Et tu rames, rames, rames....

Question

Salut,

mon ordi rame comme pas permis, n'ouvre plus certaine page, ou alors les ferme quand il veut...vu que c'est peut-etre du à un virus, j'poste mon message ici en espérant une réponse rapide, et accessoirement des solutions....

Merci d'avance.

gen-hackman · Answer

salut....alors accessoirement tu peux faire ceci :


commences par ceci pour voir ce qu'il en est,avoir un diagnostic précis et donc repérer les infections possibles et les neutraliser....: 


Télécharges et installes le logiciel de diagnostic HijackThis : 

ici HijackThis 
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe 
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html 

1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation . 
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge . 
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme : 
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " . 

tuto pour utilisation : 
Regardes ici, c'est parfaitement expliqué en images (merci balltrap34), 
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm 
( Ne fixes encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement ) 

2- !! Déconnectes toi et fermes toute tes applications en cours !! 

Cliques sur le raccourci du bureau pour lancer le prg : 
fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile" 

---> Postes le rapport généré pour analyse ...

NightmareTheWorld · Answer

C'est ça? :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:16, on 14/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8860372E-84FB-48E8-92A0-31E59A5671FB} - C:\windows\zavsmob.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Hold option boob bin] C:\Documents and Settings\All Users\Application Data\ford does hold option\exit four.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

gen-hackman · Answer

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau : 
http://oldtimer.geekstogo.com/OTMoveIt3.exe 

---> Double-clique sur OTMoveIt3.exe afin de le lancer. 

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes 
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Hold option boob bin"=-
 

:files 
C:\Documents and settings\all users\àpplication data\ford does hold option\exit four.exe

:Commands
[purity] 
[emptytemp] 
[Reboot] 


---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3. 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log 


source Chiquitine29.....................;-)

NightmareTheWorld · Answer

Pour le coup j'crois que j'ai un peu foiré l'truc...mais j'te passe comme mm ce que j'ai trouvé :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Hold option boob bin deleted successfully.
========== FILES ==========
File/Folder C:\Documents and settings\all users\àpplication data\ford does hold option\exit four.exe not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_21c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
 
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12142008_165738

Files moved on Reboot...
C:\WINDOWS	emp\Perflib_Perfdata_21c.dat moved successfully.

gen-hackman · Answer

renvoies hijackthis stp

NightmareTheWorld · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:18, on 14/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8860372E-84FB-48E8-92A0-31E59A5671FB} - C:\windows\zavsmob.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

gen-hackman · Answer

relance hijackthis "do a system scan" , coches ces lignes et "fix checked" : O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe ensuite mets internet explorer a jour via windows up^date ensuite : C'est peut etre un peu long mais ......ton pc.......ira 100 fois mieux(version marseillaise) : 1)Telecharge : ------------- https://www.clubic.com/telecharger-fiche262022-purera.html coche tout a droite , et "clean" ensuite : ----------- http://www.commentcamarche.net/telecharger/cleanafterme 34056612 avis opinions.php3 meme chose tu coches tout et "clean selected items" source = Gen-Hackman..........et puis a faire aussi : 2) ---> Télécharge ToolsCleaner2 sur ton Bureau. * Double-clique sur ToolsCleaner2.exe pour le lancer. * Clique sur Recherche et laisse le scan agir. * Clique sur Suppression pour finaliser. * Tu peux, si tu le souhaites, te servir des Options Facultatives. * Clique sur Quitter pour obtenir le rapport. * Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 3/ ---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) : http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner * Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc.... * Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. * Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse(Sauvegarde la base de registre). * Veille a ce que dans les options le reglage soit au demarrage de windows et réglé sur "effacement securisé" 35 passes (guttman) * Décoche la case plus vieux que 48 h 4/ Désactive et réactive ta restauration system : (1) Désactiver la Restauration du système cliques sur Démarrer Cliques droit sur Poste de travail cliques sur Propriétés Cliques sur l'onglet Restauration du système Coches Désactiver la Restauration du système sur tous les lecteurs Cliques sur Appliquer, Lorsque le message de confirmation apparaît, cliques sur Oui. Cliques sur OK. (2) Activer la Restauration du système cliques sur Démarrer Cliques droit sur Poste de travail cliques sur Propriétés Cliques sur l'onglet Restauration du système Décoches Désactiver la Restauration du système sur tous les lecteurs Cliques sur Appliquer, Lorsque le message de confirmation apparaît, cliques sur Oui. Cliques sur OK. ---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème : https://www.vulgarisation-informatique.com/creer-point-restauration.php stp poste tous les rapports delivrés....merci..... si tu as deja Ccleaner ne tiens pas compte du N°3.....mais fais ce qu il est demande avec (desole le canned est pour tout le monde....lol) Attention : ne pas toucher au PC pendant qu'il travaille ! B-Nettoyage et Défragmentation de tes Disques *Nettoyage : Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général" Cliques sur le bouton "nettoyage de disque", OK tu le fais pour chacun de tes disques *Vérifications des erreurs : Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil" "Vérifier maintenant", une boîte s'ouvre, cocher les cases : -réparer automatiquement les erreurs... -rechercher et tenter une récupération... --->Démarrer, ok Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal tu le fais pour chacun de tes disques ensuite toujours dans le même onglet tu choisis : *Défragmentation : "défragmenter maintenant", OK une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK tu le fais pour chacun de tes disques Note : si tu as un utilitaire pour défragmenter , utilises le à la place ... pour ce faire je te conseille ceci : https://www.clubic.com/telecharger-fiche44314-defraggler.html C-Crées un point de restauration de ton PC : Aller dans le Menu Démarrer puis dans Programmes, - Ensuite dans Accessoires et enfin dans Outils système, - Choisir "Restauration du système", - Sélectionner "Créer un point de restauration", - Cliquer sur "Suivant", - Entrer un nom pour le point de restauration (ce nom doit être assez évocateur), exemple : << Point restauration sain >> . --> Cliquer sur "Créer" et le point de restauration se créé automatiquement. > Peux-tu vérifier ta console JAVA ici ? : https://www.java.com/fr/download/uninstalltool.jsp et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version). Pour info. ou en cas de problème : http://assiste.com.free.fr/p/abc/c/anti_java.html > Mets à jour Acrobat si ce n'est pas le cas (désinstalle avant la version antérieure) : https://get2.adobe.com/reader/otherversions/ > Télécharge et installe Update Checker : https://filehippo.com/windows/tuning-utilities/ - Lance le programme. Une page web de ce type va s'ouvrir. - Fais les mises à jour de tous les logiciels proposés pour Update. Je ne te conseille pas de faire celles pour les versions béta (elles peuvent être instables). - Fais un copier/coller de la liste de éléments "Updates". Puis poste la sur le forum. - Une fois les mises à jour effectuées, relance ton PC. Tuto si problèmes : https://www.commentcamarche.net/list 9908 update checker vos logiciels sont ils a jour > Télécharge et installe Easy Cleaner : https://www.01net.com/telecharger/windows/Utilitaire/registre/fiches/8351.html (lien miroir : https://www.clubic.com/telecharger-fiche11170-easycleaner.html ) - Lance le programme puis clique sur puis sur . - A la fin du scan clique sur puis confirme par puis quitte le programme. Si besoin tuto ici : https://www.pcparadise.fr et http://www.6ma.fr/tuto/easycleaner-nettoyer-windows-des-elements-obsoletes/ > Tu peux aussi vider ta corbeille......quoi que Ccleaner le fasse tout seul....... > Si nous avons utilisé MalwaresByte's Anti-Malware : vide sa quarantaine. - Lance le programme puis clique sur . - Sélectionne tous les éléments puis clique sur . - Quitte la programme. > Idem pour ton antivirus : vide sa quarantaine si ce n'est pas déjà fait... > Désactive et réactive la restauration de système, pour cela : suis les instructions de ce lien : liens XP: http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924 liens Vista : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/4f60eedf1156c8068525695b005ca288/c066b2e9a50cc948802572870032b170?OpenDocument ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Quelques conseils et recommandations pour l'avenir : > Passe un coup d'AGV et/ou de MalwareByte's Anti-Malware et de Ccleaner de temps en temps (1 fois par semaine à 1 fois par mois, suivant l'utilisation que tu fais de ton PC. Tu peux aussi décocher la casse dans l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures"). - Utilise aussi tes autres logiciels de protection (scannes antivirus, antispywares...). N'oublie pas de faire les mises à jour avant de les utiliser. - Pense aussi à faire une défragmentation de tes disques durs de temps en temps (garde suffisamment d'espace sur C:\ (1/3 de libre pour être à l'aise)) > Pour bien protéger ton PC : [1 seul Antivirus] + [1 seul Pare feu (/!\ les routeurs et box en possèdent un)] + [Quelques Antispywares] + [Mises à Jour récentes Windows et Logiciels de Protection] + [Utilisation de Firefox -ou autres- (Internet Explorer présente des failles de sécurité qui mettent longtemps avant d'être corrigées mais il faut absolument le conserver pour les mises à jour Windows)] + [Utilisation du PC en mode Invité (= limité). Lors d'une infection en mode administrateur le PC est beaucoup plus vulnérable. Voir ICI] PS : En fait la meilleure des protections c'est toi même : ce que tu fais avec ton PC : où tu surfes, télécharges...ect.... Les virus utilisent les failles de ton PC pour infecter un système. Info : http://assiste.com.free.fr/p/abc/a/zombies_et_botnets.html > Quelques liens utiles : - https://www.commentcamarche.net/list 2432 securite proteger un ordinateur contre les malwares d internet - https://sebsauvage.net/safehex.html - https://www.zebulon.fr/telechargements/securite/protection-donnees-personnelles/spywareblaster.html (= petit logiciel qui bloque l'installation d'activ-X nuisibles au PC. Fonctionne en arrière plan) et au final dernier petite chose : http://www.commentcamarche.net/faq/sujet 11365 mettre son poste en probleme resolu Voila, Bonne lecture.... source : DllD..............;-) ET enfin si tu comprends bien l anglais tu peux faire des peaufinages ici : https://docs.microsoft.com/en-us/sysinternals/ https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/ mais sois sur de ce que tu fais quand meme................ Gen-hackman.......................

NightmareTheWorld · Answer

ah, merde j'ai juste mal lu, 2 secondes j'fais comme tu m'as dit et j'te réponds tt à l'heure!^^"

gen-hackman · Answer

Tout a droite

NightmareTheWorld · Answer

rahhhhhhhhh, c'est chiant cleanafterme est un sacré bordel!srx ça ma bloqué ma souris, pourtant j'ai fait comme t'as dit : j'ai coché toutes les cases...........help.............

gen-hackman · Answer

oui mais si tu redemarres normalement il te la reinstalle

gen-hackman · Answer

d ailleur je pense que c est plutot purera qui t a bloque ta souris( plus logique)

NightmareTheWorld · Answer

re,

donc v'la les rapports :

[ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\kira\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\kira\Mes documents\HJTInstall.exe: trouvé !
C:\Documents and Settings\kira\Mes documents\OTMoveIt3.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

p.s : dsl du r'tard, j'te passe les autres rapports dans d'autres messages

NightmareTheWorld · Answer

Euh...pas sur qu'ce soit un rapport mais j'retrouve plus que ça dans mes docs : GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License.

gen-hackman · Answer

ok

gen-hackman · Answer

c est juste une license de logiciel....

voila penses a verifier java et adobe comme indiqué plus haut

NightmareTheWorld · Answer

ah, ouais...j'aurais p-e du lire avant...mais c'est ok, là?j'ai plus rien à faire?

gen-hackman · Answer

une fois tout ceci fait pas a pas je pende que tu peux aller vaquer a tes occupations favorites : le surf........sur internet......lol

NightmareTheWorld · Answer

pour etre honnete je peux pas trop retourner à....mon activité favorite, parce que j'ai  encore de gros problèmes...

https://imageshack.com/

ce truc arrete pas de s'afficher et ça ferme toutes mes pages internet!

gen-hackman · Answer

http://siri.urz.free.fr/Fix/SmitfraudFix.php
 

 
4.Télécharger Smitfraudfix par S!RI : 
Décompresser l'archive 
Exécuter le en double cliquant sur Smitfraudfix.cmd 
Appuyer sur une touche pour continuer 
Arriver à l'invite de commande, saisir la lettre L afin de basculer le fix en langue française 
Au menu, choisir l’option 4 puis 1 : Recherche 
Poster le rapport ainsi généré dans le forum Virus/Sécurité (ou le cas échéant à la suite de votre message) :

NightmareTheWorld · Answer

comment ça dans le virus?je fais un autre topic?oO
vu que j'ai pas trop capté, v'la le rapport...ici :

SmitFraudFix v2.387

Rapport fait à 20:19:33,76, 24/12/2008
Executé à partir de C:\Documents and Settings\kira\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kira\Mes documents\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\iexplorer.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\kira


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\kira\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\kira\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\kira\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau virtuelle FreeBox USB - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BFBAA2CE-01F2-4F0E-8378-8AB4F1C236FB}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BFBAA2CE-01F2-4F0E-8378-8AB4F1C236FB}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BFBAA2CE-01F2-4F0E-8378-8AB4F1C236FB}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BFBAA2CE-01F2-4F0E-8378-8AB4F1C236FB}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

gen-hackman · Answer

Nettoyage : 
Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter. 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5). 

http://www.coupdepoucepc.com/modules/news/article.php?storyi­d=253 
http://www.micro-astuce.com/depannage/demarrer-mode-sans-ech­ec 

------------------------------------------------------------­---------------- 
Relance le programme Smitfraud, 
Cette fois choisit l’option 2, répond oui a tous ; 
Sauvegarde le rapport, 
Redémarre en mode normal, 
copie/colle le rapport sauvegardé sur le forum 

process.exe 
est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 
http://www.beyondlogic.org/consulting/processutil/processuti­l.htm

NightmareTheWorld · Answer

SmitFraudFix v2.387

Rapport fait à 20:48:25,65, 24/12/2008
Executé à partir de C:\Documents and Settings\kira\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\iexplorer.exe supprimé
C:\Program Files\Google\googletoolbar1.dll supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BFBAA2CE-01F2-4F0E-8378-8AB4F1C236FB}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BFBAA2CE-01F2-4F0E-8378-8AB4F1C236FB}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BFBAA2CE-01F2-4F0E-8378-8AB4F1C236FB}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BFBAA2CE-01F2-4F0E-8378-8AB4F1C236FB}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

gen-hackman · Answer

4- Télécharge MalwareByte's :
ici https://www.commentcamarche.net/telecharger/ 34055379 malwarebytes anti malware
ou ici : http://www.malwarebytes.org/mbam.php

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport hijackthis pour analyse ...

NightmareTheWorld · Answer

euh...j'peux pas télécharger MalwareByte...t'aurais pas un autre lien?

gen-hackman · Answer

bonjour ca dit quoi ?message d'erreur ?

tu as redemarre entre temps ?

T'Chiki · Answer

INFECTION LOP


Bonne suite

gen-hackman · Answer

merci chef.....

j'hesitais entre ca et det.DNS


tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

NightmareTheWorld · Answer

Pour l'premier truc que j'arrivais pas à télécharger, y avait pas de messages d'erreurs, le truc ce bloquer juste...il s'arretait à 26% ou mm à 99% (c'bâtard....)




