Pc infecté!!!
greed_island
Messages postés
3
Statut
Membre
-
papyber Messages postés 6430 Statut Contributeur sécurité -
papyber Messages postés 6430 Statut Contributeur sécurité -
bonjour! jai 1gros problème! mon pc est infecté et je sais pas qoi faire! jai avast+lavasoft ad-aware+cwshredder (analyse les coolwebsearch)!
voici le log d'hijack free (emisoft):
<?xml version="1.0" encoding="Windows-1252" ?>
- <a2hijackfreelog>
<version>2.1.0.34</version>
<datecreated>2007-05-13 15:25</datecreated>
<language>fr-fr</language>
<ie_version>6.0.2800.1106</ie_version>
<os>2000</os>
<os_version>5.02195</os_version>
<os_csd>Service Pack 4</os_csd>
<programpath>C:\Program Files</programpath>
<startuppath>C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage</startuppath>
<systempath>C:\WINNT\system32</systempath>
<winpath>C:\WINNT\</winpath>
- <autoruns>
- <autorun Category="Registry">
<name>Synchronization Manager</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>mobsync.exe</filepath>
</autorun>
- <autorun Category="Registry">
<name>NvCplDaemon</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>RUNDLL32.EXE %systempath%\NvCpl.dll,NvStartup</filepath>
</autorun>
- <autorun Category="Registry">
<name>nwiz</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>nwiz.exe</filepath>
</autorun>
- <autorun Category="Registry">
<name>InstantAccess</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>%programpath%\TEXTBR~1.0\Bin\INSTAN~1.EXE</filepath>
</autorun>
- <autorun Category="Registry">
<name>RegisterDropHandler</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>%programpath%\TEXTBR~1.0\Bin\REGIST~1.EXE</filepath>
</autorun>
- <autorun Category="Registry">
<name>eCarteBleue-CLEO</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>%programpath%\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe</filepath>
</autorun>
- <autorun Category="Registry">
<name>avast!</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>%programpath%\ALWILS~1\Avast4\ashDisp.exe</filepath>
</autorun>
- <autorun Category="Registry">
<name>RegisterDropHandler</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices</location>
<filepath>%programpath%\TEXTBR~1.0\Bin\REGIST~1.EXE</filepath>
</autorun>
- <autorun Category="Registry">
<name>Skype</name>
<location>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>"%programpath%\Skype\Phone\Skype.exe"</filepath>
</autorun>
- <autorun Category="startupfiles">
<location>config.nt</location>
<name>dos</name>
<filepath>high, umb</filepath>
</autorun>
- <autorun Category="startupfiles">
<location>config.nt</location>
<name>device</name>
<filepath>%SystemRoot%\system32\himem.sys</filepath>
</autorun>
- <autorun Category="startupfiles">
<location>config.nt</location>
<name>files</name>
<filepath>40</filepath>
</autorun>
- <autorun Category="startupfiles">
<location>config.nt</location>
<name>device</name>
<filepath>%programpath%\ALWILS~1\Avast4\aswmonds.sys</filepath>
</autorun>
- <autorun Category="autostartmenu">
<name>SA</name>
<location>%winpath%tasks\</location>
</autorun>
- <autorun Category="tricky">
<name>^SetupICWDesktop</name>
<location>HKEY_USERS\HKEY_USERS</location>
<filepath>%programpath%\Internet Explorer\Connection Wizard\icwconn1.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>Shell</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\</location>
<filepath>Explorer.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>$GT;{22d6f312-b0f6-11d0-94ab-0080c74c7e95}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>%winpath%inf\unregmp2.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>$GT;{26923b43-4d38-484f-9b9e-de460746276c}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>"%systempath%\shmgrate.exe" OCInstallUserConfigIE</filepath>
</autorun>
- <autorun Category="tricky">
<name>$GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP</filepath>
</autorun>
- <autorun Category="tricky">
<name>$GT;{881dd1c5-3dcf-431b-b061-f3f88e8be88a}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>"%systempath%\shmgrate.exe" OCInstallUserConfigOE</filepath>
</autorun>
- <autorun Category="tricky">
<name>{44BBA840-CC51-11CF-AAFA-00AA00B6015C}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>"%programpath%\Outlook Express\setup50.exe"</filepath>
</autorun>
- <autorun Category="tricky">
<name>{44BBA842-CC51-11CF-AAFA-00AA00B6015B}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>rundll32.exe advpack.dll,LaunchINFSection %winpath%INF\msnetmtg.inf,NetMtg.Install.PerUser.NT</filepath>
</autorun>
- <autorun Category="tricky">
<name>{6A5110B5-E14B-4268-A065-EF89FF33C325}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>regsvr32.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>{6BF52A52-394A-11d3-B153-00C04F79FAA6}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>rundll32.exe advpack.dll,LaunchINFSection %winpath%INF\wmp.inf,PerUserStub</filepath>
</autorun>
- <autorun Category="tricky">
<name>{7790769C-0471-11d2-AF11-00C04FA35D02}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>"%programpath%\Outlook Express\setup50.exe"</filepath>
</autorun>
- <autorun Category="tricky">
<name>{89820200-ECBD-11cf-8B85-00AA005B4340}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>regsvr32.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>{89820200-ECBD-11cf-8B85-00AA005B4383}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>%systempath%\ie4uinit.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>%systempath%\updcrl.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>Skriptdatei für VBScript</name>
<location>HKEY_CLASSES_ROOT\vbsfile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe "%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Skriptdatei für VBScript</name>
<location>HKEY_CLASSES_ROOT\vbefile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe "%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Skriptdatei für JScript</name>
<location>HKEY_CLASSES_ROOT\jsfile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe "%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Skriptdatei für JScript</name>
<location>HKEY_CLASSES_ROOT\jsefile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe "%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Datei mit Einstellungen für Windows Script Host</name>
