Infecté par Win32:Adware-gen
Bathi
Messages postés
8
Statut
Membre
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Déjà essayé CCleaner, Adaware, spybot, scan avast en mode sans échec, Win32:Adware-gen revient toujours. J'ai vu que je ne suis pas le seul à avoir ce problème, d'autant que le rapport HijackThis est différent pour tout le monde.
Voici le mien, merci à celui qui voudra bien m'aider parce que ce truc est vraiment collant (d'ailleurs il fait quoi cet adware ?)
Voici le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 15:16:04, on 01/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\WINDOWS\AdobeR.exe
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX00.407\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-5226] "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\br11475on.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.mayeticvillage.fr/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{669E0531-DB15-4F68-AA66-5BE55A27445D}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{669E0531-DB15-4F68-AA66-5BE55A27445D}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
Voici le mien, merci à celui qui voudra bien m'aider parce que ce truc est vraiment collant (d'ailleurs il fait quoi cet adware ?)
Voici le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 15:16:04, on 01/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE
C:\WINDOWS\AdobeR.exe
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Rar$EX00.407\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-5226] "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\br11475on.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.mayeticvillage.fr/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{669E0531-DB15-4F68-AA66-5BE55A27445D}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{669E0531-DB15-4F68-AA66-5BE55A27445D}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
A voir également:
- Infecté par Win32:Adware-gen
- Puabundler win32 rostpay ✓ - Forum Antivirus
- Puadimanager win32/offercore ✓ - Forum Virus
- PUADlManager:Win32/OfferCore ✓ - Forum Virus
- Trojan win32 - Forum Virus
- Télécharger win32 valide pour windows 7 gratuit ✓ - Forum Réseaux sociaux
6 réponses
Salut
où est-ce qu'il te le detecte ???
Télécharge LopxpMH sur ton Bureau.
http://perso.numericable.fr/~altshift/Info/Fichiers/lopxpMH2.zip
Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.
Poste le contenu du rapport qui va s'ouvrir.
ensuite :
télécharge l2mfix ici:
http://www.downloads.subratam.org/l2mfix.exe
Double-cliquer sur l2mfix.exe pour lancer l'extraction
Dans le dossier l2mfix, double clic sur l2mfix.bat, appuyer sur n'importe quelle touche puis choisir l'option #1 (et pas autre chose) et valider avec la touche entre.
Le bloc note va s'ouvrir avec le résultat du scan.copie/colles le rapport ici
++
où est-ce qu'il te le detecte ???
Télécharge LopxpMH sur ton Bureau.
http://perso.numericable.fr/~altshift/Info/Fichiers/lopxpMH2.zip
Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.
Poste le contenu du rapport qui va s'ouvrir.
ensuite :
télécharge l2mfix ici:
http://www.downloads.subratam.org/l2mfix.exe
Double-cliquer sur l2mfix.exe pour lancer l'extraction
Dans le dossier l2mfix, double clic sur l2mfix.bat, appuyer sur n'importe quelle touche puis choisir l'option #1 (et pas autre chose) et valider avec la touche entre.
Le bloc note va s'ouvrir avec le résultat du scan.copie/colles le rapport ici
++
Merci Green Day pour ton aide.
ll le trouve dans plusieurs dossiers je crois, la prochaine fois qu'avast le détecte je te le dirai (toute façon il le détecte toute les 10min).
Voila le rapport LopxpMH :
apport fait à 15:57:49,64 le 01/04/2007
******************************************
## Répertoires Application Data
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\Administrateur\Application Data
19/02/2007 17:05 <REP> .
19/02/2007 17:05 <REP> ..
19/02/2007 17:05 <REP> Apple Computer
19/02/2007 17:05 <REP> Identities
19/02/2007 17:05 <REP> Microsoft
19/02/2007 17:05 <REP> SampleView
19/02/2007 17:05 <REP> Sun
19/02/2007 17:05 <REP> Symantec
19/02/2007 17:05 62 desktop.ini
1 fichier(s) 62 octets
8 R‚p(s) 20ÿ314ÿ447ÿ872 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data
19/02/2007 17:05 <REP> .
19/02/2007 17:05 <REP> ..
19/02/2007 17:05 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142030}
19/02/2007 17:05 <REP> Apple Computer
19/02/2007 17:05 <REP> ApplicationHistory
19/02/2007 17:05 <REP> Microsoft
19/02/2007 17:05 135 fusioncache.dat
19/02/2007 17:05 0 IconCache.db
2 fichier(s) 135 octets
6 R‚p(s) 20ÿ314ÿ447ÿ872 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\All Users\Application Data
25/11/2004 05:25 <REP> .
25/11/2004 05:25 <REP> ..
25/09/2006 20:26 <REP> Adobe
02/01/2005 05:52 <REP> Apple Computer
02/01/2005 06:19 <REP> InstallShield
22/02/2007 14:16 <REP> Link Data Security
26/02/2007 15:07 <REP> Messenger Plus!
25/11/2004 05:25 <REP> Microsoft
02/01/2005 05:57 <REP> Motive
05/03/2006 21:20 <REP> Panasonic
02/01/2005 05:52 <REP> QuickTime
02/01/2005 05:35 <REP> SBSI
22/10/2005 01:23 <REP> Skype
02/01/2005 06:09 <REP> Symantec
18/03/2007 17:18 <REP> UDL
22/02/2007 14:05 <REP> UniversalisV12
21/10/2005 16:23 <REP> Windows Genuine Advantage
24/11/2004 00:13 62 desktop.ini
09/03/2006 18:19 1ÿ759 QTSBandwidthCache
2 fichier(s) 1ÿ821 octets
17 R‚p(s) 20ÿ314ÿ447ÿ872 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\Compaq_Propri‚taire\Application Data
24/06/2005 11:46 <REP> .