--------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2600+ )
   BIOS : Default System BIOS
   USER : kira ( Administrator )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:74 Go (Free:68 Go)
   D:\ (CD or DVD)
   E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 26/12/2008|13:45 )
 
   --------------------\  Listing des dossiers dans APPLIC~1

   [14/12/2008|13:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
   [15/11/2008|14:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [15/11/2008|14:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
   [15/11/2008|14:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
   [15/11/2008|14:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\TuneUp Software
   [15/11/2008|14:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Webroot

   [01/12/2008|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [28/11/2008|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
   [15/11/2008|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [21/12/2008|19:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Emjysoft
   [08/12/2008|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option
   [04/12/2008|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [15/11/2008|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
   [21/12/2008|19:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [17/11/2008|14:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [20/11/2008|21:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller


   [15/11/2008|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [23/11/2008|20:12] C:\DOCUME~1\INVIT~1\APPLIC~1\ACD Systems
   [29/11/2008|14:39] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
   [05/12/2008|07:52] C:\DOCUME~1\INVIT~1\APPLIC~1\Google
   [19/11/2008|13:04] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
   [19/11/2008|13:06] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
   [21/12/2008|20:00] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft

   [29/11/2008|15:25] C:\DOCUME~1\kira\APPLIC~1\About proc
   [29/11/2008|19:22] C:\DOCUME~1\kira\APPLIC~1\ACD Systems
   [09/12/2008|16:35] C:\DOCUME~1\kira\APPLIC~1\Adobe
   [08/12/2008|16:29] C:\DOCUME~1\kira\APPLIC~1\dvdcss
   [05/12/2008|07:56] C:\DOCUME~1\kira\APPLIC~1\Google
   [29/11/2008|15:19] C:\DOCUME~1\kira\APPLIC~1\Identities
   [29/11/2008|15:20] C:\DOCUME~1\kira\APPLIC~1\Macromedia
   [21/12/2008|18:23] C:\DOCUME~1\kira\APPLIC~1\Microsoft
   [29/11/2008|15:50] C:\DOCUME~1\kira\APPLIC~1\Mozilla
   [02/12/2008|19:02] C:\DOCUME~1\kira\APPLIC~1\Shareaza
   [15/12/2008|21:17] C:\DOCUME~1\kira\APPLIC~1\Sun
   [29/11/2008|15:50] C:\DOCUME~1\kira\APPLIC~1\Talkback
   [29/11/2008|16:08] C:\DOCUME~1\kira\APPLIC~1\TuneUp Software
   [03/12/2008|11:57] C:\DOCUME~1\kira\APPLIC~1\vlc
   [21/12/2008|18:36] C:\DOCUME~1\kira\APPLIC~1\Windows Live Writer

   [15/11/2008|14:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [15/11/2008|14:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [25/12/2008 21:00][--ah-----] C:\WINDOWS	asks\A8A2986491850EF4.job
   [26/12/2008 13:05][--ah-----] C:\WINDOWS	asks\SA.DAT
   [31/12/2002 13:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   ( A8A2986491850EF4.job )=( c:\docume~1\becks\applic~1\aboutp~1\grambagsidol.exe )

   --------------------\  Listing des dossiers dans C:\Program Files

   [08/12/2008|13:08] C:\Program Files\About proc
   [22/11/2008|15:57] C:\Program Files\Adobe
   [08/12/2008|13:58] C:\Program Files\Ahead
   [28/11/2008|22:37] C:\Program Files\Avanquest update
   [14/12/2008|19:54] C:\Program Files\CCleaner
   [15/11/2008|14:06] C:\Program Files\ComPlus Applications
   [15/11/2008|14:12] C:\Program Files\CyberLink
   [15/12/2008|21:12] C:\Program Files\Defraggler
   [21/12/2008|19:04] C:\Program Files\Emjysoft
   [14/12/2008|15:53] C:\Program Files\eMule
   [15/11/2008|14:14] C:\Program Files\Executive Software
   [08/12/2008|14:01] C:\Program Files\Fichiers communs
   [15/12/2008|21:23] C:\Program Files\filehippo.com
   [17/11/2008|14:03] C:\Program Files\Free.fr
   [24/12/2008|20:49] C:\Program Files\Google
   [15/11/2008|14:12] C:\Program Files\Illustrate
   [28/11/2008|22:35] C:\Program Files\InstallShield Installation Information
   [20/11/2008|20:40] C:\Program Files\Internet Explorer
   [15/12/2008|21:19] C:\Program Files\Java
   [15/11/2008|14:12] C:\Program Files\Kerio
   [15/11/2008|14:12] C:\Program Files\Lavasoft
   [18/11/2008|18:16] C:\Program Files\Messenger
   [21/12/2008|18:13] C:\Program Files\Microsoft
   [21/12/2008|18:15] C:\Program Files\Microsoft Silverlight
   [21/12/2008|18:14] C:\Program Files\Microsoft SQL Server Compact Edition
   [21/12/2008|18:15] C:\Program Files\Microsoft Sync Framework
   [29/11/2008|13:30] C:\Program Files\Motorola Phone Tools
   [15/11/2008|14:07] C:\Program Files\Movie Maker
   [29/11/2008|15:50] C:\Program Files\Mozilla Firefox
   [15/11/2008|14:06] C:\Program Files\MSN Gaming Zone
   [22/12/2008|14:09] C:\Program Files\MSN Messenger
   [15/11/2008|14:07] C:\Program Files\NetMeeting
   [15/11/2008|14:07] C:\Program Files\Outlook Express
   [24/12/2008|15:13] C:\Program Files\PhotoFiltre
   [15/11/2008|14:14] C:\Program Files\PowerQuest
   [29/11/2008|15:42] C:\Program Files\RocketDock
   [15/11/2008|14:08] C:\Program Files\Services en ligne
   [10/12/2008|18:56] C:\Program Files\Shareaza
   [15/11/2008|14:13] C:\Program Files\SiSoftware
   [07/12/2008|00:16] C:\Program Files\SlySoft
   [15/11/2008|14:12] C:\Program Files\SuperCopier
   [14/12/2008|16:48] C:\Program Files\Trend Micro
   [14/12/2008|13:40] C:\Program Files\TuneUp Utilities 2004
   [27/10/2004|16:09] C:\Program Files\UltraISO
   [17/11/2008|14:05] C:\Program Files\Uninstall Information
   [03/12/2008|11:56] C:\Program Files\VideoLAN
   [24/12/2008|15:48] C:\Program Files\Virtualdub
   [15/11/2008|14:12] C:\Program Files\Webroot
   [15/11/2008|14:12] C:\Program Files\Winamp
   [22/12/2008|14:08] C:\Program Files\Windows Live
   [21/12/2008|18:13] C:\Program Files\Windows Live SkyDrive
   [15/11/2008|14:12] C:\Program Files\Windows Media Player
   [15/11/2008|14:05] C:\Program Files\Windows NT
   [15/11/2008|14:08] C:\Program Files\WindowsUpdate
   [26/10/2004|14:04] C:\Program Files\WinRAR
   [14/12/2008|19:54] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [06/12/2008|23:47] C:\Program Files\Fichiers communs\ACD Systems
   [22/11/2008|15:58] C:\Program Files\Fichiers communs\Adobe
   [15/11/2008|14:14] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [15/11/2008|14:13] C:\Program Files\Fichiers communs\Ahead
   [28/11/2008|22:35] C:\Program Files\Fichiers communs\InstallShield
   [21/12/2008|18:13] C:\Program Files\Fichiers communs\Microsoft Shared
   [15/11/2008|14:07] C:\Program Files\Fichiers communs\MSSoap
   [08/12/2008|14:01] C:\Program Files\Fichiers communs\Nero
   [15/11/2008|15:01] C:\Program Files\Fichiers communs\ODBC
   [15/11/2008|14:07] C:\Program Files\Fichiers communs\Services
   [15/11/2008|15:01] C:\Program Files\Fichiers communs\SpeechEngines
   [15/11/2008|14:07] C:\Program Files\Fichiers communs\System
   [20/11/2008|20:31] C:\Program Files\Fichiers communs\Windows Live
   [20/11/2008|20:23] C:\Program Files\Fichiers communs\WindowsLiveInstaller

   --------------------\  Process

   ( 22 Processes )

   iexplore.exe ~ [PID:656]

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\exit four.exe
   C:\DOCUME~1\kira\APPLIC~1\aboutp~1
   C:\Program Files\aboutp~1
   C:\WINDOWS\Tasks\A8A2986491850EF4.job
 
   --------------------\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-12-26 13:48:15
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:19][D:0]-> C:\DOCUME~1\kira\Cookies
   [F:48][D:4]-> C:\DOCUME~1\kira\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 26/12/2008|13:48 - Option : [1]

   --------------------\  Fin du rapport a 13:48:59

gen-hackman · Answer

tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option "nettoyage*
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

NightmareTheWorld · Answer

Y a pas nettoyage : https://imageshack.com/

gen-hackman · Answer

ben alors la......je suis collé

gen-hackman · Answer

refais le et "suppressions + hosts"

Merci D5

NightmareTheWorld · Answer

--------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2600+ )
   BIOS : Default System BIOS
   USER : kira ( Administrator )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:74 Go (Free:68 Go)
   D:\ (CD or DVD)
   E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [2] ( 26/12/2008|17:51 )


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\exit four.exe
   Supprime! - C:\WINDOWS\Tasks\A8A2986491850EF4.job 
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option
   Supprime! - C:\DOCUME~1\kira\APPLIC~1\aboutp~1
   Supprime! - C:\Program Files\aboutp~1
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans APPLIC~1

   [14/12/2008|13:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
   [15/11/2008|14:16] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [15/11/2008|14:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
   [15/11/2008|14:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
   [15/11/2008|14:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\TuneUp Software
   [15/11/2008|14:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Webroot

   [01/12/2008|18:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [28/11/2008|22:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
   [15/11/2008|14:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [21/12/2008|19:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Emjysoft
   [04/12/2008|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [15/11/2008|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
   [26/12/2008|15:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [21/12/2008|19:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [17/11/2008|14:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [20/11/2008|21:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller


   [15/11/2008|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [23/11/2008|20:12] C:\DOCUME~1\INVIT~1\APPLIC~1\ACD Systems
   [29/11/2008|14:39] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
   [05/12/2008|07:52] C:\DOCUME~1\INVIT~1\APPLIC~1\Google
   [19/11/2008|13:04] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
   [19/11/2008|13:06] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
   [21/12/2008|20:00] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft

   [29/11/2008|19:22] C:\DOCUME~1\kira\APPLIC~1\ACD Systems
   [09/12/2008|16:35] C:\DOCUME~1\kira\APPLIC~1\Adobe
   [08/12/2008|16:29] C:\DOCUME~1\kira\APPLIC~1\dvdcss
   [05/12/2008|07:56] C:\DOCUME~1\kira\APPLIC~1\Google
   [29/11/2008|15:19] C:\DOCUME~1\kira\APPLIC~1\Identities
   [29/11/2008|15:20] C:\DOCUME~1\kira\APPLIC~1\Macromedia
   [21/12/2008|18:23] C:\DOCUME~1\kira\APPLIC~1\Microsoft
   [29/11/2008|15:50] C:\DOCUME~1\kira\APPLIC~1\Mozilla
   [02/12/2008|19:02] C:\DOCUME~1\kira\APPLIC~1\Shareaza
   [15/12/2008|21:17] C:\DOCUME~1\kira\APPLIC~1\Sun
   [29/11/2008|15:50] C:\DOCUME~1\kira\APPLIC~1\Talkback
   [29/11/2008|16:08] C:\DOCUME~1\kira\APPLIC~1\TuneUp Software
   [03/12/2008|11:57] C:\DOCUME~1\kira\APPLIC~1\vlc
   [21/12/2008|18:36] C:\DOCUME~1\kira\APPLIC~1\Windows Live Writer

   [15/11/2008|14:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [15/11/2008|14:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [26/12/2008 16:01][--ah-----] C:\WINDOWS	asks\SA.DAT
   [31/12/2002 13:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [22/11/2008|15:57] C:\Program Files\Adobe
   [08/12/2008|13:58] C:\Program Files\Ahead
   [28/11/2008|22:37] C:\Program Files\Avanquest update
   [14/12/2008|19:54] C:\Program Files\CCleaner
   [15/11/2008|14:06] C:\Program Files\ComPlus Applications
   [15/11/2008|14:12] C:\Program Files\CyberLink
   [15/12/2008|21:12] C:\Program Files\Defraggler
   [21/12/2008|19:04] C:\Program Files\Emjysoft
   [14/12/2008|15:53] C:\Program Files\eMule
   [15/11/2008|14:14] C:\Program Files\Executive Software
   [08/12/2008|14:01] C:\Program Files\Fichiers communs
   [15/12/2008|21:23] C:\Program Files\filehippo.com
   [17/11/2008|14:03] C:\Program Files\Free.fr
   [24/12/2008|20:49] C:\Program Files\Google
   [15/11/2008|14:12] C:\Program Files\Illustrate
   [28/11/2008|22:35] C:\Program Files\InstallShield Installation Information
   [20/11/2008|20:40] C:\Program Files\Internet Explorer
   [15/12/2008|21:19] C:\Program Files\Java
   [15/11/2008|14:12] C:\Program Files\Kerio
   [15/11/2008|14:12] C:\Program Files\Lavasoft
   [18/11/2008|18:16] C:\Program Files\Messenger
   [26/12/2008|15:51] C:\Program Files\Messenger Plus! Live
   [21/12/2008|18:13] C:\Program Files\Microsoft
   [21/12/2008|18:15] C:\Program Files\Microsoft Silverlight
   [21/12/2008|18:14] C:\Program Files\Microsoft SQL Server Compact Edition
   [21/12/2008|18:15] C:\Program Files\Microsoft Sync Framework
   [29/11/2008|13:30] C:\Program Files\Motorola Phone Tools
   [15/11/2008|14:07] C:\Program Files\Movie Maker
   [29/11/2008|15:50] C:\Program Files\Mozilla Firefox
   [15/11/2008|14:06] C:\Program Files\MSN Gaming Zone
   [26/12/2008|16:01] C:\Program Files\MSN Messenger
   [15/11/2008|14:07] C:\Program Files\NetMeeting
   [15/11/2008|14:07] C:\Program Files\Outlook Express
   [24/12/2008|15:13] C:\Program Files\PhotoFiltre
   [15/11/2008|14:14] C:\Program Files\PowerQuest
   [29/11/2008|15:42] C:\Program Files\RocketDock
   [15/11/2008|14:08] C:\Program Files\Services en ligne
   [10/12/2008|18:56] C:\Program Files\Shareaza
   [15/11/2008|14:13] C:\Program Files\SiSoftware
   [07/12/2008|00:16] C:\Program Files\SlySoft
   [15/11/2008|14:12] C:\Program Files\SuperCopier
   [14/12/2008|16:48] C:\Program Files\Trend Micro
   [14/12/2008|13:40] C:\Program Files\TuneUp Utilities 2004
   [27/10/2004|16:09] C:\Program Files\UltraISO
   [17/11/2008|14:05] C:\Program Files\Uninstall Information
   [03/12/2008|11:56] C:\Program Files\VideoLAN
   [24/12/2008|15:48] C:\Program Files\Virtualdub
   [15/11/2008|14:12] C:\Program Files\Webroot
   [15/11/2008|14:12] C:\Program Files\Winamp
   [26/12/2008|15:51] C:\Program Files\Windows Live
   [21/12/2008|18:13] C:\Program Files\Windows Live SkyDrive
   [15/11/2008|14:12] C:\Program Files\Windows Media Player
   [15/11/2008|14:05] C:\Program Files\Windows NT
   [15/11/2008|14:08] C:\Program Files\WindowsUpdate
   [26/10/2004|14:04] C:\Program Files\WinRAR
   [14/12/2008|19:54] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [06/12/2008|23:47] C:\Program Files\Fichiers communs\ACD Systems
   [22/11/2008|15:58] C:\Program Files\Fichiers communs\Adobe
   [15/11/2008|14:14] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [15/11/2008|14:13] C:\Program Files\Fichiers communs\Ahead
   [28/11/2008|22:35] C:\Program Files\Fichiers communs\InstallShield
   [21/12/2008|18:13] C:\Program Files\Fichiers communs\Microsoft Shared
   [15/11/2008|14:07] C:\Program Files\Fichiers communs\MSSoap
   [08/12/2008|14:01] C:\Program Files\Fichiers communs\Nero
   [15/11/2008|15:01] C:\Program Files\Fichiers communs\ODBC
   [15/11/2008|14:07] C:\Program Files\Fichiers communs\Services
   [15/11/2008|15:01] C:\Program Files\Fichiers communs\SpeechEngines
   [15/11/2008|14:07] C:\Program Files\Fichiers communs\System
   [20/11/2008|20:31] C:\Program Files\Fichiers communs\Windows Live
   [20/11/2008|20:23] C:\Program Files\Fichiers communs\WindowsLiveInstaller

   --------------------\  Process

   ( 23 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\DOCUME~1\kira\Cookies\kira@advertising[2].txt
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-12-26 17:54:28
   Windows 5.1.2600 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:59][D:2]-> C:\DOCUME~1\kira\LOCALS~1\Temp
   [F:72][D:0]-> C:\DOCUME~1\kira\Cookies
   [F:1803][D:4]-> C:\DOCUME~1\kira\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 26/12/2008|13:48 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 26/12/2008|17:55 - Option : [2]

   --------------------\  Fin du rapport a 17:55:19

gen-hackman · Answer

relance hijackthis stp

NightmareTheWorld · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:11, on 26/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8860372E-84FB-48E8-92A0-31E59A5671FB} - C:\windows\zavsmob.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

NightmareTheWorld · Answer

je vais poster mon rapport sur le forum parce que j'veux en finir vite, alors j'te tiens au courant, si on m'répond vite.

