rapport hijack this de SharshaR le noob
Dernière réponse : dans Sécurité
Logfile of HijackThis v1.99.1
Scan saved at 16:55:53, on 08/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\eHome\ehSched.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\dllhost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
D:\Documents and Settings\ju\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = free.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.generation-nt.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = free.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.generation-nt.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [find iso comp 16] D:\Documents and Settings\All Users\Application Data\phonewavefindiso\Bonecopy.exe
O4 - HKLM\..\Run: [dmdge.exe] D:\WINDOWS\system32\dmdge.exe
O4 - HKLM\..\Run: [hgqhp.exe] D:\WINDOWS\system32\hgqhp.exe
O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb012YY...
O8 - Extra context menu item: Bloquer ce serveur... - d:\program files\avant browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - d:\program files\avant browser\AddToADBlackList.htm
O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - d:\program files\avant browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - d:\program files\avant browser\OpenAllLinks.htm
O8 - Extra context menu item: Rechercher sur le Web... - d:\program files\avant browser\Search.htm
O8 - Extra context menu item: Surligner - d:\program files\avant browser\Highlight.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B562BC94-9A3A-4760-AE48-0D52FD01B1B5} (VeriSign Software Update Service) - http://download.verisign-grs.com/plug-in/i-navinstall.c...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/too...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{107CCC1D-B77C-4F8E-AD8C-C1B80F95C7A6}: NameServer = 85.255.116.117,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DD39C48-1003-4752-8BBF-B61D0FBCAF52}: NameServer = 85.255.116.117,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{6950DA05-77F2-49B1-9025-A7D70587B266}: NameServer = 85.255.116.117,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF0B0E51-2508-4396-B540-CAF3E97F7EAC}: NameServer = 85.255.116.117,85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{107CCC1D-B77C-4F8E-AD8C-C1B80F95C7A6}: NameServer = 85.255.116.117,85.255.112.165
O17 - HKLM\System\CS2\Services\Tcpip\..\{107CCC1D-B77C-4F8E-AD8C-C1B80F95C7A6}: NameServer = 85.255.116.117,85.255.112.165
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: DateTime - D:\WINDOWS\system32\hp0023dmg.dll
O20 - Winlogon Notify: Reliability - D:\WINDOWS\system32\gpr4l39q1.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: fsbwsys - Unknown owner - D:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - D:\WINDOWS\system32\HPHipm11.exe
Scan saved at 16:55:53, on 08/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\eHome\ehSched.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\dllhost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
D:\Documents and Settings\ju\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = free.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.generation-nt.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = free.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.generation-nt.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [find iso comp 16] D:\Documents and Settings\All Users\Application Data\phonewavefindiso\Bonecopy.exe
O4 - HKLM\..\Run: [dmdge.exe] D:\WINDOWS\system32\dmdge.exe
O4 - HKLM\..\Run: [hgqhp.exe] D:\WINDOWS\system32\hgqhp.exe
O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB0_0_0 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb012YY...
O8 - Extra context menu item: Bloquer ce serveur... - d:\program files\avant browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - d:\program files\avant browser\AddToADBlackList.htm
O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - d:\program files\avant browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - d:\program files\avant browser\OpenAllLinks.htm
O8 - Extra context menu item: Rechercher sur le Web... - d:\program files\avant browser\Search.htm
O8 - Extra context menu item: Surligner - d:\program files\avant browser\Highlight.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x40...
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B562BC94-9A3A-4760-AE48-0D52FD01B1B5} (VeriSign Software Update Service) - http://download.verisign-grs.com/plug-in/i-navinstall.c...