24/06/2005 11:46 <REP> ..
28/06/2005 19:23 <REP> Adobe
28/06/2005 19:24 <REP> AdobeUM
24/06/2005 11:46 <REP> Apple Computer
15/11/2006 16:48 <REP> Azureus
10/04/2006 21:29 <REP> Block Checker
03/08/2005 23:46 <REP> Google
17/11/2005 20:35 <REP> Help
24/06/2005 11:46 <REP> Identities
11/01/2007 19:02 <REP> IDMComp
01/02/2006 20:27 <REP> Lavasoft
28/06/2005 12:50 <REP> Leadertech
24/06/2005 12:09 <REP> Macromedia
06/11/2006 19:26 <REP> Microgaming
24/06/2005 11:46 <REP> Microsoft
21/06/2006 15:01 <REP> Microsoft Games
24/06/2005 16:43 <REP> Microsoft Web Folders
22/02/2007 14:18 <REP> Mozilla
20/08/2005 12:11 <REP> Real
24/06/2005 11:46 <REP> SampleView
21/02/2007 13:27 <REP> Sierra
22/10/2005 01:23 <REP> Skype
28/06/2005 12:50 <REP> Sonic
24/06/2005 11:46 <REP> Sun
24/06/2005 11:46 <REP> Symantec
08/06/2006 23:23 <REP> TaoUSign
22/02/2007 14:18 <REP> Universalis V12
24/06/2005 11:46 62 desktop.ini
1 fichier(s) 62 octets
28 R‚p(s) 20ÿ314ÿ443ÿ776 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\Compaq_Propri‚taire\Local Settings\Application Data
24/06/2005 11:46 <REP> .
24/06/2005 11:46 <REP> ..
24/06/2005 11:46 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142030}
28/06/2005 19:24 <REP> Adobe
24/06/2005 11:46 <REP> Apple Computer
24/06/2005 11:46 <REP> ApplicationHistory
10/02/2007 01:00 <REP> Bron.tok-18-10
11/02/2007 01:00 <REP> Bron.tok-18-11
12/02/2007 01:00 <REP> Bron.tok-18-12
13/02/2007 01:00 <REP> Bron.tok-18-13
14/02/2007 01:00 <REP> Bron.tok-18-14
15/02/2007 01:00 <REP> Bron.tok-18-15
16/02/2007 01:00 <REP> Bron.tok-18-16
17/02/2007 01:00 <REP> Bron.tok-18-17
18/02/2007 01:00 <REP> Bron.tok-18-18
19/02/2007 13:27 <REP> Bron.tok-18-19
09/02/2007 20:09 <REP> Bron.tok-18-9
02/07/2006 11:26 <REP> Gearbox Software
04/03/2007 22:03 <REP> Google
17/11/2005 20:35 <REP> Help
24/06/2005 23:25 <REP> Identities
09/02/2007 20:14 <REP> Loc.Mail.Bron.Tok
24/06/2005 11:46 <REP> Microsoft
29/06/2005 17:28 <REP> MicroVision Applications
09/02/2007 20:16 <REP> Ok-SendMail-Bron-tok
24/06/2005 13:02 <REP> Shareaza
22/02/2007 14:19 <REP> UniversalisV12
05/03/2006 21:44 <REP> WMTools Downloaded Files
19/02/2007 16:36 3ÿ536 Bron.tok.A18.em.bin
27/06/2005 18:04 101ÿ376 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
24/06/2005 11:46 142 fusioncache.dat
03/09/2005 22:14 74ÿ672 GDIPFONTCACHEV1.DAT
23/08/2005 17:37 1ÿ578ÿ412 IconCache.db
09/02/2007 20:17 7ÿ057 JunkAtx18.bin
09/02/2007 20:14 51 Kosong.Bron.Tok.txt
19/02/2007 16:36 3ÿ536 ListHost18.txt
19/02/2007 16:36 3ÿ536 Update.18.Bron.Tok.bin
9 fichier(s) 1ÿ772ÿ318 octets
28 R‚p(s) 20ÿ314ÿ443ÿ776 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\Default User\Application Data
25/11/2004 05:25 <REP> .
25/11/2004 05:25 <REP> ..
24/06/2005 11:45 <REP> Apple Computer
25/11/2004 05:25 <REP> Identities
25/11/2004 05:25 <REP> Microsoft
24/06/2005 11:45 <REP> SampleView
24/06/2005 11:45 <REP> Sun
24/06/2005 11:45 <REP> Symantec
24/11/2004 00:13 62 desktop.ini
1 fichier(s) 62 octets
8 R‚p(s) 20ÿ314ÿ443ÿ776 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data
25/11/2004 05:25 <REP> .
25/11/2004 05:25 <REP> ..
24/06/2005 11:45 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142030}
24/06/2005 11:45 <REP> Apple Computer
24/06/2005 11:45 <REP> ApplicationHistory
25/11/2004 05:25 <REP> Microsoft
24/06/2005 11:45 135 fusioncache.dat
24/06/2005 11:45 0 IconCache.db
2 fichier(s) 135 octets
6 R‚p(s) 20ÿ314ÿ443ÿ776 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\LocalService\Application Data
02/01/2005 05:30 <REP> .