NightmareTheWorld · Answer

euh...pourquoi le mien a été supprimé?D'autres ont posté leur rapprot...m'enfin, pas grave, merci d'avoir prévenu.

gen-hackman · Answer

bonsoir désole pour le retard mais j'etais a table


Télécharge Random's System Information Tool (RSIT) par random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
* Double-clique sur RSIT.exe afin de lancer RSIT.
* Clique sur Continue à l'écran Disclaimer.
* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

--> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NightmareTheWorld · Answer

Non, c'est rien, j'étais préssé parce que j'pensais que j'irai chez mon père la 2ème semaine, mais j'reste donc c'est ok.
premier rapport log :

Logfile of random's system information tool 1.05 (written by random/random)
Run by kira at 2008-12-28 13:55:58
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 70 GB (92%) free of 76 GB
Total RAM: 511 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:00, on 28/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kira\Mes documents\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\kira.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8860372E-84FB-48E8-92A0-31E59A5671FB} - C:\windows\zavsmob.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

NightmareTheWorld · Answer

info.txt logfile of random's system information tool 1.05 2008-12-28 13:56:01 ======Uninstall list====== -->C:\WINDOWS\UNNMP.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Professional-->C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2} Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat dBpowerAMP Ogg Vorbis Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe" Diskeeper Professional Edition-->MsiExec.exe /I{E87BE7F8-3077-40C1-8592-956F649A2781} Easy Clean 2007 v3.00-->"C:\Program Files\Emjysoft\EasyClean\unins000.exe" eMule-->"C:\Program Files\eMule\Uninstall.exe" filehippo.com Update Checker-->"C:\Program Files\filehippo.com\uninstall.exe" Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe Galerie de photos Windows Live-->MsiExec.exe /X{43563ACB-371B-4C58-8979-B192B390424C} Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0} Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A} Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Search Enhancement Pack-->MsiExec.exe /I{299CF645-48C7-4FA1-8BCD-5CE200CF180D} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Motorola Phone Tools-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly Mozilla Firefox (0.9.3)-->C:\WINDOWS\UninstallFirefox.exe /ua "0.9.3 (fr)" MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Nero 6 Demo-->C:\Program Files\Ahead ero\uninstall\UNNERO.exe /UNINSTALL Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID="" Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe" SiSoftware Sandra Professionnel 2004.SP2 (Win32 x86)-->"C:\Program Files\SiSoftware\SiSoftware Sandra Professionnel 2004.SP2 (Win32 x86)\unins000.exe" Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe" SuperCopier-->"C:\Program Files\SuperCopier\SCUninst.exe" TuneUp Utilities 2004-->MsiExec.exe /I{2C3738C9-56FA-410A-BCB5-79C5DFD238F0} UltraISO V7.23 ME-->"C:\Program Files\UltraISO\unins000.exe" VIA Bus Master Ultra ATA Driver (Remove)-->RunDll32 VIAIDECO.dll,UninstallIDE VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B} Windows Live Contrôle parental-->MsiExec.exe /X{EB8BAA0D-11EF-4EDC-A960-2AB7CA8F53F0} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A} Windows Live Toolbar-->MsiExec.exe /X{915809D6-1F93-45F2-9699-5F1DA64DC24B} Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Messenger 5.1-->MsiExec.exe /I{6E127288-02BD-4DB8-B46B-D9B2BB3C268C} =====HijackThis Backups===== O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray Securitycenter WMI appears to be broken System event log Computer Name: PC Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free. Record Number: 5 Source Name: EventLog Time Written: 20081214202157.000000+060 Event Type: Informations User: Computer Name: PC Event Code: 6006 Message: Le service d'Enregistrement d'événement a été arrêté. Record Number: 4 Source Name: EventLog Time Written: 20081214200514.000000+060 Event Type: Informations User: Computer Name: PC Event Code: 115 Message: Le suivi de la Restauration système a été activé sur tous les lecteurs. Record Number: 3 Source Name: SRService Time Written: 20081214200148.000000+060 Event Type: Informations User: Computer Name: PC Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 2 Source Name: EventLog Time Written: 20081214175132.000000+060 Event Type: Informations User: Computer Name: PC Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20081214175132.000000+060 Event Type: Informations User: Application event log Computer Name: PC Event Code: 1047 Message: Windows ne peut pas lire l'historique des objets de paramètre de groupe à partir du Registre. Le traitement de la stratégie de groupe continue. Record Number: 5 Source Name: Userenv Time Written: 20081214193733.000000+060 Event Type: erreur User: AUTORITE NT\SYSTEM Computer Name: PC Event Code: 1047 Message: Windows ne peut pas lire l'historique des objets de paramètre de groupe à partir du Registre. Le traitement de la stratégie de groupe continue. Record Number: 4 Source Name: Userenv Time Written: 20081214193733.000000+060 Event Type: erreur User: AUTORITE NT\SYSTEM Computer Name: PC Event Code: 2 Message: Le centre de contrôle de Diskeeper a étEactivE Service Diskeeper démarré Record Number: 3 Source Name: Diskeeper Time Written: 20081214175133.000000+060 Event Type: Informations User: Computer Name: PC Event Code: 1047 Message: Windows ne peut pas lire l'historique des objets de paramètre de groupe à partir du Registre. Le traitement de la stratégie de groupe continue. Record Number: 2 Source Name: Userenv Time Written: 20081214175133.000000+060 Event Type: erreur User: AUTORITE NT\SYSTEM Computer Name: PC Event Code: 1047 Message: Windows ne peut pas lire l'historique des objets de paramètre de groupe à partir du Registre. Le traitement de la stratégie de groupe continue. Record Number: 1 Source Name: Userenv Time Written: 20081214175133.000000+060 Event Type: erreur User: AUTORITE NT\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Executive Software\Diskeeper\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "DEVMGR_SHOW_DETAILS"=1 -----------------EOF-----------------

gen-hackman · Answer

relances hijackthis , redemarre et fais ceci :


Telecharge maintenant FindyKill sur ton bureau : 

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe 

--> Lance l installation avec les parametres par default 

--> Fais un clic droit sur le raccourci FindyKill sur ton bureau 

--> Choisi executer en tant qu administrateur 

--> Au menu principal,choisi l option 1 (Recherche) 

--> Post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

NightmareTheWorld · Answer

J'ai pas capté l'truc avec hijackthis, j'ai fait un scan, j'ai redémarrer l'ordi mais 'suis pas sur que c'est c'que tu voulais...m'enfin j'te passe l'rapport : ----------------- FindyKill V4.710 ------------------ * User : kira - PC * Emplacement : C:\Program Files\FindyKill * Outils Mis a jours le 21/12/08 par Chiquitine29 * Recherche effectuée à 16:27:25 le 28/12/2008 * Windows XP - Internet Explorer 6.0.2900.2180 ((((((((((((((((( *** Recherche *** )))))))))))))))))) --------------- [ Processus actifs ] ---------------- C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Messenger\Msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\filehippo.com\UpdateChecker.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Internet Explorer\iexplore.exe --------------- [ Fichiers/Dossiers infectieux ] ---------------- »»»» Presence des fichiers dans C: »»»» Presence des fichiers dans C:\WINDOWS »»»» Presence des fichiers dans C:\WINDOWS\Prefetch Found ! - C:\WINDOWS\Prefetch\O4PATCH.EXE-31A91655.pf »»»» Presence des fichiers dans C:\WINDOWS\system32 »»»» Presence des fichiers dans C:\WINDOWS\system32\config\systemprofile\AppData\Roaming »»»» Presence des fichiers dans C:\WINDOWS\system32\drivers »»»» Presence des fichiers dans C:\Documents and Settings\kira\Application Data »»»» Presence des fichiers dans C:\DOCUME~1\kira\LOCALS~1\Temp »»»» Presence des fichiers dans C:\Documents and Settings\kira\Local Settings\Temporary Internet Files\Content.IE5 --------------- [ Registre / Startup ] ---------------- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run] RocketDock="C:\Program Files\RocketDock\RocketDock.exe" MSMSGS="C:\Program Files\Messenger\Msmsgs.exe" /background swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe filehippo.com="C:\Program Files\filehippo.com\UpdateChecker.exe" /background ccleaner="C:\Program Files\CCleaner\CCleaner.exe" /AUTO msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] DiskeeperSystray="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe" HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents= = HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL= Installed=1 = HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI= NoChange=1 Installed=1 = HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS= Installed=1 = --------------- [ Registre / Clés infectieuses ] ---------------- --------------- [ Etat / Services ] ---------------- +- Services : [ Auto=2 / Demande=3 / Désactivé=4 ] Ndisuio - Type de démarrage = 3 /!\ SharedAccess - Type de démarrage = 4 wuauserv - Type de démarrage = 2 --------------- [ Recherche dans supports amovibles] ---------------- +- Informations : C: - Lecteur fixe E: - Lecteur de CD-ROM +- Contenu de l'autorun : E:\autorun.inf [autorun] open=Setupx.exe icon=Nero.ico ;####################################################################################### ; CD-No: 7045 ; Order-ID: 3632 ; GM created : March/10/2005 17:19:54 ; GM checked successfully with DrWeb, including latest virus definition from March/10/2005 15:23:00 ; GM checked successfully with Sophos Anti Virus (SAVI), including latest virus definition from February/24/2005 11:55:20 ; ; ; Info ; This installation package contains the following software ; (this list might not be complete and is for reference only) ; ; InCD 4.3.11.1 ; InCD Reader 4.3.11.1 ; Nero Burning ROM SE + Nero Express 6.6.0.8o ; - Nero Cover Designer 2.3.0.34 ; - Nero CD-DVD Speed 3.7.4.0 ; - Nero DriveSpeed 3.0.0.0 ; - Nero InfoTool 3.0.0.0 ; - Nero BackItUp 1.2.0.43 ; - Nero Wave Editor 2.0.0.51 ; Nero Media Player 1.4.0.26 ; Nero BurnRights 1.0.0.16b ; Nero Vision Express 3.1.0.0B ; - Nero ShowTime 2.0.0.22 ; - Nero Recode 2.2.6.11 ; - Nero MediaHome 1.2.0.10 ;####################################################################################### +- presence des fichiers : Found ! [10/03/2005 17:19][-r-------] - E:\autorun.inf --------------- [ Registre / Mountpoint2 ] ---------------- -> Not found ! ------------------- ! Fin du rapport ! --------------------

gen-hackman · Answer

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir 


--> Fais clic droit sur le raccourci FindyKill sur ton bureau 

--> Choisi executer en tant qu administrateur 

--> Au menu principal,choisi l option 2 (Suppression) 


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué" 

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal ! 

-------> ensuite post le rapport FindyKill.txt 

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

NightmareTheWorld · Answer

----------------- FindyKill V4.710 ------------------

* User : kira - PC
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 17:09:39 the 28/12/2008
* Windows XP - Internet Explorer 6.0.2900.2180
 
 
((((((((((((((( *** deleting *** ))))))))))))))))))  
 
 
--------------- [ Active Processes ] ----------------  
 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\rundll32.exe
 
--------------- [ Infected files / folders ] ----------------  
 
 
»»»» Supression files in C: 
 
 
»»»» Supression files in C:\WINDOWS 
 
 
»»»» Supression files in C:\WINDOWS\Prefetch 
 
Deleted ! - C:\WINDOWS\prefetch\O4PATCH.EXE-31A91655.pf 
 
»»»» Supression files in C:\WINDOWS\system32 
 
 
»»»» Supression files in C:\WINDOWS\system32\config\systemprofile\AppData\Roaming 
 
 
»»»» Supression files in C:\WINDOWS\system32\drivers 
 
 
»»»» Supression files in C:\Documents and Settings\kira\Application Data 
 
 
»»»» Supression files in C:\DOCUME~1\kira\LOCALS~1\Temp 
 
 
»»»» Supression files in C:\Documents and Settings\kira\Local Settings\Temporary Internet Files\Content.IE5 
 
 
--------------- [  Registry / Infected keys ] ---------------- 
 
Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA   
 
--------------- [ States / Restarting of services ] ---------------- 
 


+- Services : [ Auto=2 / Request=3 / Disable=4 ] 

 Ndisuio - Type of startup  = 3 
 
 SharedAccess - Type of startup  = 2 
 
 wuauserv - Type of startup  = 2 
 
 
---------------   [ Cleaning removable drives ] ----------------  
 
+- Informations : 

C: - Lecteur fixe

E: - Lecteur de CD-ROM

 
+- deleting files : 
 
Not deleted !! - E:\autorun.inf  
 
--------------- [ Registry / Mountpoint2 ] ----------------  
 
 
 -> Not found ! 
 
 
--------------- [ Searching Cracks / Keygen ] ----------------  
 
 
 
---------------- ! End of report ! ------------------

gen-hackman · Answer

Télécharge ToolBar S&D ( de Eric_71/Team IDN ) sur ton bureau : 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages ) 

!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !! 

* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ... 
--> Tapes  ( option " recherche " ) puis tape sur [Entrée]. 

Le nettoyage commence . 

! ne touche à rien lors de la suppression ! 

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse 
accompagné d'un nouveau rapport hijackthis pour analyse ... 

( le rapport est en outre sauvegardé ici -> C:\TB.txt )

NightmareTheWorld · Answer

-----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 2600+ )
   BIOS : Default System BIOS
   USER : kira ( Administrator )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:74 Go (Free:68 Go)
   D:\ (CD or DVD)
   E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 28/12/2008|17:35 )

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\windows\system32\blank.htm"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 28/12/2008|17:36 - Option : [1]

   -----------\  Fin du rapport a 17:36:36,26

NightmareTheWorld · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:01, on 28/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8860372E-84FB-48E8-92A0-31E59A5671FB} - C:\windows\zavsmob.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

NightmareTheWorld · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:01, on 28/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8860372E-84FB-48E8-92A0-31E59A5671FB} - C:\windows\zavsmob.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

gen-hackman · Answer

relances hijackthis coches ceci et "fix checked" :


R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) 
O2 - BHO: (no name) - {8860372E-84FB-48E8-92A0-31E59A5671FB} - C:\windows\zavsmob.dll 
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) 
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background 


ensuite tu n'as pas d'antivirus apperemment

NightmareTheWorld · Answer

Ah, ben j'étais pas au courant...quoiqu'il en soit j'ai effacé les trucs sur hijackthis, et pour l'antivirus tu conseilles quoi?

gen-hackman · Answer

antivir :

http://dlce.antivir.com/preversion_fr/preversion_fr_exe.html

tuto :

https://www.malekal.com/avira-free-security-antivirus-gratuit/

NightmareTheWorld · Answer

Re, je reposte d'abord pour te remercier, mes fenetres ne se ferment plus et internet marche mieux qu'avant (malgré les ralentissements qui sont tjrs présents)...mais pourtant l'antivirus dit que j'suis infecté par le cheval de troie (trojan, j'crois) =-=...

gen-hackman · Answer

Télécharge MalwareByte's :
http://www.malwarebytes.org/mbam.php  ou ici :
http://www.malwarebytes.org/mbam/program/mbam-setup.exe



* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport hijackthis pour analyse

NightmareTheWorld · Answer

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1456
Windows 5.1.2600 Service Pack 2

30/12/2008 14:54:08
mbam-log-2008-12-30 (14-54-08).txt

Type de recherche: Examen rapide
Eléments examinés: 49282
Temps écoulé: 2 minute(s), 13 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\kira\S87ekhV.exe (Trojan.Agent) -> Quarantined and deleted successfully.