<location>HKEY_CLASSES_ROOT\wshfile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe "%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Skriptdatei für Windows</name>
<location>HKEY_CLASSES_ROOT\wsffile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe "%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Application</name>
<location>HKEY_CLASSES_ROOT\exefile\shell\open\command\</location>
<filepath>"%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Application MS-DOS</name>
<location>HKEY_CLASSES_ROOT\comfile\shell\open\command\</location>
<filepath>"%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Fichier de commande MS-DOS</name>
<location>HKEY_CLASSES_ROOT\batfile\shell\open\command\</location>
<filepath>"%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Écran de veille</name>
<location>HKEY_CLASSES_ROOT\scrfile\shell\open\command\</location>
<filepath>"%1"</filepath>
</autorun>
- <autorun Category="tricky">
<name>Raccourci pour le programme MS-DOS</name>
<location>HKEY_CLASSES_ROOT\piffile\shell\open\command\</location>
<filepath>"%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Network.ConnectionTray</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\</location>
<filepath>%systempath%\NETSHELL.dll</filepath>
</autorun>
- <autorun Category="tricky">
<name>SysTray</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\</location>
<filepath>stobject.dll</filepath>
</autorun>
- <autorun Category="tricky">
<name>WebCheck</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\</location>
<filepath>%systempath%\webcheck.dll</filepath>
</autorun>
</autoruns>
- <addons>
- <addon Category="bho">
<clsid>{02478D38-C3F9-4EFB-9B51-7695ECA05670}</clsid>
<name>Yahoo! Toolbar Helper</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</location>
<filepath>%programpath%\Yahoo!\Companion\Installs\cpn\yt.dll</filepath>
</addon>
- <addon Category="bho">
<clsid>{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}</clsid>
<name>AcroIEHlprObj Class</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</location>
<filepath>%programpath%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx</filepath>
</addon>
- <addon Category="bho">
<clsid>{2E03C0FD-4C48-43A7-9A54-00240C70FF16}</clsid>
<name>ECarteBleueBrowserHelper Class</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</location>
<filepath>%systempath%\BhoECart.dll</filepath>
</addon>
- <addon Category="bho">
<clsid>{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}</clsid>
<name>SSVHelper Class</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</location>
<filepath>%programpath%\Java\jre1.5.0_09\bin\ssv.dll</filepath>
</addon>
- <addon Category="shellexecutehooks">
<clsid>{AEB6717E-7E19-11d0-97EE-00C04FD91972}</clsid>
<name>URL Exec Hook</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks</location>
<filepath>shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{00022613-0000-0000-C000-000000000046}</clsid>
<name>Feuille de propriétés du fichier multimédia</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>mmsys.cpl</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{176d6597-26d3-11d1-b350-080036a75b03}</clsid>
<name>Gestion de scanneur ICM</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>icmui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{1F2E5C40-9550-11CE-99D2-00AA006E086C}</clsid>
<name>Extension noyau de sécurité</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>rshx32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{3EA48300-8CF6-101B-84FB-666CCB9BCD32}</clsid>
<name>Page des propriétés de OLE DocFile</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>docprop.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{40dd6e20-7c17-11ce-a804-00aa003ca9f6}</clsid>
<name>Extensions de l'interpréteur de commandes pour le partage</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>ntshrui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{41E300E0-78B6-11ce-849B-444553540000}</clsid>
<name>Extension du Panneau de configuration PlusPack</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>plustab.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{42071712-76d4-11d1-8b24-00a0c9068ff3}</clsid>
<name>Extension Affichage Carte du Panneau de configuration</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>deskadp.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{42071713-76d4-11d1-8b24-00a0c9068ff3}</clsid>
<name>Extension Affichage Écran du Panneau de configuration</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>deskmon.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{42071714-76d4-11d1-8b24-00a0c9068ff3}</clsid>
<name>Extension Affichage Panorama du Panneau de configuration</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>deskpan.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{4E40F770-369C-11d0-8922-00A024AB2DBB}</clsid>
<name>Extension noyau de sécurité</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>dssec.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{56117100-C0CD-101B-81E2-00AA004AE837}</clsid>
<name>Gestionnaire de données endommagées de l'interpréteur de commandes</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>shscrap.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{59099400-57FF-11CE-BD94-0020AF85B590}</clsid>
<name>Extension copie de disquette</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>diskcopy.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{59be4990-f85c-11ce-aff7-00aa003ca9f6}</clsid>
<name>Extensions de l'interpréteur de commandes pour les objets Microsoft Windows Network</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>ntlanui2.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{5DB2625A-54DF-11D0-B6C4-0800091AA605}</clsid>
<name>Gestion d'écran ICM</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\icmui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{675F097E-4C4D-11D0-B6C1-0800091AA605}</clsid>
<name>Gestion d'imprimante ICM</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\icmui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{764BF0E1-F219-11ce-972D-00AA00A14F56}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{77597368-7b15-11d0-a0c2-080036af3f03}</clsid>
<name>Extension de l'environnement d'impression Web</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>printui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7988B573-EC89-11cf-9C00-00AA00A14F56}</clsid>