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/too...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{107CCC1D-B77C-4F8E-AD8C-C1B80F95C7A6}: NameServer = 85.255.116.117,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DD39C48-1003-4752-8BBF-B61D0FBCAF52}: NameServer = 85.255.116.117,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{6950DA05-77F2-49B1-9025-A7D70587B266}: NameServer = 85.255.116.117,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF0B0E51-2508-4396-B540-CAF3E97F7EAC}: NameServer = 85.255.116.117,85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{107CCC1D-B77C-4F8E-AD8C-C1B80F95C7A6}: NameServer = 85.255.116.117,85.255.112.165
O17 - HKLM\System\CS2\Services\Tcpip\..\{107CCC1D-B77C-4F8E-AD8C-C1B80F95C7A6}: NameServer = 85.255.116.117,85.255.112.165
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: DateTime - D:\WINDOWS\system32\hp0023dmg.dll
O20 - Winlogon Notify: Reliability - D:\WINDOWS\system32\gpr4l39q1.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: fsbwsys - Unknown owner - D:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - D:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - D:\WINDOWS\system32\HPHipm11.exe
Autres pages sur : rapport hijack this sharshar noob
Lassé par la pub ? Créez un compte
Salut les gars et les filles...
Je viens de m'inscrire et je suis déjà paumée!!!
Je ne sais même pas dans quel forum aller.
Pour laisser un méssage, j'ai dû cliquer sur "répondre" :-o Enfin!!!!
Je voulais avoir un conseil: je voudrais résilier (déjà depuis un bon moment) mon contrat chez securitto (l'antivirus de wanadoo) et personne ne sait me dire comment faire par téléphone!! On ne me donne pas d'adresse, aucun conseil, et, en plus, on me raccroche au nez!! Pendant ce temps, ils continuent à prélever les mensualités sur mon compte alors que je n'ai jamais utilisé securitoo!!
Que dois-je faire????????!!!!!!!!!!!
:-(
Bisou à tous et un encore plus gros à celui qui m'aidera...
Merci!
Je viens de m'inscrire et je suis déjà paumée!!!
Je ne sais même pas dans quel forum aller.
Pour laisser un méssage, j'ai dû cliquer sur "répondre" :-o Enfin!!!!
Je voulais avoir un conseil: je voudrais résilier (déjà depuis un bon moment) mon contrat chez securitto (l'antivirus de wanadoo) et personne ne sait me dire comment faire par téléphone!! On ne me donne pas d'adresse, aucun conseil, et, en plus, on me raccroche au nez!! Pendant ce temps, ils continuent à prélever les mensualités sur mon compte alors que je n'ai jamais utilisé securitoo!!
Que dois-je faire????????!!!!!!!!!!!
:-(
Bisou à tous et un encore plus gros à celui qui m'aidera...
Merci!
voila le nouveau log il me rest d spam mais plus de virus en fixant quelques lignes et aussi smitfraufix ;-)
Logfile of HijackThis v1.99.1
Scan saved at 17:28:47, on 10/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\system32\dllhost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\system32\rundll32.exe
D:\Documents and Settings\ju\Bureau\eMule\emule.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\ju\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O8 - Extra context menu item: Bloquer ce serveur... - d:\program files\avant browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - d:\program files\avant browser\AddToADBlackList.htm
O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - d:\program files\avant browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - d:\program files\avant browser\OpenAllLinks.htm
O8 - Extra context menu item: Rechercher sur le Web... - d:\program files\avant browser\Search.htm
O8 - Extra context menu item: Surligner - d:\program files\avant browser\Highlight.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WebCheck - D:\WINDOWS\system32\m0280afued280.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: fsbwsys - Unknown owner - D:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - D:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Logfile of HijackThis v1.99.1
Scan saved at 17:28:47, on 10/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\system32\dllhost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\system32\rundll32.exe
D:\Documents and Settings\ju\Bureau\eMule\emule.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\ju\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O8 - Extra context menu item: Bloquer ce serveur... - d:\program files\avant browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Bloquer cette publicité... - d:\program files\avant browser\AddToADBlackList.htm
O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - d:\program files\avant browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Ouvrir tous les liens de la page... - d:\program files\avant browser\OpenAllLinks.htm
O8 - Extra context menu item: Rechercher sur le Web... - d:\program files\avant browser\Search.htm
O8 - Extra context menu item: Surligner - d:\program files\avant browser\Highlight.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.generation-nt.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WebCheck - D:\WINDOWS\system32\m0280afued280.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: fsbwsys - Unknown owner - D:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - D:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Salut,
L'infection est toujours la
O20 - Winlogon Notify: WebCheck - D:\WINDOWS\system32\m0280afued280.dll
Essaye sa :
1/Télécharge L2Mfix
http://www.atribune.org/downloads/l2mfix.exe ou
http://www.downloads.subratam.org/l2mfix.exe
Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install
2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.