NightmareTheWorld · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:40, on 30/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

gen-hackman · Answer

voila je pense que ton antivirus ne t'ennuiera plus pour cette cause on va donc nettoyer C'est peut etre un peu long mais ton pc ira mieux : 1)Telecharge : ------------- https://www.clubic.com/telecharger-fiche262022-purera.html "clean" , coche tout a droite , et "clean" et puis a faire aussi : 2) ---> Télécharge ToolsCleaner2 sur ton Bureau. * Double-clique sur ToolsCleaner2.exe pour le lancer. * Clique sur Recherche et laisse le scan agir. * Clique sur Suppression pour finaliser. * Tu peux, si tu le souhaites, te servir des Options Facultatives. * Clique sur Quitter pour obtenir le rapport. * Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 3/ ---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) : http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner * Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc.... * Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage. * Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse(Sauvegarde la base de registre). * Veille a ce que dans les options le reglage soit au demarrage de windows et réglé sur "effacement securisé" 35 passes (guttman) * Décoche la case plus vieux que 48 h 4/ Désactive et réactive ta restauration system : (1) Désactiver la Restauration du système cliques sur Démarrer Cliques droit sur Poste de travail cliques sur Propriétés Cliques sur l'onglet Restauration du système Coches Désactiver la Restauration du système sur tous les lecteurs Cliques sur Appliquer, Lorsque le message de confirmation apparaît, cliques sur Oui. Cliques sur OK. (2) Activer la Restauration du système cliques sur Démarrer Cliques droit sur Poste de travail cliques sur Propriétés Cliques sur l'onglet Restauration du système Décoches Désactiver la Restauration du système sur tous les lecteurs Cliques sur Appliquer, Lorsque le message de confirmation apparaît, cliques sur Oui. Cliques sur OK. ---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème : https://www.vulgarisation-informatique.com/creer-point-restauration.php stp poste tous les rapports delivrés si tu as deja Ccleaner ne tiens pas compte du N°3 mais fais ce qu il est demande avec Attention : ne pas toucher au PC pendant qu'il travaille ! B-Nettoyage et Défragmentation de tes Disques *Nettoyage : Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général" Cliques sur le bouton "nettoyage de disque", OK tu le fais pour chacun de tes disques *Vérifications des erreurs : Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil" "Vérifier maintenant", une boîte s'ouvre, cocher les cases : -réparer automatiquement les erreurs... -rechercher et tenter une récupération... --->Démarrer, ok Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal tu le fais pour chacun de tes disques ensuite toujours dans le même onglet tu choisis : *Défragmentation : "défragmenter maintenant", OK une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK tu le fais pour chacun de tes disques Note : si tu as un utilitaire pour défragmenter , utilises le à la place pour ce faire ceci est proposé : https://www.clubic.com/telecharger-fiche44314-defraggler.html C-Crées un point de restauration de ton PC : Aller dans le Menu Démarrer puis dans Programmes, - Ensuite dans Accessoires et enfin dans Outils système, - Choisir "Restauration du système", - Sélectionner "Créer un point de restauration", - Cliquer sur "Suivant", - Entrer un nom pour le point de restauration (ce nom doit être assez évocateur), exemple : << Point restauration sain >> . --> Cliquer sur "Créer" et le point de restauration se créé automatiquement. > Peux-tu vérifier ta console JAVA ici ? : https://www.java.com/fr/download/uninstalltool.jsp et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version). Pour info. ou en cas de problème : http://assiste.com.free.fr/p/abc/c/anti_java.html > Mets à jour Acrobat si ce n'est pas le cas (désinstalle avant la version antérieure) : https://get2.adobe.com/reader/otherversions/ > Télécharge et installe Update Checker : https://filehippo.com/windows/tuning-utilities/ - Lance le programme. Une page web de ce type va s'ouvrir. - Fais les mises à jour de tous les logiciels proposés pour Update. Je ne te conseille pas de faire celles pour les versions béta (elles peuvent être instables). - Fais un copier/coller de la liste de éléments "Updates". Puis poste la sur le forum. - Une fois les mises à jour effectuées, relance ton PC. Tuto si problèmes : https://www.commentcamarche.net/list 9908 update checker vos logiciels sont ils a jour > Télécharge et installe Easy Cleaner : https://www.01net.com/telecharger/windows/Utilitaire/registre/fiches/8351.html (lien miroir : https://www.clubic.com/telecharger-fiche11170-easycleaner.html ) - Lance le programme puis clique sur puis sur . - A la fin du scan clique sur puis confirme par puis quitte le programme. Si besoin tuto ici : https://www.pcparadise.fr et http://www.6ma.fr/tuto/easycleaner-nettoyer-windows-des-elements-obsoletes/ > Tu peux aussi vider ta corbeille,quoi que Ccleaner le fasse tout seul > Si nous avons utilisé MalwaresByte's Anti-Malware : vide sa quarantaine. - Lance le programme puis clique sur . - Sélectionne tous les éléments puis clique sur . - Quitte la programme. > Idem pour ton antivirus : vide sa quarantaine si ce n'est pas déjà fait > Désactive et réactive la restauration de système, pour cela : suis les instructions de ce lien : liens XP: http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924 liens Vista : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/4f60eedf1156c8068525695b005ca288/c066b2e9a50cc948802572870032b170?OpenDocument ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Quelques conseils et recommandations pour l'avenir : > Passe un coup d'AGV et/ou de MalwareByte's Anti-Malware et de Ccleaner de temps en temps (1 fois par semaine à 1 fois par mois, suivant l'utilisation que tu fais de ton PC. Tu peux aussi décocher la casse dans l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures"). - Utilise aussi tes autres logiciels de protection (scannes antivirus, antispywares...). N'oublie pas de faire les mises à jour avant de les utiliser. - Pense aussi à faire une défragmentation de tes disques durs de temps en temps (garde suffisamment d'espace sur C:\ (1/3 de libre pour être à l'aise)) > Pour bien protéger ton PC : [1 seul Antivirus] + [1 seul Pare feu (/!\ les routeurs et box en possèdent un)] + [Quelques Antispywares] + [Mises à Jour récentes Windows et Logiciels de Protection] + [Utilisation de Firefox -ou autres- (Internet Explorer présente des failles de sécurité qui mettent longtemps avant d'être corrigées mais il faut absolument le conserver pour les mises à jour Windows)] + [Utilisation du PC en mode Invité (= limité). Lors d'une infection en mode administrateur le PC est beaucoup plus vulnérable. Voir ICI] PS : En fait la meilleure des protections c'est toi même : ce que tu fais avec ton PC : où tu surfes, télécharges...ect.... Les virus utilisent les failles de ton PC pour infecter un système. Info : http://assiste.com.free.fr/p/abc/a/zombies_et_botnets.html > Quelques liens utiles : - https://www.commentcamarche.net/list 2432 securite proteger un ordinateur contre les malwares d internet - https://sebsauvage.net/safehex.html - https://www.zebulon.fr/telechargements/securite/protection-donnees-personnelles/spywareblaster.html (= petit logiciel qui bloque l'installation d'activ-X nuisibles au PC. Fonctionne en arrière plan) Voila, Bonne lecture Gen-hackman

NightmareTheWorld · Answer

Re, dsl du retard mais j'me suis découragé à un moment à cause filehippo, srx ça m'a pris la tete...et y a peut-etre des rapports manquants, vu que j'ai pas toujours capté le fonctionnement de certains logiciels (filehippo, surtout)

[ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\Lop SD: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\kira\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\kira\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Documents and Settings\kira\Mes documents\hijackthis.log: trouvé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\LopSD.exe: trouvé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\HJTInstall.exe: trouvé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\ToolBarSD.exe: trouvé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\Rsit.exe: trouvé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\SmitFraudfix: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !


Fichiers temporaires nettoyés !
Corbeille vidée!
Restauration annulée !
---------------------------------
-->- Suppression: 
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\kira\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\LopSD.exe: supprimé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\HJTInstall.exe: supprimé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\ToolBarSD.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\lopR.txt: supprimé !
C:\TB.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\Documents and Settings\kira\Mes documents\hijackthis.log: supprimé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Lop SD: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\kira\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Documents and Settings\kira\Mes documents\Nouveau dossier\SmitFraudfix: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

NightmareTheWorld · Answer

J'ai plusieurs rapports pour Ccleaner, parce que j'ai du l'refaire plusieurs fois pour qu'il ne trouve plus d'erreurs : 

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\WINDOWS\system32\pxwma.dll"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\WINDOWS\system32\pxinsi64.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\WINDOWS\system32\pxcpyi64.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG\files\fuminterfaces.tlb"=dword:00000003

[HKEY_CLASSES_ROOT\.mdz]
@="Access.DatabaseWizardTemplate.11"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ofr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Wave]

[HKEY_CLASSES_ROOT\AudioCD\shell\PlayWithPowerDVD]
@="Play with PowerDVD"

[HKEY_CLASSES_ROOT\AudioCD\shell\PlayWithPowerDVD\command]
@="\"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe\" \"%L\""

[HKEY_CLASSES_ROOT\bittorrent\DefaultIcon]
@="\"C:\Program Files\Shareaza\Shareaza.exe\",-128"

[HKEY_CLASSES_ROOT\bittorrent\shell\open]

[HKEY_CLASSES_ROOT\bittorrent\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%1\""

[HKEY_CLASSES_ROOT\bittorrent\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\bittorrent\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\bittorrent\shell\open\ddeexec\Topic]
@="RAZAFORMAT"

[HKEY_CLASSES_ROOT\certificate_wab_auto_file\DefaultIcon]
@="C:\Program Files\Outlook Express\wab.exe,1"

[HKEY_CLASSES_ROOT\certificate_wab_auto_file\shell\open]

[HKEY_CLASSES_ROOT\certificate_wab_auto_file\shell\open\command]
@="\"C:\Program Files\Outlook Express\wab.exe\" /certificate %1"

[HKEY_CLASSES_ROOT\DVD\DefaultIcon]
@="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe,0"

[HKEY_CLASSES_ROOT\ed2k\DefaultIcon]
@="\"C:\Program Files\Shareaza\Shareaza.exe\",-128"

[HKEY_CLASSES_ROOT\ed2k\shell\open]

[HKEY_CLASSES_ROOT\ed2k\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%L\""

[HKEY_CLASSES_ROOT\ed2k\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\ed2k\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\ed2k\shell\open\ddeexec\Topic]
@="URL"

[HKEY_CLASSES_ROOT\foxy\DefaultIcon]
@="\"C:\Program Files\Shareaza\Shareaza.exe\",-128"

[HKEY_CLASSES_ROOT\foxy\shell\open]

[HKEY_CLASSES_ROOT\foxy\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%L\""

[HKEY_CLASSES_ROOT\foxy\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\foxy\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\foxy\shell\open\ddeexec\Topic]
@="URL"

[HKEY_CLASSES_ROOT\gnet\DefaultIcon]
@="\"C:\Program Files\Shareaza\Shareaza.exe\",-128"

[HKEY_CLASSES_ROOT\gnet\shell\open]

[HKEY_CLASSES_ROOT\gnet\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%L\""

[HKEY_CLASSES_ROOT\gnet\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\gnet\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\gnet\shell\open\ddeexec\Topic]
@="URL"

[HKEY_CLASSES_ROOT\gnutella\DefaultIcon]
@="\"C:\Program Files\Shareaza\Shareaza.exe\",-128"

[HKEY_CLASSES_ROOT\gnutella\shell\open]

[HKEY_CLASSES_ROOT\gnutella\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%L\""

[HKEY_CLASSES_ROOT\gnutella\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\gnutella\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\gnutella\shell\open\ddeexec\Topic]
@="URL"

[HKEY_CLASSES_ROOT\gnutella1\DefaultIcon]
@="\"C:\Program Files\Shareaza\Shareaza.exe\",-128"

[HKEY_CLASSES_ROOT\gnutella1\shell\open]

[HKEY_CLASSES_ROOT\gnutella1\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%L\""

[HKEY_CLASSES_ROOT\gnutella1\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\gnutella1\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\gnutella1\shell\open\ddeexec\Topic]
@="URL"

[HKEY_CLASSES_ROOT\gnutella2\DefaultIcon]
@="\"C:\Program Files\Shareaza\Shareaza.exe\",-128"

[HKEY_CLASSES_ROOT\gnutella2\shell\open]

[HKEY_CLASSES_ROOT\gnutella2\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%L\""

[HKEY_CLASSES_ROOT\gnutella2\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\gnutella2\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\gnutella2\shell\open\ddeexec\Topic]
@="URL"

[HKEY_CLASSES_ROOT\gwc\DefaultIcon]
@="\"C:\Program Files\Shareaza\Shareaza.exe\",-128"

[HKEY_CLASSES_ROOT\gwc\shell\open]

[HKEY_CLASSES_ROOT\gwc\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%L\""

[HKEY_CLASSES_ROOT\gwc\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\gwc\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\gwc\shell\open\ddeexec\Topic]
@="URL"

[HKEY_CLASSES_ROOT\LDAP\shell\open]

[HKEY_CLASSES_ROOT\LDAP\shell\open\command]
@="\"C:\Program Files\Outlook Express\wab.exe\" /ldap:%1"

[HKEY_CLASSES_ROOT\mailto\DefaultIcon]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,69,00,6d,00,6e,00,2e,\
  00,65,00,78,00,65,00,2c,00,2d,00,32,00,00,00

[HKEY_CLASSES_ROOT\mailto\shell\open]

[HKEY_CLASSES_ROOT\mailto\shell\open\command]
@=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
  00,65,00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,\
  45,00,78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,69,00,6d,00,6e,\
  00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,6d,00,61,00,69,00,6c,00,75,00,\
  72,00,6c,00,3a,00,25,00,31,00,00,00

[HKEY_CLASSES_ROOT\mp2p\DefaultIcon]
@="\"C:\Program Files\Shareaza\Shareaza.exe\",-128"

[HKEY_CLASSES_ROOT\mp2p\shell\open]

[HKEY_CLASSES_ROOT\mp2p\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%L\""

[HKEY_CLASSES_ROOT\mp2p\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\mp2p\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\mp2p\shell\open\ddeexec\Topic]
@="URL"

[HKEY_CLASSES_ROOT
ews\DefaultIcon]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,69,00,6d,00,6e,00,2e,\
  00,65,00,78,00,65,00,2c,00,2d,00,33,00,00,00

[HKEY_CLASSES_ROOT
ews\shell\open]

[HKEY_CLASSES_ROOT
ews\shell\open\command]
@=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
  00,65,00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,\
  45,00,78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,69,00,6d,00,6e,\
  00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,6e,00,65,00,77,00,73,00,75,00,\
  72,00,6c,00,3a,00,22,00,25,00,31,00,22,00,00,00

[HKEY_CLASSES_ROOT
ntp\DefaultIcon]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,69,00,6d,00,6e,00,2e,\
  00,65,00,78,00,65,00,2c,00,2d,00,33,00,00,00

[HKEY_CLASSES_ROOT
ntp\shell\open]

[HKEY_CLASSES_ROOT
ntp\shell\open\command]
@=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
  00,65,00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,\
  45,00,78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,69,00,6d,00,6e,\
  00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,6e,00,65,00,77,00,73,00,75,00,\
  72,00,6c,00,3a,00,22,00,25,00,31,00,22,00,00,00

[HKEY_CLASSES_ROOT\shareaza\DefaultIcon]
@="\"C:\Program Files\Shareaza\Shareaza.exe\",-128"

[HKEY_CLASSES_ROOT\shareaza\shell\open]

[HKEY_CLASSES_ROOT\shareaza\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%L\""

[HKEY_CLASSES_ROOT\shareaza\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\shareaza\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\shareaza\shell\open\ddeexec\Topic]
@="URL"

[HKEY_CLASSES_ROOT\Shareaza.Collection\DefaultIcon]
@="\"C:\Program Files\Shareaza\Shareaza.exe\",-244"

[HKEY_CLASSES_ROOT\Shareaza.Collection\shell\open]

[HKEY_CLASSES_ROOT\Shareaza.Collection\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%1\""

[HKEY_CLASSES_ROOT\Shareaza.Collection\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\Shareaza.Collection\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\Shareaza.Collection\shell\open\ddeexec\Topic]
@="RAZAFORMAT"

[HKEY_CLASSES_ROOT\Shareaza.SkinFile\DefaultIcon]
@="C:\Program Files\Shareaza\skin.exe,0"

[HKEY_CLASSES_ROOT\Shareaza.SkinFile\shell\open]