<name>Microsoft Disk Quota UI</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>dskquoui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{85BBD920-42A0-1069-A2E4-08002B30309D}</clsid>
<name>Porte-documents</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>syncui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{88895560-9AA2-1069-930E-00AA0030EBC8}</clsid>
<name>HyperTerminal Icon Ext</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\hticons.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{BD84B380-8CA2-1069-AB1D-08000948F534}</clsid>
<name>Fonts</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>fontext.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{DBCE2480-C732-101B-BE72-BA78E9AD5B27}</clsid>
<name>Profil ICC</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\icmui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}</clsid>
<name>Extension noyau de sécurité</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>rshx32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}</clsid>
<name>Extensions de l'interpréteur de commandes pour le partage</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>ntshrui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{f92e8c40-3d33-11d2-b1aa-080036a75b03}</clsid>
<name>Display TroubleShoot CPL Extension</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>deskperf.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{60254CA5-953B-11CF-8C96-00AA00B8708C}</clsid>
<name>Shell Extension For Windows Script Host</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\wshext.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7444C717-39BF-11D1-8CD9-00C04FC29D45}</clsid>
<name>CryptPKO Class</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\cryptext.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7444C719-39BF-11D1-8CD9-00C04FC29D45}</clsid>
<name>CryptSig Class</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\cryptext.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7007ACC7-3202-11D1-AAD2-00805FC1270E}</clsid>
<name>Connexions réseau et accès à distance</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\NETSHELL.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{EFA24E61-B078-11d0-89E4-00C04FC9E26E}</clsid>
<name>Favorites Band</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{0A89A860-D7B1-11CE-8350-444553540000}</clsid>
<name>Shell Automation Inproc Service</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}</clsid>
<name>Shell DocObject Viewer</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{FBF23B40-E3F0-101B-8488-00AA003E56F8}</clsid>
<name>Raccourci Internet</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{3C374A40-BAE4-11CF-BF7D-00AA006946EE}</clsid>
<name>Microsoft Url History Service</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{FF393560-C2A7-11CF-BFF4-444553540000}</clsid>
<name>Historique</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7BD29E00-76C1-11CF-9DD0-00A0C9034933}</clsid>
<name>Temporary Internet Files</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{CFBFAE00-17A6-11D0-99CB-00C04FD64497}</clsid>
<name>Microsoft Url Search Hook</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}</clsid>
<name>Image de démarrage de la Suite IE4</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{67EA19A0-CCEF-11d0-8024-00C04FD75D13}</clsid>
<name>CDF Extension Copy Hook</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{131A6951-7F78-11D0-A979-00C04FD705A2}</clsid>
<name>ISFBand OC</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{9461b922-3c5a-11d2-bf8b-00c04fb93661}</clsid>
<name>Search Assistant OC</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}</clsid>
<name>Internet</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{871C5380-42A0-1069-A2EA-08002B30309D}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}</clsid>
<name>Scheduling UI icon handler</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\mstask.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}</clsid>
<name>Scheduling UI property sheet handler</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\mstask.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{D6277990-4C6A-11CF-8D87-00AA0060F5BF}</clsid>
<name>Tâches planifiées</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\mstask.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{1A9BA3A0-143A-11CF-8350-444553540000}</clsid>
<name>Dossier favori du shell</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{20D04FE0-3AEA-1069-A2D8-08002B30309D}</clsid>
<name>Poste de travail</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{86747AC0-42A0-1069-A2E6-08002B30309D}</clsid>
<name>Porte-documents</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{0AFACED1-E828-11D1-9187-B532F1E9575D}</clsid>
<name>Raccourci vers le dossier</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{12518493-00B2-11d2-9FA5-9E3420524153}</clsid>
<name>Volume monté</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{21B22460-3AEA-1069-A2DC-08002B30309D}</clsid>
<name>Extension de la page de propriétés des fichiers</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{B091E540-83E3-11CF-A713-0020AFD79762}</clsid>
<name>Page des types de fichiers</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{FBF23B41-E3F0-101B-8488-00AA003E56F8}</clsid>
<name>Gestionnaire des types de fichiers MIME</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{C2FBB630-2971-11d1-A18C-00C04FD75D13}</clsid>
<name>Service Copier vers Microsoft</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{C2FBB631-2971-11d1-A18C-00C04FD75D13}</clsid>
<name>Service Déplacer vers Microsoft</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{13709620-C279-11CE-A49E-444553540000}</clsid>
<name>Service d'automatisation de l'interface</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}</clsid>
<name>Shell Automation Folder View</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{4622AD11-FF23-11d0-8D34-00A0C90F2719}</clsid>
<name>Menu Démarrer</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7BA4C740-9E81-11CF-99D3-00AA004AE837}</clsid>
<name>Service SendTo Microsoft</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location La page XML ne peut pas être affichée
Impossible d'afficher l'entrée XML en utilisant la feuille de style XSL. Corrigez l'erreur, puis cliquez sur le bouton Actualiser ou réessayez ultérieurement.
