli32.dll Tue 26 Jul 2005 6:40:00 A.... 75 264 73,50 K
olecnv32.dll Tue 26 Jul 2005 6:40:00 A.... 37 888 37,00 K
pngfilt.dll Fri 21 Oct 2005 5:41:04 A.... 39 424 38,50 K
quartz.dll Tue 30 Aug 2005 5:55:44 A.... 1 293 312 1,23 M
rpcss.dll Tue 26 Jul 2005 6:40:00 A.... 397 824 388,50 K
senssrv.dll Tue 28 Mar 2006 14:45:42 A.... 57 344 56,00 K
shdocvw.dll Thu 1 Dec 2005 6:01:16 A.... 1 492 992 1,42 M
shell32.dll Fri 23 Sep 2005 5:07:00 A.... 8 506 880 8,11 M
shlwapi.dll Fri 21 Oct 2005 5:41:04 A.... 474 112 463,00 K
sirenacm.dll Thu 13 Oct 2005 9:11:06 A.... 118 784 116,00 K
spmsg.dll Thu 13 Oct 2005 1:15:26 ..... 15 072 14,72 K
t2embed.dll Mon 17 Oct 2005 23:21:08 A.... 118 272 115,50 K
tapisrv.dll Fri 8 Jul 2005 18:28:58 A.... 249 344 243,50 K
taskdir.dll Tue 28 Mar 2006 14:45:58 A.... 4 608 4,50 K
tmp_51.dll Tue 28 Mar 2006 14:45:56 A..HR 4 096 4,00 K
txflog.dll Tue 26 Jul 2005 6:40:00 A.... 101 376 99,00 K
umpnpmgr.dll Tue 23 Aug 2005 5:39:36 A.... 124 928 122,00 K
urlmon.dll Sat 5 Nov 2005 5:17:26 A.... 606 208 592,00 K
user32.dll Wed 2 Mar 2005 20:10:36 A.... 578 048 564,50 K
vsdata.dll Wed 26 Jan 2005 5:22:16 A.... 75 536 73,77 K
vsinit.dll Wed 26 Jan 2005 5:22:28 A.... 124 688 121,77 K
vsmonapi.dll Wed 26 Jan 2005 5:22:36 A.... 108 312 105,77 K
vspubapi.dll Wed 26 Jan 2005 5:22:40 A.... 198 424 193,77 K
vsregexp.dll Wed 26 Jan 2005 5:22:44 A.... 71 448 69,77 K
vsutil.dll Wed 26 Jan 2005 5:22:56 A.... 354 064 345,77 K
vsxml.dll Wed 26 Jan 2005 5:23:04 A.... 100 112 97,77 K
webclnt.dll Wed 4 Jan 2006 5:35:12 A.... 68 096 66,50 K
wininet.dll Fri 21 Oct 2005 5:41:06 A.... 662 528 647,00 K
winsrv.dll Thu 1 Sep 2005 3:43:38 A.... 292 352 285,50 K
wmp.dll Tue 6 Dec 2005 7:02:16 A.... 5 533 696 5,28 M
wuapi.dll Thu 26 May 2005 4:16:30 A.... 467 224 456,27 K
wuaueng.dll Thu 26 May 2005 4:16:30 A.... 1 343 768 1,28 M
wuaueng1.dll Thu 26 May 2005 4:16:32 A.... 195 352 190,77 K
wucltui.dll Thu 26 May 2005 4:16:32 A.... 128 792 125,77 K
wups.dll Thu 26 May 2005 4:16:30 A.... 41 240 40,27 K
wups2.dll Thu 26 May 2005 4:16:30 A.... 18 200 17,77 K
wuweb.dll Thu 26 May 2005 4:16:30 A.... 173 536 169,47 K
xolehlp.dll Tue 26 Jul 2005 6:40:00 A.... 11 776 11,50 K
xpsp3res.dll Tue 17 May 2005 2:42:14 ..... 16 896 16,50 K
zlbw.dll Wed 30 Mar 2005 9:10:52 A.... 46 592 45,50 K
zlcomm.dll Wed 26 Jan 2005 5:23:24 A.... 75 536 73,77 K
zlcommdb.dll Wed 26 Jan 2005 5:23:28 A.... 67 352 65,77 K

95 items found: 95 files (1 H/S), 0 directories.
Total of file sizes: 49 618 244 bytes 47,32 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle IBM_PRELOAD
Le num‚ro de s‚rie du volume est BC55-A348

R‚pertoire de C:\WINDOWS\System32

30/03/2005 12:17 <REP> dllcache
25/02/2003 19:47 <REP> Microsoft
0 fichier(s) 0 octets
2 R‚p(s) 34ÿ409ÿ123ÿ840 octets libres

Kristopher · Answer

Salut,

1/ Procède ainsi maintenant stp :

- Quitter le net, le navigateur, et toutes autres fenêtres d'applications ;
- Double-cliquer sur l2mfix.bat ;
- Choisir OPTION 2 (Run fix) et valider par la touche [Entrée] ;
- A l'invite, appuyer sur une touche du clavier pour redémarrer le PC ;
=> Au redémarrage, le nettoyage de L2mFix se poursuit, puis génère le résultat du nettoyage en ouvrant le Bloc-notes ; se reconnecter pour le poster au forum.

2/ Reposte un nouveau log HijackThis après stp.

a+

Pb avec internet explorer IE6

8 réponses

Votre réponse

Discussions similaires

Newsletters