[HKEY_CLASSES_ROOT\Shareaza.SkinFile\shell\open\command]
@="\"C:\Program Files\Shareaza\skin.exe\" \"%1\""

[HKEY_CLASSES_ROOT\Shareaza.SkinFile\shell\skininstall]
@="Install Shareaza Skin"

[HKEY_CLASSES_ROOT\Shareaza.SkinFile\shell\skininstall\command]
@="\"C:\Program Files\Shareaza\skin.exe\" \"%1\""

[HKEY_CLASSES_ROOT\snews\DefaultIcon]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,69,00,6d,00,6e,00,2e,\
  00,65,00,78,00,65,00,2c,00,2d,00,33,00,00,00

[HKEY_CLASSES_ROOT\snews\shell\open]

[HKEY_CLASSES_ROOT\snews\shell\open\command]
@=hex(2):22,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
  00,65,00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,\
  45,00,78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,69,00,6d,00,6e,\
  00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,00,6e,00,65,00,77,00,73,00,75,00,\
  72,00,6c,00,3a,00,22,00,25,00,31,00,22,00,00,00

[HKEY_CLASSES_ROOT\uhc\DefaultIcon]
@="\"C:\Program Files\Shareaza\Shareaza.exe\",-128"

[HKEY_CLASSES_ROOT\uhc\shell\open]

[HKEY_CLASSES_ROOT\uhc\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%L\""

[HKEY_CLASSES_ROOT\uhc\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\uhc\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\uhc\shell\open\ddeexec\Topic]
@="URL"

[HKEY_CLASSES_ROOT\uipfile\DefaultIcon]
@="\"C:\Program Files\CyberLink\Common\updateipr.exe\",1"

[HKEY_CLASSES_ROOT\uipfile\shell\Open]

[HKEY_CLASSES_ROOT\uipfile\shell\Open\command]
@="\"C:\Program Files\CyberLink\Common\updateipr.exe\" \"%l\""

[HKEY_CLASSES_ROOT\ukhl\DefaultIcon]
@="\"C:\Program Files\Shareaza\Shareaza.exe\",-128"

[HKEY_CLASSES_ROOT\ukhl\shell\open]

[HKEY_CLASSES_ROOT\ukhl\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%L\""

[HKEY_CLASSES_ROOT\ukhl\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\ukhl\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\ukhl\shell\open\ddeexec\Topic]
@="URL"

[HKEY_CLASSES_ROOT\vcard_wab_auto_file\DefaultIcon]
@="C:\Program Files\Outlook Express\wab.exe,1"

[HKEY_CLASSES_ROOT\vcard_wab_auto_file\shell\open]

[HKEY_CLASSES_ROOT\vcard_wab_auto_file\shell\open\command]
@="\"C:\Program Files\Outlook Express\wab.exe\" /vcard %1"

[HKEY_CLASSES_ROOT\wab_auto_file\DefaultIcon]
@="C:\Program Files\Outlook Express\wab.exe,0"

[HKEY_CLASSES_ROOT\wab_auto_file\shell\open]

[HKEY_CLASSES_ROOT\wab_auto_file\shell\open\command]
@="\"C:\Program Files\Outlook Express\wab.exe\" %1"

[HKEY_CLASSES_ROOT\CLSID\{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}]
@="Media Image Services"
"AppID"="{2830F24E-60F7-4918-9F54-E233B346895C}"

[HKEY_CLASSES_ROOT\CLSID\{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}\InprocServer32]
@="C:\Program Files\Shareaza\MediaImageServices.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}\ProgID]
@="MediaImageServices.VideoReader.1"

[HKEY_CLASSES_ROOT\CLSID\{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}\TypeLib]
@="{FD6EB3A2-CE8A-4A12-A065-0490816DF11F}"

[HKEY_CLASSES_ROOT\CLSID\{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}\VersionIndependentProgID]
@="MediaImageServices.VideoReader"

[HKEY_CLASSES_ROOT\CLSID\{06BE7323-EF34-11d1-ACD8-00C04FA31009}]
@="Outlook Express Mail Object"

[HKEY_CLASSES_ROOT\CLSID\{06BE7323-EF34-11d1-ACD8-00C04FA31009}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{06BE7323-EF34-11d1-ACD8-00C04FA31009}\Implemented Categories\{40FC6ED3-2438-11CF-A3DB-080036F12502}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06BE7323-EF34-11d1-ACD8-00C04FA31009}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06BE7323-EF34-11d1-ACD8-00C04FA31009}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06BE7323-EF34-11d1-ACD8-00C04FA31009}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{06BE7323-EF34-11d1-ACD8-00C04FA31009}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{0A522730-A626-11D0-8D60-00C04FD6202B}]
@="CLSID_CEudoraImport"

[HKEY_CLASSES_ROOT\CLSID\{0A522730-A626-11D0-8D60-00C04FD6202B}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6f,00,65,00,69,00,6d,00,70,00,6f,\
  00,72,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{0A522732-A626-11D0-8D60-00C04FD6202B}]
@="CLSID_CExchImport"

[HKEY_CLASSES_ROOT\CLSID\{0A522732-A626-11D0-8D60-00C04FD6202B}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6f,00,65,00,69,00,6d,00,70,00,6f,\
  00,72,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{0A522733-A626-11D0-8D60-00C04FD6202B}]
@="CLSID_CNetscapeImport"

[HKEY_CLASSES_ROOT\CLSID\{0A522733-A626-11D0-8D60-00C04FD6202B}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6f,00,65,00,69,00,6d,00,70,00,6f,\
  00,72,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{0dabacb1-1a16-4082-a610-3d0b3a2a94fc}]

[HKEY_CLASSES_ROOT\CLSID\{0dabacb1-1a16-4082-a610-3d0b3a2a94fc}\InprocServer32]
@="C:\Program Files\Winamp\Plugins\cddbuiwinamp.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{101A8FB9-F1B9-11d1-9A56-00C04FA309D4}]
@="CLSID_MessageStore"

[HKEY_CLASSES_ROOT\CLSID\{101A8FB9-F1B9-11d1-9A56-00C04FA309D4}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{1198A2C0-0940-11d1-838F-00C04FBD7C09}]
@="CLSID_CCommunicatorImport"

[HKEY_CLASSES_ROOT\CLSID\{1198A2C0-0940-11d1-838F-00C04FBD7C09}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6f,00,65,00,69,00,6d,00,70,00,6f,\
  00,72,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{18D11ED9-1264-48A1-9E14-20F2C633242B}]
@="Shareaza.IEProtocol"

[HKEY_CLASSES_ROOT\CLSID\{18D11ED9-1264-48A1-9E14-20F2C633242B}\InprocHandler32]
@="ole32.dll"

[HKEY_CLASSES_ROOT\CLSID\{18D11ED9-1264-48A1-9E14-20F2C633242B}\LocalServer32]
@="C:\PROGRA~1\Shareaza\Shareaza.exe"

[HKEY_CLASSES_ROOT\CLSID\{18D11ED9-1264-48A1-9E14-20F2C633242B}\ProgID]
@="Shareaza.IEProtocol"

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}]
@="Outlook Express Message List"

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}\DefaultIcon]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,2c,00,32,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}\Implemented Categories\{40FC6ED3-2438-11CF-A3DB-080036F12502}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}\NotInsertable]
@=""

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}\ProgID]
@="OutlookExpress.MessageList.1"

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}\Programmable]
@=""

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{233A9692-667E-11d1-9DFB-006097D50408}\VersionIndependentProgID]
@="OutlookExpress.MessageList"

[HKEY_CLASSES_ROOT\CLSID\{233A9694-667E-11d1-9DFB-006097D50408}]
@="Outlook Express Address Book"

[HKEY_CLASSES_ROOT\CLSID\{233A9694-667E-11d1-9DFB-006097D50408}\DefaultIcon]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,2c,00,32,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{233A9694-667E-11d1-9DFB-006097D50408}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{233A9694-667E-11d1-9DFB-006097D50408}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{233A9694-667E-11d1-9DFB-006097D50408}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{233A9694-667E-11d1-9DFB-006097D50408}\NotInsertable]
@=""

[HKEY_CLASSES_ROOT\CLSID\{233A9694-667E-11d1-9DFB-006097D50408}\ProgID]
@="OutlookExpress.AddressBook.1"

[HKEY_CLASSES_ROOT\CLSID\{233A9694-667E-11d1-9DFB-006097D50408}\VersionIndependentProgID]
@="OutlookExpress.AddressBook"

[HKEY_CLASSES_ROOT\CLSID\{238D0F23-5DC9-45A6-9BE2-666160C324DD}]
@="RealVideo Decoder"

[HKEY_CLASSES_ROOT\CLSID\{238D0F23-5DC9-45A6-9BE2-666160C324DD}\InprocServer32]
@="C:\Program Files\Winamp Remote\bin\RealMediaSplitter.ax"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}]
@="Shareaza Image Viewer Plugin"

[HKEY_CLASSES_ROOT\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}\InprocServer32]
@="C:\Program Files\Shareaza\ImageViewer.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}\ProgID]
@="Shareaza.ImageViewerPlugin.1"

[HKEY_CLASSES_ROOT\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}\TypeLib]
@="{2696CE9F-423F-4901-A109-0C85E6430266}"

[HKEY_CLASSES_ROOT\CLSID\{2EE9D739-7726-41cf-8F18-4B1B8763BC63}\VersionIndependentProgID]
@="Shareaza.ImageViewerPlugin"

[HKEY_CLASSES_ROOT\CLSID\{2F74AA28-2498-4805-911A-04C39858D529}]
@="ZIP Builder"
"AppID"="{2F74AA28-2498-4805-911A-04C39858D529}"

[HKEY_CLASSES_ROOT\CLSID\{2F74AA28-2498-4805-911A-04C39858D529}\InprocServer32]
@="C:\Program Files\Shareaza\ZIPBuilder.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{2F74AA28-2498-4805-911A-04C39858D529}\ProgID]
@="ZIPBuilder.ZIPBuilder.1"

[HKEY_CLASSES_ROOT\CLSID\{2F74AA28-2498-4805-911A-04C39858D529}\TypeLib]
@="{D65FD676-83A0-40F7-9BF8-867AFE337FE1}"

[HKEY_CLASSES_ROOT\CLSID\{2F74AA28-2498-4805-911A-04C39858D529}\VersionIndependentProgID]
@="ZIPBuilder.ZIPBuilder"

[HKEY_CLASSES_ROOT\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}]
@="Des &personnes..."

[HKEY_CLASSES_ROOT\CLSID\{32714800-2E5F-11d0-8B85-00AA0044F941}\InProcServer32]
@="C:\Program Files\Outlook Express\wabfind.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{34791E02-51DC-4CF4-9E34-018166D91D0E}]
@="Shareaza.DataSource"

[HKEY_CLASSES_ROOT\CLSID\{34791E02-51DC-4CF4-9E34-018166D91D0E}\InprocHandler32]
@="ole32.dll"

[HKEY_CLASSES_ROOT\CLSID\{34791E02-51DC-4CF4-9E34-018166D91D0E}\LocalServer32]
@="C:\PROGRA~1\Shareaza\Shareaza.exe"

[HKEY_CLASSES_ROOT\CLSID\{34791E02-51DC-4CF4-9E34-018166D91D0E}\ProgID]
@="Shareaza.DataSource"

[HKEY_CLASSES_ROOT\CLSID\{394011F0-6D5C-42a3-96C6-24B9AD6B010C}]
@="Partial AVI Preview Filter for Shareaza"

[HKEY_CLASSES_ROOT\CLSID\{394011F0-6D5C-42a3-96C6-24B9AD6B010C}\InprocServer32]
@="C:\Program Files\Shareaza\MediaPlayer.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{394011F0-6D5C-42a3-96C6-24B9AD6B010C}\ProgID]
@="Shareaza.AVIPreviewer.1"

[HKEY_CLASSES_ROOT\CLSID\{394011F0-6D5C-42a3-96C6-24B9AD6B010C}\VersionIndependentProgID]
@="Shareaza.AVIPreviewer"

[HKEY_CLASSES_ROOT\CLSID\{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}]
@="Shareaza Media Services Plugin"

[HKEY_CLASSES_ROOT\CLSID\{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}\InprocServer32]
@="C:\Program Files\Shareaza\MediaPlayer.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}\ProgID]
@="Shareaza.MediaPlayer.1"

[HKEY_CLASSES_ROOT\CLSID\{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}\VersionIndependentProgID]
@="Shareaza.MediaPlayer"

[HKEY_CLASSES_ROOT\CLSID\{46986115-84D6-459c-8F95-52DD653E532E}]

[HKEY_CLASSES_ROOT\CLSID\{46986115-84D6-459c-8F95-52DD653E532E}\LocalServer32]
@="\"C:\Program Files\Winamp\Winamp.exe\""

[HKEY_CLASSES_ROOT\CLSID\{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}]
@="Media Library Builder"
"AppID"="{F7F55F86-700D-4098-8CC3-A4588513AFD9}"

[HKEY_CLASSES_ROOT\CLSID\{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}\InprocServer32]
@="C:\Program Files\Shareaza\MediaLibraryBuilder.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}\ProgID]
@="MediaLibraryBuilder.Builder.1"

[HKEY_CLASSES_ROOT\CLSID\{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}\TypeLib]
@="{6B3F5CE8-238C-4285-BE4B-EF7A9F71D1C2}"

[HKEY_CLASSES_ROOT\CLSID\{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}\VersionIndependentProgID]
@="MediaLibraryBuilder.Builder"

[HKEY_CLASSES_ROOT\CLSID\{591A5CFF-3172-4020-A067-238542DDE9C2}]
@="SimpleScopes Audio Visualisation for Shareaza"

[HKEY_CLASSES_ROOT\CLSID\{591A5CFF-3172-4020-A067-238542DDE9C2}\InprocServer32]
@="C:\Program Files\Shareaza\MediaPlayer.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{591A5CFF-3172-4020-A067-238542DDE9C2}\ProgID]
@="Shareaza.SimpleScope.1"

[HKEY_CLASSES_ROOT\CLSID\{591A5CFF-3172-4020-A067-238542DDE9C2}\VersionIndependentProgID]
@="Shareaza.SimpleScope"

[HKEY_CLASSES_ROOT\CLSID\{61700EEC-D5D3-4793-BD1F-514896D67F44}]
@="RatDVD Metadata Reader and Thumbnailer"
"AppID"="{6E8D8F96-2C03-4fbf-8F7C-E92FF5C63C1E}"

[HKEY_CLASSES_ROOT\CLSID\{61700EEC-D5D3-4793-BD1F-514896D67F44}\InprocServer32]
@="C:\Program Files\Shareaza\RatDVDReader.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{61700EEC-D5D3-4793-BD1F-514896D67F44}\ProgID]
@="Shareaza.RatDVDReader.1"

[HKEY_CLASSES_ROOT\CLSID\{61700EEC-D5D3-4793-BD1F-514896D67F44}\TypeLib]
@="{69A065D3-C03D-4fa2-9C43-CB38D2078567}"

[HKEY_CLASSES_ROOT\CLSID\{61700EEC-D5D3-4793-BD1F-514896D67F44}\VersionIndependentProgID]
@="Shareaza.RatDVDReader"

[HKEY_CLASSES_ROOT\CLSID\{626BAFE1-E5D6-11D1-B1DD-006097D503D9}]
@="CLSID_OERulesManager"

[HKEY_CLASSES_ROOT\CLSID\{626BAFE1-E5D6-11D1-B1DD-006097D503D9}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{64AA7031-C150-4118-8D31-FD273A2BB22C}]
@="PSFactoryBuffer"

[HKEY_CLASSES_ROOT\CLSID\{64AA7031-C150-4118-8D31-FD273A2BB22C}\InProcServer32]
@="C:\Program Files\Yahoo!\Common\yverinfo.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{66F8592D-33E8-11D7-8A24-00045A785B71}]
@="HelixProducerCtrl Class"

[HKEY_CLASSES_ROOT\CLSID\{66F8592D-33E8-11D7-8A24-00045A785B71}\Control]

[HKEY_CLASSES_ROOT\CLSID\{66F8592D-33E8-11D7-8A24-00045A785B71}\InprocServer32]
@="C:\Program Files\Winamp Remote\bin\HelixProducer\helixprodctrl.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{66F8592D-33E8-11D7-8A24-00045A785B71}\Insertable]