--------------------------------------------------------------------------------
Le symbole point-virgule était attendu. Erreur de traitement de la ressource file:///C:/Program Files/a-squared HiJackFree/...
<name>&Liens</name>
------------^
voici le log d'hijack free (emisoft):
<?xml version="1.0" encoding="Windows-1252" ?>
- <a2hijackfreelog>
<version>2.1.0.34</version>
<datecreated>2007-05-13 15:25</datecreated>
<language>fr-fr</language>
<ie_version>6.0.2800.1106</ie_version>
<os>2000</os>
<os_version>5.02195</os_version>
<os_csd>Service Pack 4</os_csd>
<programpath>C:\Program Files</programpath>
<startuppath>C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage</startuppath>
<systempath>C:\WINNT\system32</systempath>
<winpath>C:\WINNT\</winpath>
- <autoruns>
- <autorun Category="Registry">
<name>Synchronization Manager</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>mobsync.exe</filepath>
</autorun>
- <autorun Category="Registry">
<name>NvCplDaemon</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>RUNDLL32.EXE %systempath%\NvCpl.dll,NvStartup</filepath>
</autorun>
- <autorun Category="Registry">
<name>nwiz</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>nwiz.exe</filepath>
</autorun>
- <autorun Category="Registry">
<name>InstantAccess</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>%programpath%\TEXTBR~1.0\Bin\INSTAN~1.EXE</filepath>
</autorun>
- <autorun Category="Registry">
<name>RegisterDropHandler</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>%programpath%\TEXTBR~1.0\Bin\REGIST~1.EXE</filepath>
</autorun>
- <autorun Category="Registry">
<name>eCarteBleue-CLEO</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>%programpath%\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe</filepath>
</autorun>
- <autorun Category="Registry">
<name>avast!</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>%programpath%\ALWILS~1\Avast4\ashDisp.exe</filepath>
</autorun>
- <autorun Category="Registry">
<name>RegisterDropHandler</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices</location>
<filepath>%programpath%\TEXTBR~1.0\Bin\REGIST~1.EXE</filepath>
</autorun>
- <autorun Category="Registry">
<name>Skype</name>
<location>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</location>
<filepath>"%programpath%\Skype\Phone\Skype.exe"</filepath>
</autorun>
- <autorun Category="startupfiles">
<location>config.nt</location>
<name>dos</name>
<filepath>high, umb</filepath>
</autorun>
- <autorun Category="startupfiles">
<location>config.nt</location>
<name>device</name>
<filepath>%SystemRoot%\system32\himem.sys</filepath>
</autorun>
- <autorun Category="startupfiles">
<location>config.nt</location>
<name>files</name>
<filepath>40</filepath>
</autorun>
- <autorun Category="startupfiles">
<location>config.nt</location>
<name>device</name>
<filepath>%programpath%\ALWILS~1\Avast4\aswmonds.sys</filepath>
</autorun>
- <autorun Category="autostartmenu">
<name>SA</name>
<location>%winpath%tasks\</location>
</autorun>
- <autorun Category="tricky">
<name>^SetupICWDesktop</name>
<location>HKEY_USERS\HKEY_USERS</location>
<filepath>%programpath%\Internet Explorer\Connection Wizard\icwconn1.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>Shell</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\</location>
<filepath>Explorer.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>$GT;{22d6f312-b0f6-11d0-94ab-0080c74c7e95}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>%winpath%inf\unregmp2.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>$GT;{26923b43-4d38-484f-9b9e-de460746276c}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>"%systempath%\shmgrate.exe" OCInstallUserConfigIE</filepath>
</autorun>
- <autorun Category="tricky">
<name>$GT;{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP</filepath>
</autorun>
- <autorun Category="tricky">
<name>$GT;{881dd1c5-3dcf-431b-b061-f3f88e8be88a}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>"%systempath%\shmgrate.exe" OCInstallUserConfigOE</filepath>
</autorun>
- <autorun Category="tricky">
<name>{44BBA840-CC51-11CF-AAFA-00AA00B6015C}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>"%programpath%\Outlook Express\setup50.exe"</filepath>
</autorun>
- <autorun Category="tricky">
<name>{44BBA842-CC51-11CF-AAFA-00AA00B6015B}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>rundll32.exe advpack.dll,LaunchINFSection %winpath%INF\msnetmtg.inf,NetMtg.Install.PerUser.NT</filepath>
</autorun>
- <autorun Category="tricky">
<name>{6A5110B5-E14B-4268-A065-EF89FF33C325}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>regsvr32.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>{6BF52A52-394A-11d3-B153-00C04F79FAA6}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>rundll32.exe advpack.dll,LaunchINFSection %winpath%INF\wmp.inf,PerUserStub</filepath>
</autorun>
- <autorun Category="tricky">
<name>{7790769C-0471-11d2-AF11-00C04FA35D02}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>"%programpath%\Outlook Express\setup50.exe"</filepath>
</autorun>
- <autorun Category="tricky">
<name>{89820200-ECBD-11cf-8B85-00AA005B4340}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>regsvr32.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>{89820200-ECBD-11cf-8B85-00AA005B4383}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>%systempath%\ie4uinit.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\</location>
<filepath>%systempath%\updcrl.exe</filepath>
</autorun>
- <autorun Category="tricky">
<name>Skriptdatei für VBScript</name>
<location>HKEY_CLASSES_ROOT\vbsfile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe "%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Skriptdatei für VBScript</name>