02/01/2005 05:30 <REP> ..
02/01/2005 05:30 <REP> Microsoft
07/01/2006 15:33 <REP> Symantec
0 fichier(s) 0 octets
4 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data
02/01/2005 05:30 <REP> .
02/01/2005 05:30 <REP> ..
02/01/2005 05:30 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\NetworkService\Application Data
02/01/2005 05:30 <REP> .
02/01/2005 05:30 <REP> ..
02/01/2005 05:30 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data
02/01/2005 05:30 <REP> .
02/01/2005 05:30 <REP> ..
02/01/2005 05:30 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data
25/11/2004 05:58 <REP> .
25/11/2004 05:58 <REP> ..
24/06/2005 11:46 <REP> Apple Computer
25/11/2004 05:58 <REP> Identities
25/11/2004 05:58 <REP> Microsoft
24/06/2005 11:46 <REP> SampleView
24/06/2005 11:46 <REP> Sun
24/06/2005 11:46 <REP> Symantec
24/11/2004 00:13 62 desktop.ini
1 fichier(s) 62 octets
8 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
25/11/2004 05:58 <REP> .
25/11/2004 05:58 <REP> ..
24/06/2005 11:46 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142030}
24/06/2005 11:46 <REP> Apple Computer
24/06/2005 11:46 <REP> ApplicationHistory
25/11/2004 05:58 <REP> Microsoft
24/06/2005 11:46 135 fusioncache.dat
24/06/2005 11:46 0 IconCache.db
2 fichier(s) 135 octets
6 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\WINDOWS\Tasks
22/11/2005 22:40 366 Symantec NetDetect.job
25/11/2004 06:18 <REP> ..
25/11/2004 06:18 <REP> .
23/11/2004 23:29 6 SA.DAT
05/08/2004 20:00 65 desktop.ini
3 fichier(s) 437 octets
2 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
******************************************
## Répertoires de C:\Program Files
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Program Files
28/03/2007 12:49 <REP> .
28/03/2007 12:49 <REP> ..
10/01/2007 03:03 <REP> 3Dize
14/12/2005 09:01 <REP> Adobe
31/10/2006 22:36 <REP> Alcatel
19/02/2007 16:42 <REP> Alwil Software
02/01/2005 06:17 <REP> ATI Technologies
22/02/2007 17:07 <REP> Azureus
23/08/2005 18:06 <REP> BlackBeanGames
20/02/2007 19:07 <REP> CCleaner
24/11/2004 03:37 <REP> ComPlus Applications
22/07/2006 15:45 <REP> Cuttermaran
22/08/2005 12:48 <REP> Disney
24/06/2005 22:42 <REP> DivX
28/03/2007 12:51 <REP> Dofus
02/07/2006 11:11 <REP> EA Games
17/03/2006 18:37 <REP> Easy Internet signup
11/01/2007 19:13 <REP> EasyPHP1-8
13/03/2007 13:22 <REP> eMule
18/03/2007 17:17 <REP> EPSON
21/02/2007 18:56 <REP> Fichiers communs
27/06/2005 13:22 <REP> FileZilla
21/02/2007 13:23 <REP> GameSpy Arcade
04/03/2007 22:02 <REP> Google
15/01/2006 14:43 <REP> Hasbro Interactive
02/01/2005 05:57 <REP> Help and Support Additions
14/01/2007 15:21 <REP> IDM Computer Solutions
21/02/2007 04:26 <REP> Internet Explorer
02/01/2005 06:20 <REP> InterVideo
02/01/2005 05:52 <REP> iPod
02/01/2005 05:52 <REP> iTunes
12/02/2006 23:27 <REP> Java
01/02/2006 20:27 <REP> Lavasoft
27/06/2005 12:01 <REP> Macromedia
02/01/2005 06:19 <REP> Macrovision Corp
14/04/2006 11:20 <REP> Managed DirectX (0900)
17/08/2005 19:23 <REP> Maxis
26/02/2007 15:58 <REP> Messenger
16/12/2006 20:53 <REP> Messenger Plus! Live
25/10/2005 13:22 <REP> Microsoft Encarta
24/06/2005 16:43 <REP> microsoft frontpage
12/01/2007 00:05 <REP> Microsoft FrontPage Express
21/02/2007 18:56 <REP> Microsoft Office
21/02/2007 18:55 <REP> Microsoft.NET
25/11/2004 05:27 <REP> Movie Maker
13/09/2006 20:19 <REP> mp3DirectCut
11/02/2006 13:10 <REP> MSN
13/04/2006 19:36 <REP> MSN Adder (Avatar, Emoticon & ChatSkin Adder)
25/11/2004 05:27 <REP> MSN Gaming Zone
12/08/2006 18:56 <REP> MSN Messenger
15/12/2006 15:31 <REP> MSXML 4.0
01/01/2005 09:47 <REP> NetMeeting
07/09/2006 20:33 <REP> Nouveau dossier
20/02/2007 02:46 <REP> NudgeMania
25/11/2004 05:27 <REP> Online Services
21/02/2007 04:03 <REP> Outlook Express
05/03/2006 19:47 <REP> Panasonic
22/05/2006 11:29 <REP> PDF Editeur 2
04/03/2007 22:03 <REP> Picasa2
03/11/2006 17:20 <REP> Pinnacle
06/02/2007 18:10 <REP> PokerStars
01/11/2006 03:49 <REP> PokerStars.NET
08/12/2006 20:59 <REP> PronoFoot Expert Plus
09/03/2006 18:18 <REP> QuickTime
20/08/2005 12:12 <REP> Real
02/01/2005 06:01 <REP> Services en ligne
21/02/2007 13:09 <REP> Sierra
22/10/2005 01:22 <REP> Skype
18/08/2005 13:02 <REP> SLD Codec Pack
02/01/2005 05:49 <REP> Sonic
02/01/2005 05:49 <REP> Sonic RecordNow!