[HKEY_CLASSES_ROOT\CLSID\{66F8592D-33E8-11D7-8A24-00045A785B71}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{66F8592D-33E8-11D7-8A24-00045A785B71}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{66F8592D-33E8-11D7-8A24-00045A785B71}\ProgID]
@="helix.producer.1"

[HKEY_CLASSES_ROOT\CLSID\{66F8592D-33E8-11D7-8A24-00045A785B71}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{66F8592D-33E8-11D7-8A24-00045A785B71}\ToolboxBitmap32]
@="C:\Program Files\Winamp Remote\bin\HelixProducer\helixprodctrl.dll, 101"

[HKEY_CLASSES_ROOT\CLSID\{66F8592D-33E8-11D7-8A24-00045A785B71}\TypeLib]
@="{BE746EB1-6F27-47D9-BA6D-313633547328}"

[HKEY_CLASSES_ROOT\CLSID\{66F8592D-33E8-11D7-8A24-00045A785B71}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{66F8592D-33E8-11D7-8A24-00045A785B71}\VersionIndependentProgID]
@="helix.producer"

[HKEY_CLASSES_ROOT\CLSID\{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}]
@="GFL Library Builder"
"AppID"="{F74AD137-A43F-46FD-A1FE-6532C3FC3E88}"

[HKEY_CLASSES_ROOT\CLSID\{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}\InprocServer32]
@="C:\Program Files\Shareaza\GFLLibraryBuilder.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}\ProgID]
@="GFLLibraryBuilder.Builder.1"

[HKEY_CLASSES_ROOT\CLSID\{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}\TypeLib]
@="{7B8046FF-0D3A-4D85-9424-7DFCCD1BCA45}"

[HKEY_CLASSES_ROOT\CLSID\{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}\VersionIndependentProgID]
@="GFLLibraryBuilder.Builder"

[HKEY_CLASSES_ROOT\CLSID\{6F74FDC5-E366-11d1-9A4E-00C04FA309D4}]
@="CLSID_MessageDatabase"

[HKEY_CLASSES_ROOT\CLSID\{6F74FDC5-E366-11d1-9A4E-00C04FA309D4}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{6F74FDC6-E366-11d1-9A4E-00C04FA309D4}]
@="CLSID_FolderDatabase"

[HKEY_CLASSES_ROOT\CLSID\{6F74FDC6-E366-11d1-9A4E-00C04FA309D4}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{765035B3-5944-4A94-806B-20EE3415F26F}]
@="RealMedia Source"

[HKEY_CLASSES_ROOT\CLSID\{765035B3-5944-4A94-806B-20EE3415F26F}\InprocServer32]
@="C:\Program Files\Winamp Remote\bin\RealMediaSplitter.ax"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}]

[HKEY_CLASSES_ROOT\CLSID\{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}\LocalServer32]
@="\"C:\Program Files\Winamp\Winamp.exe\""

[HKEY_CLASSES_ROOT\CLSID\{80F6E410-210B-454C-B523-97D7C2541FF3}]
@="HelixDuration Class"

[HKEY_CLASSES_ROOT\CLSID\{80F6E410-210B-454C-B523-97D7C2541FF3}\InprocServer32]
@="C:\Program Files\Winamp Remote\bin\HelixProducer\helixprodctrl.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{80F6E410-210B-454C-B523-97D7C2541FF3}\ProgID]
@="helix.duration.1"

[HKEY_CLASSES_ROOT\CLSID\{80F6E410-210B-454C-B523-97D7C2541FF3}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{80F6E410-210B-454C-B523-97D7C2541FF3}\TypeLib]
@="{BE746EB1-6F27-47D9-BA6D-313633547328}"

[HKEY_CLASSES_ROOT\CLSID\{80F6E410-210B-454C-B523-97D7C2541FF3}\VersionIndependentProgID]
@="helix.duration"

[HKEY_CLASSES_ROOT\CLSID\{8F0C5675-AEEF-11d0-84F0-00C04FD43F8F}]
@="AthWafer"

[HKEY_CLASSES_ROOT\CLSID\{8F0C5675-AEEF-11d0-84F0-00C04FD43F8F}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{941A4793-A705-4312-8DFC-C11CA05F397E}]
@="RealAudio Decoder"

[HKEY_CLASSES_ROOT\CLSID\{941A4793-A705-4312-8DFC-C11CA05F397E}\InprocServer32]
@="C:\Program Files\Winamp Remote\bin\RealMediaSplitter.ax"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{9AA8DF47-B8FE-47da-AB1A-2DAA0DA0B646}]
@="Partial MPEG-1 Preview Filter for Shareaza"

[HKEY_CLASSES_ROOT\CLSID\{9AA8DF47-B8FE-47da-AB1A-2DAA0DA0B646}\InprocServer32]
@="C:\Program Files\Shareaza\MediaPlayer.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{9AA8DF47-B8FE-47da-AB1A-2DAA0DA0B646}\ProgID]
@="Shareaza.MPEGPreviewer.1"

[HKEY_CLASSES_ROOT\CLSID\{9AA8DF47-B8FE-47da-AB1A-2DAA0DA0B646}\VersionIndependentProgID]
@="Shareaza.MPEGPreviewer"

[HKEY_CLASSES_ROOT\CLSID\{A08AF898-C2A3-11d1-BE23-00C04FA31009}]
@="Outlook Express Envelope"

[HKEY_CLASSES_ROOT\CLSID\{A08AF898-C2A3-11d1-BE23-00C04FA31009}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{A08AF898-C2A3-11d1-BE23-00C04FA31009}\ProgID]
@="OutlookExpress.Envelope.1"

[HKEY_CLASSES_ROOT\CLSID\{A08AF898-C2A3-11d1-BE23-00C04FA31009}\VersionIndependentProgID]
@="OutlookExpress.Envelope"

[HKEY_CLASSES_ROOT\CLSID\{A1006DE3-2173-11d2-9A7C-00C04FA309D4}]
@="CLSID_COE5Import"

[HKEY_CLASSES_ROOT\CLSID\{A1006DE3-2173-11d2-9A7C-00C04FA309D4}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6f,00,65,00,6d,00,69,00,67,00,6c,\
  00,69,00,62,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}]
@="Shareaza Skin Metadata Extractor"
"AppID"="{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}"

[HKEY_CLASSES_ROOT\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}\InprocServer32]
@="C:\Program Files\Shareaza\SkinScanSKS.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}\ProgID]
@="Shareaza.SkinInfoExtractor.1"

[HKEY_CLASSES_ROOT\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}\TypeLib]
@="{251F45EE-7C3D-4D89-ADB8-974568419DBD}"

[HKEY_CLASSES_ROOT\CLSID\{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}\VersionIndependentProgID]
@="Shareaza.SkinInfoExtractor"

[HKEY_CLASSES_ROOT\CLSID\{abc00000-0000-0000-0000-000000000000}]
@="Outlook Express MsgTable Object"

[HKEY_CLASSES_ROOT\CLSID\{abc00000-0000-0000-0000-000000000000}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{abc00000-0000-0000-0000-000000000000}\Implemented Categories\{40FC6ED3-2438-11CF-A3DB-080036F12502}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{abc00000-0000-0000-0000-000000000000}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{abc00000-0000-0000-0000-000000000000}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{abc00000-0000-0000-0000-000000000000}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{abc00000-0000-0000-0000-000000000000}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{B345F37E-6763-433b-BC53-9B526A9B7B8B}]
@="GetInfo2 Class"

[HKEY_CLASSES_ROOT\CLSID\{B345F37E-6763-433b-BC53-9B526A9B7B8B}\Control]

[HKEY_CLASSES_ROOT\CLSID\{B345F37E-6763-433b-BC53-9B526A9B7B8B}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{B345F37E-6763-433b-BC53-9B526A9B7B8B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{B345F37E-6763-433b-BC53-9B526A9B7B8B}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{B345F37E-6763-433b-BC53-9B526A9B7B8B}\InprocServer32]
@="C:\Program Files\Yahoo!\Common\yverinfo.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{B345F37E-6763-433b-BC53-9B526A9B7B8B}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{B345F37E-6763-433b-BC53-9B526A9B7B8B}\MiscStatus\1]
@="132497"

[HKEY_CLASSES_ROOT\CLSID\{B345F37E-6763-433b-BC53-9B526A9B7B8B}\ProgID]
@="YVerInfo.GetInfo2.1"

[HKEY_CLASSES_ROOT\CLSID\{B345F37E-6763-433b-BC53-9B526A9B7B8B}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{B345F37E-6763-433b-BC53-9B526A9B7B8B}\TypeLib]
@="{BB99E4EE-5085-40AA-919D-0097DAC73212}"

[HKEY_CLASSES_ROOT\CLSID\{B345F37E-6763-433b-BC53-9B526A9B7B8B}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{B345F37E-6763-433b-BC53-9B526A9B7B8B}\VersionIndependentProgID]
@="YVerInfo.GetInfo2"

[HKEY_CLASSES_ROOT\CLSID\{B69F80CD-FB15-45E8-B359-92A41CC571A7}]
@="7-Zip Builder"
"AppID"="{B69F80CD-FB15-45E8-B359-92A41CC571A7}"

[HKEY_CLASSES_ROOT\CLSID\{B69F80CD-FB15-45E8-B359-92A41CC571A7}\InprocServer32]
@="C:\Program Files\Shareaza\7ZipBuilder.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{B69F80CD-FB15-45E8-B359-92A41CC571A7}\ProgID]
@="7ZipBuilder.7ZipBuilder.1"

[HKEY_CLASSES_ROOT\CLSID\{B69F80CD-FB15-45E8-B359-92A41CC571A7}\TypeLib]
@="{2975FA55-CDD5-41AE-8120-EB82E1BF9826}"

[HKEY_CLASSES_ROOT\CLSID\{B69F80CD-FB15-45E8-B359-92A41CC571A7}\VersionIndependentProgID]
@="7ZipBuilder.7ZipBuilder"

[HKEY_CLASSES_ROOT\CLSID\{B7AAC060-2638-11d1-83A9-00C04FBD7C09}]
@="CLSID_CAthena16Import"

[HKEY_CLASSES_ROOT\CLSID\{B7AAC060-2638-11d1-83A9-00C04FBD7C09}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6f,00,65,00,69,00,6d,00,70,00,6f,\
  00,72,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{B977CB11-1FF5-11d2-9A7A-00C04FA309D4}]
@="CLSID_CIMN1Import"

[HKEY_CLASSES_ROOT\CLSID\{B977CB11-1FF5-11d2-9A7A-00C04FA309D4}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6f,00,65,00,69,00,6d,00,70,00,6f,\
  00,72,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{B978F591-5137-4612-873A-DC2081BAD6CD}]
@="SWF Library Builder"
"AppID"="{6BC193A0-817A-4E64-BDB2-F7193DE36342}"

[HKEY_CLASSES_ROOT\CLSID\{B978F591-5137-4612-873A-DC2081BAD6CD}\InprocServer32]
@="C:\Program Files\Shareaza\SWFPlugin.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{B978F591-5137-4612-873A-DC2081BAD6CD}\ProgID]
@="SWFPlugin.SWFBuilder.1"

[HKEY_CLASSES_ROOT\CLSID\{B978F591-5137-4612-873A-DC2081BAD6CD}\TypeLib]
@="{6820AC10-8EE8-439B-9CB6-B17029025978}"

[HKEY_CLASSES_ROOT\CLSID\{B978F591-5137-4612-873A-DC2081BAD6CD}\VersionIndependentProgID]
@="SWFPlugin.SWFBuilder"

[HKEY_CLASSES_ROOT\CLSID\{BCE9E2E7-1FDD-11d2-9A79-00C04FA309D4}]
@="CLSID_COE4Import"

[HKEY_CLASSES_ROOT\CLSID\{BCE9E2E7-1FDD-11d2-9A79-00C04FA309D4}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6f,00,65,00,69,00,6d,00,70,00,6f,\
  00,72,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{BE09F473-7FEB-11d2-9962-00C04FA309D4}]
@="CLSID_MigrateMessageStore"

[HKEY_CLASSES_ROOT\CLSID\{BE09F473-7FEB-11d2-9962-00C04FA309D4}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{BF00DBCC-90A2-4f46-8171-7D4F929D035F}]
@="Partial MP3 Preview Filter for Shareaza"

[HKEY_CLASSES_ROOT\CLSID\{BF00DBCC-90A2-4f46-8171-7D4F929D035F}\InprocServer32]
@="C:\Program Files\Shareaza\MediaPlayer.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{BF00DBCC-90A2-4f46-8171-7D4F929D035F}\ProgID]
@="Shareaza.MP3Previewer.1"

[HKEY_CLASSES_ROOT\CLSID\{BF00DBCC-90A2-4f46-8171-7D4F929D035F}\VersionIndependentProgID]
@="Shareaza.MP3Previewer"

[HKEY_CLASSES_ROOT\CLSID\{bfe639ee-762e-46c4-ae7c-3c34ccc317ff}]

[HKEY_CLASSES_ROOT\CLSID\{bfe639ee-762e-46c4-ae7c-3c34ccc317ff}\InprocServer32]
@="C:\Program Files\Winamp\Plugins\cddbcontrolwinamp.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{c2e21ac1-675c-4cae-ba0c-98d25a5e5b84}]

[HKEY_CLASSES_ROOT\CLSID\{c2e21ac1-675c-4cae-ba0c-98d25a5e5b84}\InprocServer32]
@="C:\Program Files\Winamp\Plugins\cddbcontrolwinamp.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{C3B7B25C-6B8B-481A-BC48-59F9A6F7B69A}]
@="Windows Media Player Visualisation Wrapper"

[HKEY_CLASSES_ROOT\CLSID\{C3B7B25C-6B8B-481A-BC48-59F9A6F7B69A}\InprocServer32]
@="C:\Program Files\Shareaza\MediaPlayer.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{C3B7B25C-6B8B-481A-BC48-59F9A6F7B69A}\ProgID]
@="Shareaza.WMPVis.1"

[HKEY_CLASSES_ROOT\CLSID\{C3B7B25C-6B8B-481A-BC48-59F9A6F7B69A}\VersionIndependentProgID]
@="Shareaza.WMPVis"

[HKEY_CLASSES_ROOT\CLSID\{CAE80521-F685-11d1-AF32-00C04FA31B90}]
@="CLSID_OENote"

[HKEY_CLASSES_ROOT\CLSID\{CAE80521-F685-11d1-AF32-00C04FA31B90}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{D07E630D-A850-4f11-AD29-3D3848B67EFE}]
@="Sonique Visualisation Wrapper"

[HKEY_CLASSES_ROOT\CLSID\{D07E630D-A850-4f11-AD29-3D3848B67EFE}\InprocServer32]
@="C:\Program Files\Shareaza\MediaPlayer.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{D07E630D-A850-4f11-AD29-3D3848B67EFE}\ProgID]
@="Shareaza.SoniqueVis.1"

[HKEY_CLASSES_ROOT\CLSID\{D07E630D-A850-4f11-AD29-3D3848B67EFE}\VersionIndependentProgID]
@="Shareaza.SoniqueVis"

[HKEY_CLASSES_ROOT\CLSID\{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}]
@="GetInfo Class"

[HKEY_CLASSES_ROOT\CLSID\{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}\Control]

[HKEY_CLASSES_ROOT\CLSID\{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}\InprocServer32]
@="C:\Program Files\Yahoo!\Common\yverinfo.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}\MiscStatus\1]
@="132497"

[HKEY_CLASSES_ROOT\CLSID\{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}\ProgID]
@="YVerInfo.GetInfo.1"

[HKEY_CLASSES_ROOT\CLSID\{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}\TypeLib]
@="{BB99E4EE-5085-40AA-919D-0097DAC73212}"

[HKEY_CLASSES_ROOT\CLSID\{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}\VersionIndependentProgID]
@="YVerInfo.GetInfo"

[HKEY_CLASSES_ROOT\CLSID\{D8B4A55C-FA70-4181-B340-B92451E4DA62}]
@="CabIn Class"

[HKEY_CLASSES_ROOT\CLSID\{D8B4A55C-FA70-4181-B340-B92451E4DA62}\InprocServer32]
@="C:\Program Files\Winamp Remote\bin\Cab.dll"
"ThreadingModel"="Free"