<location>HKEY_CLASSES_ROOT\vbefile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe "%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Skriptdatei für JScript</name>
<location>HKEY_CLASSES_ROOT\jsfile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe "%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Skriptdatei für JScript</name>
<location>HKEY_CLASSES_ROOT\jsefile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe "%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Datei mit Einstellungen für Windows Script Host</name>
<location>HKEY_CLASSES_ROOT\wshfile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe "%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Skriptdatei für Windows</name>
<location>HKEY_CLASSES_ROOT\wsffile\shell\open\command\</location>
<filepath>%winpath%System32\WScript.exe "%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Application</name>
<location>HKEY_CLASSES_ROOT\exefile\shell\open\command\</location>
<filepath>"%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Application MS-DOS</name>
<location>HKEY_CLASSES_ROOT\comfile\shell\open\command\</location>
<filepath>"%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Fichier de commande MS-DOS</name>
<location>HKEY_CLASSES_ROOT\batfile\shell\open\command\</location>
<filepath>"%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Écran de veille</name>
<location>HKEY_CLASSES_ROOT\scrfile\shell\open\command\</location>
<filepath>"%1"</filepath>
</autorun>
- <autorun Category="tricky">
<name>Raccourci pour le programme MS-DOS</name>
<location>HKEY_CLASSES_ROOT\piffile\shell\open\command\</location>
<filepath>"%1" %*</filepath>
</autorun>
- <autorun Category="tricky">
<name>Network.ConnectionTray</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\</location>
<filepath>%systempath%\NETSHELL.dll</filepath>
</autorun>
- <autorun Category="tricky">
<name>SysTray</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\</location>
<filepath>stobject.dll</filepath>
</autorun>
- <autorun Category="tricky">
<name>WebCheck</name>
<location>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\</location>
<filepath>%systempath%\webcheck.dll</filepath>
</autorun>
</autoruns>
- <addons>
- <addon Category="bho">
<clsid>{02478D38-C3F9-4EFB-9B51-7695ECA05670}</clsid>
<name>Yahoo! Toolbar Helper</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</location>
<filepath>%programpath%\Yahoo!\Companion\Installs\cpn\yt.dll</filepath>
</addon>
- <addon Category="bho">
<clsid>{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}</clsid>
<name>AcroIEHlprObj Class</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</location>
<filepath>%programpath%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx</filepath>
</addon>
- <addon Category="bho">
<clsid>{2E03C0FD-4C48-43A7-9A54-00240C70FF16}</clsid>
<name>ECarteBleueBrowserHelper Class</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</location>
<filepath>%systempath%\BhoECart.dll</filepath>
</addon>
- <addon Category="bho">
<clsid>{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}</clsid>
<name>SSVHelper Class</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</location>
<filepath>%programpath%\Java\jre1.5.0_09\bin\ssv.dll</filepath>
</addon>
- <addon Category="shellexecutehooks">
<clsid>{AEB6717E-7E19-11d0-97EE-00C04FD91972}</clsid>
<name>URL Exec Hook</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks</location>
<filepath>shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{00022613-0000-0000-C000-000000000046}</clsid>
<name>Feuille de propriétés du fichier multimédia</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>mmsys.cpl</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{176d6597-26d3-11d1-b350-080036a75b03}</clsid>
<name>Gestion de scanneur ICM</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>icmui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{1F2E5C40-9550-11CE-99D2-00AA006E086C}</clsid>
<name>Extension noyau de sécurité</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>rshx32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{3EA48300-8CF6-101B-84FB-666CCB9BCD32}</clsid>
<name>Page des propriétés de OLE DocFile</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>docprop.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{40dd6e20-7c17-11ce-a804-00aa003ca9f6}</clsid>
<name>Extensions de l'interpréteur de commandes pour le partage</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>ntshrui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{41E300E0-78B6-11ce-849B-444553540000}</clsid>
<name>Extension du Panneau de configuration PlusPack</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>plustab.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{42071712-76d4-11d1-8b24-00a0c9068ff3}</clsid>
<name>Extension Affichage Carte du Panneau de configuration</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>deskadp.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{42071713-76d4-11d1-8b24-00a0c9068ff3}</clsid>
<name>Extension Affichage Écran du Panneau de configuration</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>deskmon.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{42071714-76d4-11d1-8b24-00a0c9068ff3}</clsid>
<name>Extension Affichage Panorama du Panneau de configuration</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>deskpan.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{4E40F770-369C-11d0-8922-00A024AB2DBB}</clsid>
<name>Extension noyau de sécurité</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>dssec.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{56117100-C0CD-101B-81E2-00AA004AE837}</clsid>