28/08/2006 12:05 <REP> Starcraft
24/06/2005 12:15 <REP> Symantec
24/06/2005 12:14 <REP> SymNetDrv
23/08/2005 19:05 <REP> Ubisoft
24/11/2004 03:37 <REP> Uninstall Information
22/02/2007 14:05 <REP> Universalis
14/01/2007 15:22 <REP> VideoLAN
20/02/2007 18:35 <REP> Vilma
31/10/2006 22:47 <REP> Wanadoo
25/01/2007 16:49 <REP> Windows Media Components
17/02/2006 02:45 <REP> Windows Media Player
01/01/2005 09:47 <REP> Windows NT
05/04/2006 17:55 <REP> WinRAR
25/11/2004 05:28 <REP> xerox
18/04/2006 01:44 <REP> XP Codec Pack
0 fichier(s) 0 octets
86 R‚p(s) 20ÿ314ÿ435ÿ584 octets libres
******************************************
## Popups autorisées
* Internet Explorer
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
wenndy.tripod.com REG_BINARY
badabry.forumactif.com REG_BINARY
jialing.skyblog.com REG_BINARY
www.fdjeux.com REG_BINARY
blog.zanorg.com REG_BINARY
www.csmgbad.com REG_BINARY
membres.lycos.fr REG_BINARY
www.icone-gif.com REG_BINARY
www.clubic.com REG_BINARY
www.01net.com REG_BINARY
* Mozilla Firefox (1 autorisé 2 interdit)
******************************************
## Registre
* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ https://www.orange.fr/portail
* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Tok-Cirrhatus-5226 REG_SZ "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\br11475on.exe"
******************************************
## Zones de sécurité
* HKCU Domains (4)
* P3P History (5)
******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"
*************** Fin du rapport ****************
Et le rapport L2MFIX :
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"Wanadoo 5.6"="IEAKFT"
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"
"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"
"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"
"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"
"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"
"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"
"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"
"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"
"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"
"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"
"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"
"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"
"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"
"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"
"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"
"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"
"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"
"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"
"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"
"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"
"{D3822C3D-45A0-44E9-91CA-019F9565D282}"="UltraCompare shell extension"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
advpack.dll Mon 8 Jan 2007 20:00:48 A.... 124 928 122,00 K
cmdlin~1.dll Tue 27 Mar 2007 19:38:02 A.... 43 520 42,50 K
corpol.dll Mon 8 Jan 2007 20:01:14 A.... 17 408 17,00 K
extmgr.dll Fri 12 Jan 2007 10:27:42 A.... 132 608 129,50 K
ieakeng.dll Mon 8 Jan 2007 20:02:02 A.... 153 088 149,50 K
ieaksie.dll Mon 8 Jan 2007 20:02:02 A.... 230 400 225,00 K
ieakui.dll Mon 8 Jan 2007 20:02:02 A.... 161 792 158,00 K
ieapfltr.dll Mon 8 Jan 2007 20:02:02 A.... 383 488 374,50 K
iedkcs32.dll Mon 8 Jan 2007 20:02:02 A.... 384 000 375,00 K
ieframe.dll Fri 12 Jan 2007 10:27:42 A.... 6 054 400 5,77 M
iernonce.dll Mon 8 Jan 2007 20:02:04 A.... 44 544 43,50 K
iertutil.dll Mon 8 Jan 2007 20:02:04 A.... 266 752 260,50 K
jsproxy.dll Fri 12 Jan 2007 10:27:42 A.... 27 136 26,50 K
msfeeds.dll Fri 12 Jan 2007 10:27:42 A.... 458 752 448,00 K
msfeed~1.dll Fri 12 Jan 2007 10:27:42 ..... 51 712 50,50 K
mshtml.dll Fri 12 Jan 2007 10:27:42 A.... 3 580 416 3,41 M
mshtmled.dll Fri 12 Jan 2007 10:27:42 A.... 477 696 466,50 K
msrating.dll Mon 8 Jan 2007 20:03:02 A.... 193 024 188,50 K
mstime.dll Fri 12 Jan 2007 10:27:42 A.... 670 720 655,00 K
occache.dll Mon 8 Jan 2007 20:04:08 A.... 102 400 100,00 K
rlls.dll Thu 15 Mar 2007 22:25:56 A.... 344 064 336,00 K
url.dll Mon 8 Jan 2007 20:04:54 A.... 105 984 103,50 K
urlmon.dll Fri 12 Jan 2007 10:27:42 A.... 1 149 952 1,09 M
webcheck.dll Fri 12 Jan 2007 10:27:42 A.... 232 960 227,50 K
wininet.dll Fri 12 Jan 2007 10:27:42 A.... 822 784 803,50 K
25 items found: 25 files, 0 directories.