[HKEY_CLASSES_ROOT\CLSID\{D8B4A55C-FA70-4181-B340-B92451E4DA62}\ProgID]
@="Cab.CabIn.1"

[HKEY_CLASSES_ROOT\CLSID\{D8B4A55C-FA70-4181-B340-B92451E4DA62}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{D8B4A55C-FA70-4181-B340-B92451E4DA62}\TypeLib]
@="{E349194C-BA1A-4968-B06E-E4E8C1CDB4DB}"

[HKEY_CLASSES_ROOT\CLSID\{D8B4A55C-FA70-4181-B340-B92451E4DA62}\VersionIndependentProgID]
@="Cab.CabIn"

[HKEY_CLASSES_ROOT\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}]
@="PSFactoryBuffer"

[HKEY_CLASSES_ROOT\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}\InProcServer32]
@="C:\Program Files\Winamp Toolbar\winamptbServerPS.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{E1A67AE5-7041-4AE1-94F7-DE03EF759E27}]
@="Shareaza.IEProtocolRequest"

[HKEY_CLASSES_ROOT\CLSID\{E1A67AE5-7041-4AE1-94F7-DE03EF759E27}\InprocHandler32]
@="ole32.dll"

[HKEY_CLASSES_ROOT\CLSID\{E1A67AE5-7041-4AE1-94F7-DE03EF759E27}\LocalServer32]
@="C:\PROGRA~1\Shareaza\Shareaza.exe"

[HKEY_CLASSES_ROOT\CLSID\{E1A67AE5-7041-4AE1-94F7-DE03EF759E27}\ProgID]
@="Shareaza.IEProtocolRequest"

[HKEY_CLASSES_ROOT\CLSID\{E21BE468-5C18-43EB-B0CC-DB93A847D769}]
@="RealMedia Splitter"

[HKEY_CLASSES_ROOT\CLSID\{E21BE468-5C18-43EB-B0CC-DB93A847D769}\InprocServer32]
@="C:\Program Files\Winamp Remote\bin\RealMediaSplitter.ax"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{E70C92A9-4BFD-11d1-8A95-00C04FB951F3}]
@="CLSID_StoreNamespace"

[HKEY_CLASSES_ROOT\CLSID\{E70C92A9-4BFD-11d1-8A95-00C04FB951F3}\InprocServer32]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,6f,00,65,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{E9B2EF9B-4A0C-451E-801F-257861B87FAD}]
@="Shareaza.Application"

[HKEY_CLASSES_ROOT\CLSID\{E9B2EF9B-4A0C-451E-801F-257861B87FAD}\InprocHandler32]
@="ole32.dll"

[HKEY_CLASSES_ROOT\CLSID\{E9B2EF9B-4A0C-451E-801F-257861B87FAD}\LocalServer32]
@="C:\PROGRA~1\Shareaza\Shareaza.exe"

[HKEY_CLASSES_ROOT\CLSID\{E9B2EF9B-4A0C-451E-801F-257861B87FAD}\ProgID]
@="Shareaza.Application"

[HKEY_CLASSES_ROOT\CLSID\{E9F51B1E-DB0F-4EEE-9B36-46151994C715}]
@="Document Metadata Reader and Thumbnailer"
"AppID"="{BEC42E3F-4B6B-49A3-A099-EB3D6752AA02}"

[HKEY_CLASSES_ROOT\CLSID\{E9F51B1E-DB0F-4EEE-9B36-46151994C715}\InprocServer32]
@="C:\Program Files\Shareaza\DocumentReader.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{E9F51B1E-DB0F-4EEE-9B36-46151994C715}\ProgID]
@="Shareaza.DocReader.1"

[HKEY_CLASSES_ROOT\CLSID\{E9F51B1E-DB0F-4EEE-9B36-46151994C715}\TypeLib]
@="{607C3F69-850D-4413-A81A-CF1C849BF387}"

[HKEY_CLASSES_ROOT\CLSID\{E9F51B1E-DB0F-4EEE-9B36-46151994C715}\VersionIndependentProgID]
@="Shareaza.DocReader"

[HKEY_CLASSES_ROOT\CLSID\{EEB09DE1-1892-43B5-9730-B3FA8361B13A}]
@="CMiTVSink Object"
"AppID"="{1EEAE99F-158C-403E-ABAE-D8FF9696CB21}"

[HKEY_CLASSES_ROOT\CLSID\{EEB09DE1-1892-43B5-9730-B3FA8361B13A}\Control]

[HKEY_CLASSES_ROOT\CLSID\{EEB09DE1-1892-43B5-9730-B3FA8361B13A}\LocalServer32]
@="\"C:\Program Files\Winamp Remote\bin\OrbTVBuffer.exe\""
"ThreadingModel"="apartment"

[HKEY_CLASSES_ROOT\CLSID\{EEB09DE1-1892-43B5-9730-B3FA8361B13A}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{EEB09DE1-1892-43B5-9730-B3FA8361B13A}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{EEB09DE1-1892-43B5-9730-B3FA8361B13A}\ProgID]
@="OrbTVBuffer.MiTVSink.1"

[HKEY_CLASSES_ROOT\CLSID\{EEB09DE1-1892-43B5-9730-B3FA8361B13A}\ToolboxBitmap32]
@="\"C:\Program Files\Winamp Remote\bin\OrbTVBuffer.exe\", 1"

[HKEY_CLASSES_ROOT\CLSID\{EEB09DE1-1892-43B5-9730-B3FA8361B13A}\TypeLib]
@="{1EEAE99F-158C-403E-ABAE-D8FF9696CB21}"

[HKEY_CLASSES_ROOT\CLSID\{EEB09DE1-1892-43B5-9730-B3FA8361B13A}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{EEB09DE1-1892-43B5-9730-B3FA8361B13A}\VersionIndependentProgID]
@="OrbTVBuffer.MiTVSink"

[HKEY_CLASSES_ROOT\CLSID\{f1110c60-736a-4d58-8e2a-4935dfcf9ac7}]

[HKEY_CLASSES_ROOT\CLSID\{f1110c60-736a-4d58-8e2a-4935dfcf9ac7}\InprocServer32]
@="C:\Program Files\Winamp\Plugins\cddbcontrolwinamp.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}]

[HKEY_CLASSES_ROOT\CLSID\{f2e9891e-0ce2-40bc-a6df-ed87c817b83d}\InprocServer32]
@="C:\Program Files\Winamp\Plugins\cddbcontrolwinamp.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{F801DAD7-F08D-48EF-B0DF-6B120377E835}]
@="RAR Builder"
"AppID"="{F801DAD7-F08D-48EF-B0DF-6B120377E835}"

[HKEY_CLASSES_ROOT\CLSID\{F801DAD7-F08D-48EF-B0DF-6B120377E835}\InprocServer32]
@="C:\Program Files\Shareaza\RARBuilder.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{F801DAD7-F08D-48EF-B0DF-6B120377E835}\ProgID]
@="RARBuilder.RARBuilder.1"

[HKEY_CLASSES_ROOT\CLSID\{F801DAD7-F08D-48EF-B0DF-6B120377E835}\TypeLib]
@="{EDB05406-0D3F-49F1-8ABC-9B53758008A0}"

[HKEY_CLASSES_ROOT\CLSID\{F801DAD7-F08D-48EF-B0DF-6B120377E835}\VersionIndependentProgID]
@="RARBuilder.RARBuilder"

[HKEY_CLASSES_ROOT\CLSID\{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}]
@="SWF Image Services"
"AppID"="{6BC193A0-817A-4E64-BDB2-F7193DE36342}"

[HKEY_CLASSES_ROOT\CLSID\{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}\InprocServer32]
@="C:\Program Files\Shareaza\SWFPlugin.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}\ProgID]
@="SWFPlugin.SWFReader.1"

[HKEY_CLASSES_ROOT\CLSID\{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}\TypeLib]
@="{6820AC10-8EE8-439B-9CB6-B17029025978}"

[HKEY_CLASSES_ROOT\CLSID\{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}\VersionIndependentProgID]
@="SWFPlugin.SWFReader"

[HKEY_CLASSES_ROOT\CLSID\{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}]
@="GFL Image Services"
"AppID"="{4DD7500D-4ACC-4833-AB1D-887C59199DC5}"

[HKEY_CLASSES_ROOT\CLSID\{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}\InprocServer32]
@="C:\Program Files\Shareaza\GFLImageServices.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}\ProgID]
@="GFLImageServices.GFLReader.1"

[HKEY_CLASSES_ROOT\CLSID\{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}\TypeLib]
@="{FCCC9C8C-45EF-4EB4-8AB1-5235585A631D}"

[HKEY_CLASSES_ROOT\CLSID\{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}\VersionIndependentProgID]
@="GFLImageServices.GFLReader"

[HKEY_CLASSES_ROOT\Applications\Shareaza.exe\shell\open]

[HKEY_CLASSES_ROOT\Applications\Shareaza.exe\shell\open\command]
@="\"C:\Program Files\Shareaza\Shareaza.exe\" \"%1\""

[HKEY_CLASSES_ROOT\Applications\Shareaza.exe\shell\open\ddeexec]
@="%1"

[HKEY_CLASSES_ROOT\Applications\Shareaza.exe\shell\open\ddeexec\Application]
@="Shareaza"

[HKEY_CLASSES_ROOT\Applications\Shareaza.exe\shell\open\ddeexec\Topic]
@="RAZAFORMAT"

[HKEY_CLASSES_ROOT\Applications\Winamp.exe\shell\Enqueue]
@="&Enqueue in Winamp"

[HKEY_CLASSES_ROOT\Applications\Winamp.exe\shell\Enqueue\command]
@="\"C:\Program Files\Winamp\Winamp.exe\" /ADD \"%1\""

[HKEY_CLASSES_ROOT\Applications\Winamp.exe\shell\Enqueue\DropTarget]
"Clsid"="{77A366BA-2BE4-4a1e-9263-7734AA3E99A2}"

[HKEY_CLASSES_ROOT\Applications\Winamp.exe\shell\ListBookmark]
@="Add to Winamp's &Bookmark list"

[HKEY_CLASSES_ROOT\Applications\Winamp.exe\shell\ListBookmark\command]
@="\"C:\Program Files\Winamp\Winamp.exe\" /BOOKMARK \"%1\""

[HKEY_CLASSES_ROOT\Applications\Winamp.exe\shell\Play]
@="&Play in Winamp"

[HKEY_CLASSES_ROOT\Applications\Winamp.exe\shell\Play\command]
@="\"C:\Program Files\Winamp\Winamp.exe\" \"%1\""

[HKEY_CLASSES_ROOT\Applications\Winamp.exe\shell\Play\DropTarget]
"Clsid"="{46986115-84D6-459c-8F95-52DD653E532E}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\msimn.exe]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,6d,00,73,00,69,00,6d,00,6e,00,2e,\
  00,65,00,78,00,65,00,00,00
"Path"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
  00,65,00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,\
  45,00,78,00,70,00,72,00,65,00,73,00,73,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\Shareaza.exe]
@="C:\Program Files\Shareaza\Shareaza.exe"
"Path"="C:\Program Files\Shareaza"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\wab.exe]
@=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,\
  00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6f,00,6f,00,6b,00,20,00,45,00,\
  78,00,70,00,72,00,65,00,73,00,73,00,5c,00,77,00,61,00,62,00,2e,00,65,00,78,\
  00,65,00,00,00
"Path"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,\
  00,65,00,73,00,25,00,5c,00,4f,00,75,00,74,00,6c,00,6

NightmareTheWorld · Answer

Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\7ZipBuilder.7ZipBuilder]
@="7-Zip Builder"

[HKEY_CLASSES_ROOT\7ZipBuilder.7ZipBuilder\CLSID]
@="{B69F80CD-FB15-45E8-B359-92A41CC571A7}"

[HKEY_CLASSES_ROOT\7ZipBuilder.7ZipBuilder\CurVer]
@="7ZipBuilder.7ZipBuilder.1"

[HKEY_CLASSES_ROOT\7ZipBuilder.7ZipBuilder.1]
@="7-Zip Builder"

[HKEY_CLASSES_ROOT\7ZipBuilder.7ZipBuilder.1\CLSID]
@="{B69F80CD-FB15-45E8-B359-92A41CC571A7}"

[HKEY_CLASSES_ROOT\Cab.CabIn]
@="CabIn Class"

[HKEY_CLASSES_ROOT\Cab.CabIn\CLSID]
@="{D8B4A55C-FA70-4181-B340-B92451E4DA62}"

[HKEY_CLASSES_ROOT\Cab.CabIn\CurVer]
@="Cab.CabIn.1"

[HKEY_CLASSES_ROOT\Cab.CabIn.1]
@="CabIn Class"

[HKEY_CLASSES_ROOT\Cab.CabIn.1\CLSID]
@="{D8B4A55C-FA70-4181-B340-B92451E4DA62}"

[HKEY_CLASSES_ROOT\certificate_wab_auto_file]
@="Fichier Identificateur numérique"

[HKEY_CLASSES_ROOT\certificate_wab_auto_file\shell]

[HKEY_CLASSES_ROOT\ed2k\DefaultIcon]
@="C:\Program Files\eMule\eMule.exe,0"

[HKEY_CLASSES_ROOT\GFLImageServices.GFLReader]
@="GFL Image Services"

[HKEY_CLASSES_ROOT\GFLImageServices.GFLReader\CLSID]
@="{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}"

[HKEY_CLASSES_ROOT\GFLImageServices.GFLReader\CurVer]
@="GFLImageServices.GFLReader.1"

[HKEY_CLASSES_ROOT\GFLImageServices.GFLReader.1]
@="GFL Image Services"

[HKEY_CLASSES_ROOT\GFLImageServices.GFLReader.1\CLSID]
@="{FF5FCD00-2C20-49D8-84F6-888D2E2C95DA}"

[HKEY_CLASSES_ROOT\GFLLibraryBuilder.Builder]
@="GFL Library Builder"

[HKEY_CLASSES_ROOT\GFLLibraryBuilder.Builder\CLSID]
@="{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}"

[HKEY_CLASSES_ROOT\GFLLibraryBuilder.Builder\CurVer]
@="GFLLibraryBuilder.Builder.1"

[HKEY_CLASSES_ROOT\GFLLibraryBuilder.Builder.1]
@="GFL Library Builder"

[HKEY_CLASSES_ROOT\GFLLibraryBuilder.Builder.1\CLSID]
@="{6C9E61BE-E58F-4AE1-A304-6FF1D183804C}"

[HKEY_CLASSES_ROOT\helix.duration]
@="HelixDuration Class"

[HKEY_CLASSES_ROOT\helix.duration\CLSID]
@="{80F6E410-210B-454C-B523-97D7C2541FF3}"

[HKEY_CLASSES_ROOT\helix.duration\CurVer]
@="Ctrl.Duration.1"

[HKEY_CLASSES_ROOT\helix.duration.1]
@="HelixDuration Class"

[HKEY_CLASSES_ROOT\helix.duration.1\CLSID]
@="{80F6E410-210B-454C-B523-97D7C2541FF3}"

[HKEY_CLASSES_ROOT\helix.producer]
@="HelixProducerCtrl Class"

[HKEY_CLASSES_ROOT\helix.producer\CLSID]
@="{66F8592D-33E8-11D7-8A24-00045A785B71}"

[HKEY_CLASSES_ROOT\helix.producer\CurVer]
@="helix.producer.1"

[HKEY_CLASSES_ROOT\helix.producer.1]
@="HelixProducerCtrl Class"

[HKEY_CLASSES_ROOT\helix.producer.1\CLSID]
@="{66F8592D-33E8-11D7-8A24-00045A785B71}"

[HKEY_CLASSES_ROOT\MediaImageServices.VideoReader]
@="Media Image Services"

[HKEY_CLASSES_ROOT\MediaImageServices.VideoReader\CLSID]
@="{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}"

[HKEY_CLASSES_ROOT\MediaImageServices.VideoReader\CurVer]
@="MediaImageServices.VideoReader.1"

[HKEY_CLASSES_ROOT\MediaImageServices.VideoReader.1]
@="Media Image Services"

[HKEY_CLASSES_ROOT\MediaImageServices.VideoReader.1\CLSID]
@="{04CC76C7-1ED7-4CAE-9762-B8664ED008ED}"