<name>Gestionnaire de données endommagées de l'interpréteur de commandes</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>shscrap.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{59099400-57FF-11CE-BD94-0020AF85B590}</clsid>
<name>Extension copie de disquette</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>diskcopy.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{59be4990-f85c-11ce-aff7-00aa003ca9f6}</clsid>
<name>Extensions de l'interpréteur de commandes pour les objets Microsoft Windows Network</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>ntlanui2.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{5DB2625A-54DF-11D0-B6C4-0800091AA605}</clsid>
<name>Gestion d'écran ICM</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%winpath%System32\icmui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{675F097E-4C4D-11D0-B6C1-0800091AA605}</clsid>
<name>Gestion d'imprimante ICM</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\icmui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{764BF0E1-F219-11ce-972D-00AA00A14F56}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{77597368-7b15-11d0-a0c2-080036af3f03}</clsid>
<name>Extension de l'environnement d'impression Web</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>printui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7988B573-EC89-11cf-9C00-00AA00A14F56}</clsid>
<name>Microsoft Disk Quota UI</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>dskquoui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath />
</addon>
- <addon Category="shellextension">
<clsid>{85BBD920-42A0-1069-A2E4-08002B30309D}</clsid>
<name>Porte-documents</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>syncui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{88895560-9AA2-1069-930E-00AA0030EBC8}</clsid>
<name>HyperTerminal Icon Ext</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\hticons.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{BD84B380-8CA2-1069-AB1D-08000948F534}</clsid>
<name>Fonts</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>fontext.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{DBCE2480-C732-101B-BE72-BA78E9AD5B27}</clsid>
<name>Profil ICC</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\icmui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}</clsid>
<name>Extension noyau de sécurité</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>rshx32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}</clsid>
<name>Extensions de l'interpréteur de commandes pour le partage</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>ntshrui.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{f92e8c40-3d33-11d2-b1aa-080036a75b03}</clsid>
<name>Display TroubleShoot CPL Extension</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>deskperf.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{60254CA5-953B-11CF-8C96-00AA00B8708C}</clsid>
<name>Shell Extension For Windows Script Host</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\wshext.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7444C717-39BF-11D1-8CD9-00C04FC29D45}</clsid>
<name>CryptPKO Class</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\cryptext.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7444C719-39BF-11D1-8CD9-00C04FC29D45}</clsid>
<name>CryptSig Class</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\cryptext.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7007ACC7-3202-11D1-AAD2-00805FC1270E}</clsid>
<name>Connexions réseau et accès à distance</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\NETSHELL.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{EFA24E61-B078-11d0-89E4-00C04FC9E26E}</clsid>
<name>Favorites Band</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{0A89A860-D7B1-11CE-8350-444553540000}</clsid>
<name>Shell Automation Inproc Service</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}</clsid>
<name>Shell DocObject Viewer</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{FBF23B40-E3F0-101B-8488-00AA003E56F8}</clsid>
<name>Raccourci Internet</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{3C374A40-BAE4-11CF-BF7D-00AA006946EE}</clsid>
<name>Microsoft Url History Service</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{FF393560-C2A7-11CF-BFF4-444553540000}</clsid>
<name>Historique</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7BD29E00-76C1-11CF-9DD0-00A0C9034933}</clsid>
<name>Temporary Internet Files</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{CFBFAE00-17A6-11D0-99CB-00C04FD64497}</clsid>
<name>Microsoft Url Search Hook</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}</clsid>
<name>Image de démarrage de la Suite IE4</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{67EA19A0-CCEF-11d0-8024-00C04FD75D13}</clsid>
<name>CDF Extension Copy Hook</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{131A6951-7F78-11D0-A979-00C04FD705A2}</clsid>
<name>ISFBand OC</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{9461b922-3c5a-11d2-bf8b-00c04fb93661}</clsid>
<name>Search Assistant OC</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}</clsid>
<name>Internet</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{871C5380-42A0-1069-A2EA-08002B30309D}</clsid>
<name />
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shdocvw.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}</clsid>
<name>Scheduling UI icon handler</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\mstask.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}</clsid>