Total of file sizes: 16 214 528 bytes 15,46 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\WINDOWS\System32
09/02/2007 20:08 10 sistem.sys
05/08/2004 20:00 1ÿ392ÿ671 msvbvm60.dll
2 fichier(s) 1ÿ392ÿ681 octets
0 R‚p(s) 20ÿ312ÿ563ÿ712 octets libres
Merci chef :)
ll le trouve dans plusieurs dossiers je crois, la prochaine fois qu'avast le détecte je te le dirai (toute façon il le détecte toute les 10min).
Voila le rapport LopxpMH :
apport fait à 15:57:49,64 le 01/04/2007
******************************************
## Répertoires Application Data
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\Administrateur\Application Data
19/02/2007 17:05 <REP> .
19/02/2007 17:05 <REP> ..
19/02/2007 17:05 <REP> Apple Computer
19/02/2007 17:05 <REP> Identities
19/02/2007 17:05 <REP> Microsoft
19/02/2007 17:05 <REP> SampleView
19/02/2007 17:05 <REP> Sun
19/02/2007 17:05 <REP> Symantec
19/02/2007 17:05 62 desktop.ini
1 fichier(s) 62 octets
8 R‚p(s) 20ÿ314ÿ447ÿ872 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data
19/02/2007 17:05 <REP> .
19/02/2007 17:05 <REP> ..
19/02/2007 17:05 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142030}
19/02/2007 17:05 <REP> Apple Computer
19/02/2007 17:05 <REP> ApplicationHistory
19/02/2007 17:05 <REP> Microsoft
19/02/2007 17:05 135 fusioncache.dat
19/02/2007 17:05 0 IconCache.db
2 fichier(s) 135 octets
6 R‚p(s) 20ÿ314ÿ447ÿ872 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\All Users\Application Data
25/11/2004 05:25 <REP> .
25/11/2004 05:25 <REP> ..
25/09/2006 20:26 <REP> Adobe
02/01/2005 05:52 <REP> Apple Computer
02/01/2005 06:19 <REP> InstallShield
22/02/2007 14:16 <REP> Link Data Security
26/02/2007 15:07 <REP> Messenger Plus!
25/11/2004 05:25 <REP> Microsoft
02/01/2005 05:57 <REP> Motive
05/03/2006 21:20 <REP> Panasonic
02/01/2005 05:52 <REP> QuickTime
02/01/2005 05:35 <REP> SBSI
22/10/2005 01:23 <REP> Skype
02/01/2005 06:09 <REP> Symantec
18/03/2007 17:18 <REP> UDL
22/02/2007 14:05 <REP> UniversalisV12
21/10/2005 16:23 <REP> Windows Genuine Advantage
24/11/2004 00:13 62 desktop.ini
09/03/2006 18:19 1ÿ759 QTSBandwidthCache
2 fichier(s) 1ÿ821 octets
17 R‚p(s) 20ÿ314ÿ447ÿ872 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\Compaq_Propri‚taire\Application Data
24/06/2005 11:46 <REP> .
24/06/2005 11:46 <REP> ..
28/06/2005 19:23 <REP> Adobe
28/06/2005 19:24 <REP> AdobeUM
24/06/2005 11:46 <REP> Apple Computer
15/11/2006 16:48 <REP> Azureus
10/04/2006 21:29 <REP> Block Checker
03/08/2005 23:46 <REP> Google
17/11/2005 20:35 <REP> Help
24/06/2005 11:46 <REP> Identities
11/01/2007 19:02 <REP> IDMComp
01/02/2006 20:27 <REP> Lavasoft
28/06/2005 12:50 <REP> Leadertech
24/06/2005 12:09 <REP> Macromedia
06/11/2006 19:26 <REP> Microgaming
24/06/2005 11:46 <REP> Microsoft
21/06/2006 15:01 <REP> Microsoft Games
24/06/2005 16:43 <REP> Microsoft Web Folders
22/02/2007 14:18 <REP> Mozilla
20/08/2005 12:11 <REP> Real
24/06/2005 11:46 <REP> SampleView
21/02/2007 13:27 <REP> Sierra
22/10/2005 01:23 <REP> Skype
28/06/2005 12:50 <REP> Sonic
24/06/2005 11:46 <REP> Sun
24/06/2005 11:46 <REP> Symantec
08/06/2006 23:23 <REP> TaoUSign
22/02/2007 14:18 <REP> Universalis V12
24/06/2005 11:46 62 desktop.ini
1 fichier(s) 62 octets
28 R‚p(s) 20ÿ314ÿ443ÿ776 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\Compaq_Propri‚taire\Local Settings\Application Data
24/06/2005 11:46 <REP> .
24/06/2005 11:46 <REP> ..