[HKEY_CLASSES_ROOT\MediaLibraryBuilder.Builder]
@="Media Library Builder"

[HKEY_CLASSES_ROOT\MediaLibraryBuilder.Builder\CLSID]
@="{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}"

[HKEY_CLASSES_ROOT\MediaLibraryBuilder.Builder\CurVer]
@="MediaLibraryBuilder.Builder.1"

[HKEY_CLASSES_ROOT\MediaLibraryBuilder.Builder.1]
@="Media Library Builder"

[HKEY_CLASSES_ROOT\MediaLibraryBuilder.Builder.1\CLSID]
@="{570C197C-FE9C-4D1F-B6E0-EFA44D36399F}"

[HKEY_CLASSES_ROOT\OrbTVBuffer.MiTVSink]
@="CMiTVSink Object"

[HKEY_CLASSES_ROOT\OrbTVBuffer.MiTVSink\CLSID]
@="{EEB09DE1-1892-43B5-9730-B3FA8361B13A}"

[HKEY_CLASSES_ROOT\OrbTVBuffer.MiTVSink\CurVer]
@="OrbTVBuffer.MiTVSink.1"

[HKEY_CLASSES_ROOT\OrbTVBuffer.MiTVSink.1]
@="CMiTVSink Object"

[HKEY_CLASSES_ROOT\OrbTVBuffer.MiTVSink.1\CLSID]
@="{EEB09DE1-1892-43B5-9730-B3FA8361B13A}"

[HKEY_CLASSES_ROOT\OutlookExpress.Envelope]
@="Outlook Express Envelope"

[HKEY_CLASSES_ROOT\OutlookExpress.Envelope\CLSID]
@="{A08AF898-C2A3-11d1-BE23-00C04FA31009}"

[HKEY_CLASSES_ROOT\OutlookExpress.Envelope\CurVer]
@="OutlookExpress.Envelope.1"

[HKEY_CLASSES_ROOT\OutlookExpress.Envelope.1]
@="Outlook Express Envelope"

[HKEY_CLASSES_ROOT\OutlookExpress.Envelope.1\CLSID]
@="{A08AF898-C2A3-11d1-BE23-00C04FA31009}"

[HKEY_CLASSES_ROOT\RARBuilder.RARBuilder]
@="RAR Builder"

[HKEY_CLASSES_ROOT\RARBuilder.RARBuilder\CLSID]
@="{F801DAD7-F08D-48EF-B0DF-6B120377E835}"

[HKEY_CLASSES_ROOT\RARBuilder.RARBuilder\CurVer]
@="RARBuilder.RARBuilder.1"

[HKEY_CLASSES_ROOT\RARBuilder.RARBuilder.1]
@="RAR Builder"

[HKEY_CLASSES_ROOT\RARBuilder.RARBuilder.1\CLSID]
@="{F801DAD7-F08D-48EF-B0DF-6B120377E835}"

[HKEY_CLASSES_ROOT\Shareaza.Application]
@="Shareaza.Application"

[HKEY_CLASSES_ROOT\Shareaza.Application\CLSID]
@="{E9B2EF9B-4A0C-451E-801F-257861B87FAD}"

[HKEY_CLASSES_ROOT\Shareaza.AVIPreviewer.1]
@="Partial AVI Preview Filter for Shareaza"

[HKEY_CLASSES_ROOT\Shareaza.AVIPreviewer.1\CLSID]
@="{394011F0-6D5C-42a3-96C6-24B9AD6B010C}"

[HKEY_CLASSES_ROOT\Shareaza.DataSource]
@="Shareaza.DataSource"

[HKEY_CLASSES_ROOT\Shareaza.DataSource\CLSID]
@="{34791E02-51DC-4CF4-9E34-018166D91D0E}"

[HKEY_CLASSES_ROOT\Shareaza.DocReader]
@="Document Metadata Reader and Thumbnailer"

[HKEY_CLASSES_ROOT\Shareaza.DocReader\CLSID]
@="{E9F51B1E-DB0F-4EEE-9B36-46151994C715}"

[HKEY_CLASSES_ROOT\Shareaza.DocReader\CurVer]
@="Shareaza.DocReader.1"

[HKEY_CLASSES_ROOT\Shareaza.DocReader.1]
@="Document Metadata Reader and Thumbnailer"

[HKEY_CLASSES_ROOT\Shareaza.DocReader.1\CLSID]
@="{E9F51B1E-DB0F-4EEE-9B36-46151994C715}"

[HKEY_CLASSES_ROOT\Shareaza.IEProtocol]
@="Shareaza.IEProtocol"

[HKEY_CLASSES_ROOT\Shareaza.IEProtocol\CLSID]
@="{18D11ED9-1264-48A1-9E14-20F2C633242B}"

[HKEY_CLASSES_ROOT\Shareaza.IEProtocolRequest]
@="Shareaza.IEProtocolRequest"

[HKEY_CLASSES_ROOT\Shareaza.IEProtocolRequest\CLSID]
@="{E1A67AE5-7041-4AE1-94F7-DE03EF759E27}"

[HKEY_CLASSES_ROOT\Shareaza.ImageViewerPlugin]
@="Shareaza Image Viewer Plugin"

[HKEY_CLASSES_ROOT\Shareaza.ImageViewerPlugin\CLSID]
@="{2EE9D739-7726-41cf-8F18-4B1B8763BC63}"

[HKEY_CLASSES_ROOT\Shareaza.ImageViewerPlugin\CurVer]
@="Shareaza.ImageViewerPlugin.1"

[HKEY_CLASSES_ROOT\Shareaza.ImageViewerPlugin.1]
@="Shareaza Image Viewer Plugin"

[HKEY_CLASSES_ROOT\Shareaza.ImageViewerPlugin.1\CLSID]
@="{2EE9D739-7726-41cf-8F18-4B1B8763BC63}"

[HKEY_CLASSES_ROOT\Shareaza.MediaPlayer.1]
@="Shareaza Media Services Plugin"

[HKEY_CLASSES_ROOT\Shareaza.MediaPlayer.1\CLSID]
@="{3DC28AA6-A597-4E03-96DF-ADA19155B0BE}"

[HKEY_CLASSES_ROOT\Shareaza.MP3Previewer.1]
@="Partial MP3 Preview Filter for Shareaza"

[HKEY_CLASSES_ROOT\Shareaza.MP3Previewer.1\CLSID]
@="{BF00DBCC-90A2-4f46-8171-7D4F929D035F}"

[HKEY_CLASSES_ROOT\Shareaza.MPEGPreviewer.1]
@="Partial MPEG-1 Preview Filter for Shareaza"

[HKEY_CLASSES_ROOT\Shareaza.MPEGPreviewer.1\CLSID]
@="{9AA8DF47-B8FE-47da-AB1A-2DAA0DA0B646}"

[HKEY_CLASSES_ROOT\Shareaza.RatDVDReader]
@="RatDVD Metadata Reader and Thumbnailer"

[HKEY_CLASSES_ROOT\Shareaza.RatDVDReader\CLSID]
@="{61700EEC-D5D3-4793-BD1F-514896D67F44}"

[HKEY_CLASSES_ROOT\Shareaza.RatDVDReader\CurVer]
@="Shareaza.RatDVDReader.1"

[HKEY_CLASSES_ROOT\Shareaza.RatDVDReader.1]
@="RatDVD Metadata Reader and Thumbnailer"

[HKEY_CLASSES_ROOT\Shareaza.RatDVDReader.1\CLSID]
@="{61700EEC-D5D3-4793-BD1F-514896D67F44}"

[HKEY_CLASSES_ROOT\Shareaza.SimpleScope.1]
@="SimpleScopes Audio Visualisation for Shareaza"

[HKEY_CLASSES_ROOT\Shareaza.SimpleScope.1\CLSID]
@="{591A5CFF-3172-4020-A067-238542DDE9C2}"

[HKEY_CLASSES_ROOT\Shareaza.SkinFile]
@="Shareaza Skin File"

[HKEY_CLASSES_ROOT\Shareaza.SkinFile\shell]
@="open"

[HKEY_CLASSES_ROOT\Shareaza.SkinInfoExtractor]
@="Shareaza Skin Metadata Extractor"

[HKEY_CLASSES_ROOT\Shareaza.SkinInfoExtractor\CLSID]
@="{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}"

[HKEY_CLASSES_ROOT\Shareaza.SkinInfoExtractor\CurVer]
@="Shareaza.SkinInfoExtractor.1"

[HKEY_CLASSES_ROOT\Shareaza.SkinInfoExtractor.1]
@="Shareaza Skin Metadata Extractor"

[HKEY_CLASSES_ROOT\Shareaza.SkinInfoExtractor.1\CLSID]
@="{A4F1E383-B493-4580-8DB6-5CC89CBAAC53}"

[HKEY_CLASSES_ROOT\Shareaza.SoniqueVis.1]
@="Sonique Visualisation Wrapper"

[HKEY_CLASSES_ROOT\Shareaza.SoniqueVis.1\CLSID]
@="{D07E630D-A850-4f11-AD29-3D3848B67EFE}"

[HKEY_CLASSES_ROOT\Shareaza.WMPVis.1]
@="Windows Media Player Visualisation Wrapper"

[HKEY_CLASSES_ROOT\Shareaza.WMPVis.1\CLSID]
@="{C3B7B25C-6B8B-481A-BC48-59F9A6F7B69A}"

[HKEY_CLASSES_ROOT\SWFPlugin.SWFBuilder]
@="SWF Library Builder"

[HKEY_CLASSES_ROOT\SWFPlugin.SWFBuilder\CLSID]
@="{B978F591-5137-4612-873A-DC2081BAD6CD}"

[HKEY_CLASSES_ROOT\SWFPlugin.SWFBuilder\CurVer]
@="SWFPlugin.SWFBuilder.1"

[HKEY_CLASSES_ROOT\SWFPlugin.SWFBuilder.1]
@="SWF Library Builder"

[HKEY_CLASSES_ROOT\SWFPlugin.SWFBuilder.1\CLSID]
@="{B978F591-5137-4612-873A-DC2081BAD6CD}"

[HKEY_CLASSES_ROOT\SWFPlugin.SWFReader]
@="SWF Image Services"

[HKEY_CLASSES_ROOT\SWFPlugin.SWFReader\CLSID]
@="{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}"

[HKEY_CLASSES_ROOT\SWFPlugin.SWFReader\CurVer]
@="SWFPlugin.SWFReader.1"

[HKEY_CLASSES_ROOT\SWFPlugin.SWFReader.1]
@="SWF Image Services"

[HKEY_CLASSES_ROOT\SWFPlugin.SWFReader.1\CLSID]
@="{FC4D8F69-0B18-49BB-8AB7-87EB77AA1A9D}"

[HKEY_CLASSES_ROOT\vcard_wab_auto_file]
@="Fichier vCard"

[HKEY_CLASSES_ROOT\vcard_wab_auto_file\shell]

[HKEY_CLASSES_ROOT\wab_auto_file]
@="Fichier Carnet d'adresses"

[HKEY_CLASSES_ROOT\wab_auto_file\shell]

[HKEY_CLASSES_ROOT\YVerInfo.GetInfo]
@="GetInfo Class"

[HKEY_CLASSES_ROOT\YVerInfo.GetInfo\CLSID]
@="{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}"

[HKEY_CLASSES_ROOT\YVerInfo.GetInfo\CurVer]
@="YVerInfo.GetInfo.1"

[HKEY_CLASSES_ROOT\YVerInfo.GetInfo.1]
@="GetInfo Class"

[HKEY_CLASSES_ROOT\YVerInfo.GetInfo.1\CLSID]
@="{D5184A39-CBDF-4A4F-AC1A-7A45A852C883}"

[HKEY_CLASSES_ROOT\YVerInfo.GetInfo2]
@="GetInfo2 Class"

[HKEY_CLASSES_ROOT\YVerInfo.GetInfo2\CLSID]
@="{B345F37E-6763-433b-BC53-9B526A9B7B8B}"

[HKEY_CLASSES_ROOT\YVerInfo.GetInfo2\CurVer]
@="YVerInfo.GetInfo2.1"

[HKEY_CLASSES_ROOT\YVerInfo.GetInfo2.1]
@="GetInfo2 Class"

[HKEY_CLASSES_ROOT\YVerInfo.GetInfo2.1\CLSID]
@="{B345F37E-6763-433b-BC53-9B526A9B7B8B}"

[HKEY_CLASSES_ROOT\ZIPBuilder.ZIPBuilder]
@="ZIP Builder"

[HKEY_CLASSES_ROOT\ZIPBuilder.ZIPBuilder\CLSID]
@="{2F74AA28-2498-4805-911A-04C39858D529}"

[HKEY_CLASSES_ROOT\ZIPBuilder.ZIPBuilder\CurVer]
@="ZIPBuilder.ZIPBuilder.1"

[HKEY_CLASSES_ROOT\ZIPBuilder.ZIPBuilder.1]
@="ZIP Builder"

[HKEY_CLASSES_ROOT\ZIPBuilder.ZIPBuilder.1\CLSID]
@="{2F74AA28-2498-4805-911A-04C39858D529}"

[HKEY_CLASSES_ROOT\Applications\Winamp.exe]

[HKEY_CLASSES_ROOT\Applications\Winamp.exe\shell]
@="Play"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Shareaza_is1]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,60,20,02,00,00,00,00,d4,81,c9,\
  ee,44,4b,c9,01,09,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
  61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,68,00,61,00,72,\
  00,65,00,61,00,7a,00,61,00,5c,00,53,00,68,00,61,00,72,00,65,00,61,00,7a,00,\
  61,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00
"Changed"=dword:00000000

NightmareTheWorld · Answer

Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe]
@="C:\Program Files\Trend Micro\HijackThis\hijackthis.exe"
"Path"="C:\Program Files\Trend Micro\HijackThis"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\FindyKill]
"DisplayName"="FindyKill"
"UninstallString"="C:\Program Files\FindyKill\Uninstal.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\HijackThis]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,e0,2b,00,00,00,00,00,b4,a4,02,\
  8d,07,5e,c9,01,02,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
  61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,54,00,72,00,65,00,6e,\
  00,64,00,20,00,4d,00,69,00,63,00,72,00,6f,00,5c,00,48,00,69,00,6a,00,61,00,\
  63,00,6b,00,54,00,68,00,69,00,73,00,5c,00,48,00,69,00,6a,00,61,00,63,00,6b,\
  00,54,00,68,00,69,00,73,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\TrendMicro]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOCUME~1\kira\LOCALS~1\Temp\is-31BJM.tmp\mbam-setup.tmp"="Setup/Uninstall"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOCUME~1\kira\LOCALS~1\Temp\is-63R62.tmp\mbam-setup.tmp"="Setup/Uninstall"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"="HijackThis"

NightmareTheWorld · Answer

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FindyKill]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,d0,0b,00,00,00,00,00,fe,ba,3f,\
  cc,06,69,c9,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
  61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,6e,00,64,\
  00,79,00,4b,00,69,00,6c,00,6c,00,5c,00,54,00,6f,00,6f,00,6c,00,73,00,5c,00,\
  4b,00,69,00,6c,00,6c,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00
"Changed"=dword:00000000


Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\.sks]
@="Shareaza.SkinFile"

[HKEY_CLASSES_ROOT\.wab]
@="wab_auto_file"


Windows Registry Editor Version 5.00


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lng]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lng\OpenWithList]
"a"="iexplore.exe"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\kira\Mes documents\Speed-Downloading_setup.exe"="Speed-Downloading_setup"

NightmareTheWorld · Answer

Je sais ça fait beaucoup mais c'est pas fini...^^"
celui-ci je viens de le faire :

 Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AFB4DC8C-22CF-483C-8A55-CD9C4A749BAC}]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
  00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Free Download Manager\fdm.exe"="Free Download Manager"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Emjysoft\EasyClean\unins000.exe"="Setup/Uninstall"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOCUME~1\kira\LOCALS~1\Temp\set15.tmp"="Setup.exe"




p.s : j'ai beaucoup de pubs qui apparaissent ces derniers temps tu peux m'aider à les virer?surtout celle qui sont hot, parce que là ça craint...

Et tu rames, rames, rames....

63 réponses

Votre réponse

Discussions similaires

Newsletters