<name>Scheduling UI property sheet handler</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\mstask.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{D6277990-4C6A-11CF-8D87-00AA0060F5BF}</clsid>
<name>Tâches planifiées</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\mstask.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{1A9BA3A0-143A-11CF-8350-444553540000}</clsid>
<name>Dossier favori du shell</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{20D04FE0-3AEA-1069-A2D8-08002B30309D}</clsid>
<name>Poste de travail</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{86747AC0-42A0-1069-A2E6-08002B30309D}</clsid>
<name>Porte-documents</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{0AFACED1-E828-11D1-9187-B532F1E9575D}</clsid>
<name>Raccourci vers le dossier</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{12518493-00B2-11d2-9FA5-9E3420524153}</clsid>
<name>Volume monté</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{21B22460-3AEA-1069-A2DC-08002B30309D}</clsid>
<name>Extension de la page de propriétés des fichiers</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{B091E540-83E3-11CF-A713-0020AFD79762}</clsid>
<name>Page des types de fichiers</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{FBF23B41-E3F0-101B-8488-00AA003E56F8}</clsid>
<name>Gestionnaire des types de fichiers MIME</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{C2FBB630-2971-11d1-A18C-00C04FD75D13}</clsid>
<name>Service Copier vers Microsoft</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{C2FBB631-2971-11d1-A18C-00C04FD75D13}</clsid>
<name>Service Déplacer vers Microsoft</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{13709620-C279-11CE-A49E-444553540000}</clsid>
<name>Service d'automatisation de l'interface</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}</clsid>
<name>Shell Automation Folder View</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{4622AD11-FF23-11d0-8D34-00A0C90F2719}</clsid>
<name>Menu Démarrer</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location>
<filepath>%systempath%\shell32.dll</filepath>
</addon>
- <addon Category="shellextension">
<clsid>{7BA4C740-9E81-11CF-99D3-00AA004AE837}</clsid>
<name>Service SendTo Microsoft</name>
<location>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</location La page XML ne peut pas être affichée
Impossible d'afficher l'entrée XML en utilisant la feuille de style XSL. Corrigez l'erreur, puis cliquez sur le bouton Actualiser ou réessayez ultérieurement.
--------------------------------------------------------------------------------
Le symbole point-virgule était attendu. Erreur de traitement de la ressource file:///C:/Program Files/a-squared HiJackFree/...
<name>&Liens</name>
------------^
A voir également:
- Pc infecté!!!
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
- Double ecran pc - Guide
3 réponses
1/télécharge et installe le logiciel HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
2/télécharge AVG Antispyware
https://www.avg.com/en-ww/free-antivirus-download
mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
3/ Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
("Download Latest Version", sur la droite).
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
4/ lance ccleaner , nettoyeur, et supprime tout ce qu'il trouve
5/ lance avg antispyware et supprime tout ce qu'il trouve et poste son rapport
6/ lance hijack this et poste le rapport
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
2/télécharge AVG Antispyware
https://www.avg.com/en-ww/free-antivirus-download
mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine.
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
3/ Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
("Download Latest Version", sur la droite).
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
4/ lance ccleaner , nettoyeur, et supprime tout ce qu'il trouve
5/ lance avg antispyware et supprime tout ce qu'il trouve et poste son rapport
6/ lance hijack this et poste le rapport
voici le log d'hijackthis: Logfile of HijackThis v1.99.1
Scan saved at 19:03:03, on 14/05/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {09958205-105F-497D-9197-F64972E6D0CC} - sysmon12.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINNT\system32\BhoECart.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [eCarteBleue-CLEO] "C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .cdx: C:\Program Files\Internet Explorer\PLUGINS\Npcdp32.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.vulnerabilite.com/antivirus/bitdefender/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
Scan saved at 19:03:03, on 14/05/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {09958205-105F-497D-9197-F64972E6D0CC} - sysmon12.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINNT\system32\BhoECart.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [eCarteBleue-CLEO] "C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe" /dontopenmycards
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .cdx: C:\Program Files\Internet Explorer\PLUGINS\Npcdp32.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.vulnerabilite.com/antivirus/bitdefender/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
· Télécharge Brute Force Uninstaller (de Merjin)
http://www.merijn.org/files/bfu.zip
et décompresse-le dans un dossier propre à lui (C:\BFU).
Fais un clic droit de souris sur ce lien :
http://metallica.geekstogo.com/EGDACCESS.bfu
et choisis "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..") afin de télécharger EGDACCESS.bfu, Type "Tous les fichiers". Sauvegarde dans le dossier créé (C:\BFU).