24/06/2005 11:46 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142030}
28/06/2005 19:24 <REP> Adobe
24/06/2005 11:46 <REP> Apple Computer
24/06/2005 11:46 <REP> ApplicationHistory
10/02/2007 01:00 <REP> Bron.tok-18-10
11/02/2007 01:00 <REP> Bron.tok-18-11
12/02/2007 01:00 <REP> Bron.tok-18-12
13/02/2007 01:00 <REP> Bron.tok-18-13
14/02/2007 01:00 <REP> Bron.tok-18-14
15/02/2007 01:00 <REP> Bron.tok-18-15
16/02/2007 01:00 <REP> Bron.tok-18-16
17/02/2007 01:00 <REP> Bron.tok-18-17
18/02/2007 01:00 <REP> Bron.tok-18-18
19/02/2007 13:27 <REP> Bron.tok-18-19
09/02/2007 20:09 <REP> Bron.tok-18-9
02/07/2006 11:26 <REP> Gearbox Software
04/03/2007 22:03 <REP> Google
17/11/2005 20:35 <REP> Help
24/06/2005 23:25 <REP> Identities
09/02/2007 20:14 <REP> Loc.Mail.Bron.Tok
24/06/2005 11:46 <REP> Microsoft
29/06/2005 17:28 <REP> MicroVision Applications
09/02/2007 20:16 <REP> Ok-SendMail-Bron-tok
24/06/2005 13:02 <REP> Shareaza
22/02/2007 14:19 <REP> UniversalisV12
05/03/2006 21:44 <REP> WMTools Downloaded Files
19/02/2007 16:36 3ÿ536 Bron.tok.A18.em.bin
27/06/2005 18:04 101ÿ376 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
24/06/2005 11:46 142 fusioncache.dat
03/09/2005 22:14 74ÿ672 GDIPFONTCACHEV1.DAT
23/08/2005 17:37 1ÿ578ÿ412 IconCache.db
09/02/2007 20:17 7ÿ057 JunkAtx18.bin
09/02/2007 20:14 51 Kosong.Bron.Tok.txt
19/02/2007 16:36 3ÿ536 ListHost18.txt
19/02/2007 16:36 3ÿ536 Update.18.Bron.Tok.bin
9 fichier(s) 1ÿ772ÿ318 octets
28 R‚p(s) 20ÿ314ÿ443ÿ776 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\Default User\Application Data
25/11/2004 05:25 <REP> .
25/11/2004 05:25 <REP> ..
24/06/2005 11:45 <REP> Apple Computer
25/11/2004 05:25 <REP> Identities
25/11/2004 05:25 <REP> Microsoft
24/06/2005 11:45 <REP> SampleView
24/06/2005 11:45 <REP> Sun
24/06/2005 11:45 <REP> Symantec
24/11/2004 00:13 62 desktop.ini
1 fichier(s) 62 octets
8 R‚p(s) 20ÿ314ÿ443ÿ776 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data
25/11/2004 05:25 <REP> .
25/11/2004 05:25 <REP> ..
24/06/2005 11:45 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142030}
24/06/2005 11:45 <REP> Apple Computer
24/06/2005 11:45 <REP> ApplicationHistory
25/11/2004 05:25 <REP> Microsoft
24/06/2005 11:45 135 fusioncache.dat
24/06/2005 11:45 0 IconCache.db
2 fichier(s) 135 octets
6 R‚p(s) 20ÿ314ÿ443ÿ776 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\LocalService\Application Data
02/01/2005 05:30 <REP> .
02/01/2005 05:30 <REP> ..
02/01/2005 05:30 <REP> Microsoft
07/01/2006 15:33 <REP> Symantec
0 fichier(s) 0 octets
4 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data
02/01/2005 05:30 <REP> .
02/01/2005 05:30 <REP> ..
02/01/2005 05:30 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\NetworkService\Application Data
02/01/2005 05:30 <REP> .
02/01/2005 05:30 <REP> ..
02/01/2005 05:30 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data
02/01/2005 05:30 <REP> .
02/01/2005 05:30 <REP> ..
02/01/2005 05:30 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data
25/11/2004 05:58 <REP> .
25/11/2004 05:58 <REP> ..
24/06/2005 11:46 <REP> Apple Computer
25/11/2004 05:58 <REP> Identities
25/11/2004 05:58 <REP> Microsoft
24/06/2005 11:46 <REP> SampleView
24/06/2005 11:46 <REP> Sun
24/06/2005 11:46 <REP> Symantec
24/11/2004 00:13 62 desktop.ini
1 fichier(s) 62 octets
8 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
25/11/2004 05:58 <REP> .
25/11/2004 05:58 <REP> ..
24/06/2005 11:46 <REP> {7148F0A6-6813-11D6-A77B-00B0D0142030}
24/06/2005 11:46 <REP> Apple Computer
24/06/2005 11:46 <REP> ApplicationHistory
25/11/2004 05:58 <REP> Microsoft
24/06/2005 11:46 135 fusioncache.dat
24/06/2005 11:46 0 IconCache.db
2 fichier(s) 135 octets
6 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\WINDOWS\Tasks
22/11/2005 22:40 366 Symantec NetDetect.job
25/11/2004 06:18 <REP> ..
25/11/2004 06:18 <REP> .
23/11/2004 23:29 6 SA.DAT
05/08/2004 20:00 65 desktop.ini
3 fichier(s) 437 octets
2 R‚p(s) 20ÿ314ÿ439ÿ680 octets libres
******************************************
## Répertoires de C:\Program Files
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\Program Files
28/03/2007 12:49 <REP> .
28/03/2007 12:49 <REP> ..
10/01/2007 03:03 <REP> 3Dize
14/12/2005 09:01 <REP> Adobe
31/10/2006 22:36 <REP> Alcatel
19/02/2007 16:42 <REP> Alwil Software
02/01/2005 06:17 <REP> ATI Technologies
22/02/2007 17:07 <REP> Azureus
23/08/2005 18:06 <REP> BlackBeanGames
20/02/2007 19:07 <REP> CCleaner
24/11/2004 03:37 <REP> ComPlus Applications
22/07/2006 15:45 <REP> Cuttermaran
22/08/2005 12:48 <REP> Disney
24/06/2005 22:42 <REP> DivX
28/03/2007 12:51 <REP> Dofus
02/07/2006 11:11 <REP> EA Games
17/03/2006 18:37 <REP> Easy Internet signup
11/01/2007 19:13 <REP> EasyPHP1-8
13/03/2007 13:22 <REP> eMule
18/03/2007 17:17 <REP> EPSON
21/02/2007 18:56 <REP> Fichiers communs
27/06/2005 13:22 <REP> FileZilla
21/02/2007 13:23 <REP> GameSpy Arcade
04/03/2007 22:02 <REP> Google
15/01/2006 14:43 <REP> Hasbro Interactive
02/01/2005 05:57 <REP> Help and Support Additions
14/01/2007 15:21 <REP> IDM Computer Solutions
21/02/2007 04:26 <REP> Internet Explorer
02/01/2005 06:20 <REP> InterVideo
02/01/2005 05:52 <REP> iPod
02/01/2005 05:52 <REP> iTunes
12/02/2006 23:27 <REP> Java
01/02/2006 20:27 <REP> Lavasoft
27/06/2005 12:01 <REP> Macromedia
02/01/2005 06:19 <REP> Macrovision Corp
14/04/2006 11:20 <REP> Managed DirectX (0900)
17/08/2005 19:23 <REP> Maxis
26/02/2007 15:58 <REP> Messenger
16/12/2006 20:53 <REP> Messenger Plus! Live
25/10/2005 13:22 <REP> Microsoft Encarta
24/06/2005 16:43 <REP> microsoft frontpage
12/01/2007 00:05 <REP> Microsoft FrontPage Express
21/02/2007 18:56 <REP> Microsoft Office
21/02/2007 18:55 <REP> Microsoft.NET
25/11/2004 05:27 <REP> Movie Maker
13/09/2006 20:19 <REP> mp3DirectCut
11/02/2006 13:10 <REP> MSN
13/04/2006 19:36 <REP> MSN Adder (Avatar, Emoticon & ChatSkin Adder)
25/11/2004 05:27 <REP> MSN Gaming Zone
12/08/2006 18:56 <REP> MSN Messenger
15/12/2006 15:31 <REP> MSXML 4.0
01/01/2005 09:47 <REP> NetMeeting
07/09/2006 20:33 <REP> Nouveau dossier
20/02/2007 02:46 <REP> NudgeMania
25/11/2004 05:27 <REP> Online Services
21/02/2007 04:03 <REP> Outlook Express
05/03/2006 19:47 <REP> Panasonic
22/05/2006 11:29 <REP> PDF Editeur 2
04/03/2007 22:03 <REP> Picasa2
03/11/2006 17:20 <REP> Pinnacle
06/02/2007 18:10 <REP> PokerStars
01/11/2006 03:49 <REP> PokerStars.NET
08/12/2006 20:59 <REP> PronoFoot Expert Plus
09/03/2006 18:18 <REP> QuickTime
20/08/2005 12:12 <REP> Real
02/01/2005 06:01 <REP> Services en ligne
21/02/2007 13:09 <REP> Sierra
22/10/2005 01:22 <REP> Skype
18/08/2005 13:02 <REP> SLD Codec Pack
02/01/2005 05:49 <REP> Sonic
02/01/2005 05:49 <REP> Sonic RecordNow!
28/08/2006 12:05 <REP> Starcraft
24/06/2005 12:15 <REP> Symantec
24/06/2005 12:14 <REP> SymNetDrv
23/08/2005 19:05 <REP> Ubisoft
24/11/2004 03:37 <REP> Uninstall Information
22/02/2007 14:05 <REP> Universalis
14/01/2007 15:22 <REP> VideoLAN
20/02/2007 18:35 <REP> Vilma
31/10/2006 22:47 <REP> Wanadoo
25/01/2007 16:49 <REP> Windows Media Components
17/02/2006 02:45 <REP> Windows Media Player
01/01/2005 09:47 <REP> Windows NT
05/04/2006 17:55 <REP> WinRAR
25/11/2004 05:28 <REP> xerox
18/04/2006 01:44 <REP> XP Codec Pack
0 fichier(s) 0 octets
86 R‚p(s) 20ÿ314ÿ435ÿ584 octets libres
******************************************
## Popups autorisées
* Internet Explorer
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
wenndy.tripod.com REG_BINARY
badabry.forumactif.com REG_BINARY
jialing.skyblog.com REG_BINARY
www.fdjeux.com REG_BINARY
blog.zanorg.com REG_BINARY
www.csmgbad.com REG_BINARY
membres.lycos.fr REG_BINARY
www.icone-gif.com REG_BINARY
www.clubic.com REG_BINARY
www.01net.com REG_BINARY
* Mozilla Firefox (1 autorisé 2 interdit)
******************************************
## Registre
* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ https://www.orange.fr/portail
* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Tok-Cirrhatus-5226 REG_SZ "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\br11475on.exe"
******************************************
## Zones de sécurité
* HKCU Domains (4)
* P3P History (5)
******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"
*************** Fin du rapport ****************
Et le rapport L2MFIX :
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"Wanadoo 5.6"="IEAKFT"
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="IE Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{07C45BB1-4A8C-4642-A1F5-237E7215FF66}"="IE Microsoft BrowserBand"