· télécharge Winsoftware.bfu et choisis "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..")
afin de télécharger Winsoftware.bfu, Type "Tous les fichiers".
·
http://www.alt-shift-return.org/Info/Fichiers/Winsoftware.bfu
Sauvegarde dans le dossier créé (c:\BFU)
· Télécharge Navipromo.zip (de Lazzzy)
· http://www.alt-shift-return.org/Info/Fichiers/Navipromo073.zip
et décompresse-le sur ton bureau.
· Copie la suite des instructions dans un fichier texte, sur ton bureau et Redémarre en mode sans échec
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou autre.
Lance le fichier Navipromo.bat qui se trouve dans le dossier Navipromo, sur ton bureau.
· Options :
Sélectionne l'option "Recherche et suppression automatique". Patiente.
·
S'il trouve quelque chose, tu verras défiler des lignes dans la fenêtre de commande et au bout de quelques instants, il faudra que tu appuies sur une touche pour que le nettoyage soit lancé puis valide en appuyant sur Entrée.
·
Relance l'outil, Sélectionne l'option "Suppression Heuristique", et patiente quelques minutes. Lorsqu'il a terminé, ferme le rapport qui s'est ouvert.
Démarre le "Brute Force Uninstaller" en double-cliquant sur BFU.exe.
Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : EGDACCESS.bfu
Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
Clique sur "Execute" et laisse-le faire son travail.
Attendre que "Complete script exécution" apparaisse et clique sur OK. Clique exit pour fermer le programme BFU.
Recommence encore une fois l'exécution du script Egdaccess.BFU
Démarre encore le "Brute Force Uninstaller" en double-cliquant sur BFU.exe.
Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : Winsoftware.bfu
- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Winsoftware.bfu
Clique sur "Execute" et laisse-le faire son travail.
Attendre que "Complete script execution" apparaisse et clique sur OK.
Clique exit pour fermer le programme BFU.
Recommence encore une fois
Démarrer -> panneau de configuration -> options internet.
o Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :
electronic-group - egroup - Montorgueil - VIP - "Sunny Day Design Ltd
Supprime-les tous.
Redémarre normalement et poste le contenu du fichier Navipromo.txt qui se trouve dans Poste de travail > disque C:\
http://www.merijn.org/files/bfu.zip
et décompresse-le dans un dossier propre à lui (C:\BFU).
Fais un clic droit de souris sur ce lien :
http://metallica.geekstogo.com/EGDACCESS.bfu
et choisis "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..") afin de télécharger EGDACCESS.bfu, Type "Tous les fichiers". Sauvegarde dans le dossier créé (C:\BFU).
· télécharge Winsoftware.bfu et choisis "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..")
afin de télécharger Winsoftware.bfu, Type "Tous les fichiers".
·
http://www.alt-shift-return.org/Info/Fichiers/Winsoftware.bfu
Sauvegarde dans le dossier créé (c:\BFU)
· Télécharge Navipromo.zip (de Lazzzy)
· http://www.alt-shift-return.org/Info/Fichiers/Navipromo073.zip
et décompresse-le sur ton bureau.
· Copie la suite des instructions dans un fichier texte, sur ton bureau et Redémarre en mode sans échec
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou autre.
Lance le fichier Navipromo.bat qui se trouve dans le dossier Navipromo, sur ton bureau.
· Options :
Sélectionne l'option "Recherche et suppression automatique". Patiente.
·
S'il trouve quelque chose, tu verras défiler des lignes dans la fenêtre de commande et au bout de quelques instants, il faudra que tu appuies sur une touche pour que le nettoyage soit lancé puis valide en appuyant sur Entrée.
·
Relance l'outil, Sélectionne l'option "Suppression Heuristique", et patiente quelques minutes. Lorsqu'il a terminé, ferme le rapport qui s'est ouvert.
Démarre le "Brute Force Uninstaller" en double-cliquant sur BFU.exe.
Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : EGDACCESS.bfu
Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
Clique sur "Execute" et laisse-le faire son travail.
Attendre que "Complete script exécution" apparaisse et clique sur OK. Clique exit pour fermer le programme BFU.
Recommence encore une fois l'exécution du script Egdaccess.BFU
Démarre encore le "Brute Force Uninstaller" en double-cliquant sur BFU.exe.
Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : Winsoftware.bfu
- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Winsoftware.bfu
Clique sur "Execute" et laisse-le faire son travail.
Attendre que "Complete script execution" apparaisse et clique sur OK.
Clique exit pour fermer le programme BFU.
Recommence encore une fois
Démarrer -> panneau de configuration -> options internet.
o Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :
electronic-group - egroup - Montorgueil - VIP - "Sunny Day Design Ltd
Supprime-les tous.
Redémarre normalement et poste le contenu du fichier Navipromo.txt qui se trouve dans Poste de travail > disque C:\