"{1C1EDB47-CE22-4bbb-B608-77B48F83C823}"="IE Fade Task"
"{205D7A97-F16D-4691-86EF-F3075DCCA57D}"="IE Menu Desk Bar"
"{3028902F-6374-48b2-8DC6-9725E775B926}"="IE AutoComplete"
"{43886CD5-6529-41c4-A707-7B3C92C05E68}"="IE Navigation Bar"
"{44C76ECD-F7FA-411c-9929-1B77BA77F524}"="IE Menu Site"
"{4B78D326-D922-44f9-AF2A-07805C2A3560}"="IE Menu Band"
"{6038EF75-ABFC-4e59-AB6F-12D397F6568D}"="IE Microsoft History AutoComplete List"
"{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}"="IE Tracking Shell Menu"
"{6CF48EF8-44CD-45d2-8832-A16EA016311B}"="IE IShellFolderBand"
"{73CFD649-CD48-4fd8-A272-2070EA56526B}"="IE BandProxy"
"{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}"="IE MRU AutoComplete List"
"{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}"="IE RSS Feeder Folder"
"{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}"="IE Microsoft Shell Folder AutoComplete List"
"{B31C5FAE-961F-415b-BAF0-E697A5178B94}"="IE Microsoft Multiple AutoComplete List Container"
"{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}"="Microsoft Browser Architecture"
"{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}"="IE Shell Rebar BandSite"
"{E6EE9AAC-F76B-4947-8260-A9F136138E11}"="IE Shell Band Site Menu"
"{F2CF5485-4E02-4f68-819C-B92DE9277049}"="&Links"
"{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}"="IE Registry Tree Options Utility"
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}"="IE User Assist"
"{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}"="IE Custom MRU AutoCompleted List"
"{D3822C3D-45A0-44E9-91CA-019F9565D282}"="UltraCompare shell extension"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Dossiers Web"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
advpack.dll Mon 8 Jan 2007 20:00:48 A.... 124 928 122,00 K
cmdlin~1.dll Tue 27 Mar 2007 19:38:02 A.... 43 520 42,50 K
corpol.dll Mon 8 Jan 2007 20:01:14 A.... 17 408 17,00 K
extmgr.dll Fri 12 Jan 2007 10:27:42 A.... 132 608 129,50 K
ieakeng.dll Mon 8 Jan 2007 20:02:02 A.... 153 088 149,50 K
ieaksie.dll Mon 8 Jan 2007 20:02:02 A.... 230 400 225,00 K
ieakui.dll Mon 8 Jan 2007 20:02:02 A.... 161 792 158,00 K
ieapfltr.dll Mon 8 Jan 2007 20:02:02 A.... 383 488 374,50 K
iedkcs32.dll Mon 8 Jan 2007 20:02:02 A.... 384 000 375,00 K
ieframe.dll Fri 12 Jan 2007 10:27:42 A.... 6 054 400 5,77 M
iernonce.dll Mon 8 Jan 2007 20:02:04 A.... 44 544 43,50 K
iertutil.dll Mon 8 Jan 2007 20:02:04 A.... 266 752 260,50 K
jsproxy.dll Fri 12 Jan 2007 10:27:42 A.... 27 136 26,50 K
msfeeds.dll Fri 12 Jan 2007 10:27:42 A.... 458 752 448,00 K
msfeed~1.dll Fri 12 Jan 2007 10:27:42 ..... 51 712 50,50 K
mshtml.dll Fri 12 Jan 2007 10:27:42 A.... 3 580 416 3,41 M
mshtmled.dll Fri 12 Jan 2007 10:27:42 A.... 477 696 466,50 K
msrating.dll Mon 8 Jan 2007 20:03:02 A.... 193 024 188,50 K
mstime.dll Fri 12 Jan 2007 10:27:42 A.... 670 720 655,00 K
occache.dll Mon 8 Jan 2007 20:04:08 A.... 102 400 100,00 K
rlls.dll Thu 15 Mar 2007 22:25:56 A.... 344 064 336,00 K
url.dll Mon 8 Jan 2007 20:04:54 A.... 105 984 103,50 K
urlmon.dll Fri 12 Jan 2007 10:27:42 A.... 1 149 952 1,09 M
webcheck.dll Fri 12 Jan 2007 10:27:42 A.... 232 960 227,50 K
wininet.dll Fri 12 Jan 2007 10:27:42 A.... 822 784 803,50 K
25 items found: 25 files, 0 directories.
Total of file sizes: 16 214 528 bytes 15,46 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur C s'appelle PRESARIO
Le num‚ro de s‚rie du volume est F094-6891
R‚pertoire de C:\WINDOWS\System32
09/02/2007 20:08 10 sistem.sys
05/08/2004 20:00 1ÿ392ÿ671 msvbvm60.dll
2 fichier(s) 1ÿ392ÿ681 octets
0 R‚p(s) 20ÿ312ÿ563ÿ712 octets libres
Merci chef :)
Ok !
Télécharge Blacklight (de F-Secure) :
https://europe.f-secure.com/exclude/blacklight/index.shtml
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
++
La sagesse, c'est d'avoir des rêves suffisamment grands pour ne pas les
perdre de vue lorsqu'on les poursuit. (Oscar Wilde)
Télécharge Blacklight (de F-Secure) :
https://europe.f-secure.com/exclude/blacklight/index.shtml
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
++
La sagesse, c'est d'avoir des rêves suffisamment grands pour ne pas les
perdre de vue lorsqu'on les poursuit. (Oscar Wilde)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question