3/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
4/ Reposte un log HijackThis.
L'infection est toujours la
O20 - Winlogon Notify: WebCheck - D:\WINDOWS\system32\m0280afued280.dll
Essaye sa :
1/Télécharge L2Mfix
http://www.atribune.org/downloads/l2mfix.exe ou
http://www.downloads.subratam.org/l2mfix.exe
Mets-le sur ton bureau.
Double-clic sur l2mfix.exe
A la 1ère question clic sur Accept, ensuite clic sur Install
2/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 1 puis Entrée
Poste ce 1er rapport.
3/ Ouvre le dossier l2mfix créé sur le bureau puis double-clic sur L2Mfix.bat
Ensuite choisis l'option 2 puis Entrée
Puis appuie sur n'importe quelle touche pour redémarrer l'ordinateur
Après redémarrage, le bureau et les icônes vont apparaître puis disparaître, c'est normal ! Et un nouveau rapport va apparaître à l'écran.
>> Si après redémarrage les icônes n'apparaissent/disparaissent pas ou si le rapport n'apparaît pas, alors ouvre le dossier l2mfix et lance second.bat
4/ Reposte un log HijackThis.
L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="D:\\WINDOWS\\system32\\m0280afued280.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A3289F36-71FB-CD29-CF44-CE5ABBD2B4E6}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v8"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{828F0ABB-9383-486D-941D-15CEA306BF42}"=""
"{E024D033-06A9-4A70-BD31-63E0CC5F7433}"=""
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{52E11716-0508-4F6D-A58B-AE4063310C28}"=""
"{10B095B3-40DC-4871-BF32-C65DA9D8C5E4}"=""
"{B0A6CCBB-4F23-4F7F-B861-250A9D0ED0FF}"=""
"{53073EA4-530A-4546-90D8-BC2BB36BD7CB}"=""
"{5E3667E3-C83B-4E66-B873-4495798E0535}"=""
"{A780921D-EF5A-4460-8B86-E88B355CC58F}"=""
"{0BB09FC1-2ED4-47AB-B4C0-8B7522813C76}"=""
"{2AFE3A35-6863-4E58-AC14-1E2D1FEDF039}"=""
"{F580F2DB-ADA3-4A2F-BC3D-9166396711E7}"=""
"{F79C14B5-8105-4260-83AC-067BBEAD66C4}"=""
"{5A34B713-D70B-473E-B965-A460FAAE7058}"=""
"{4342BB92-53DB-4B96-8F2F-8184CDAB5CB2}"=""
"{46005929-3042-4E5E-A69A-D933E00B91CC}"=""
"{99BC039B-FCB1-4565-8819-98D93EABB9FE}"=""
"{F6CB7F88-68A7-49AE-80D0-B1D06E4066B3}"=""
"{A45061CA-A03A-42D6-A385-99B6B7D79E94}"=""
"{BCE819DE-2B00-4AA6-9D1F-2C3856760111}"=""
"{E51B6680-2122-44F6-BD11-95797BF1A404}"=""
"{24BFC62B-168A-44AA-B619-65A96D75F3AF}"=""
"{333EC17B-3C5F-41BD-B00F-F9181A1AD148}"=""
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{65DDDD38-8B14-454B-9FC9-846BCD42CB42}"=""
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}\InprocServer32]
@="D:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}\InprocServer32]
@="D:\\WINDOWS\\system32\\scmpsnap.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
D:\WINDOWS\SYSTEM32\
betsprx2.dll Mon 9 Jan 2006 17:38:04 ..S.R 237 176 231,62 K
browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1 022 976 999,00 K
cdfview.dll Fri 21 Oct 2005 4:41:00 A.... 152 064 148,50 K
danim.dll Sat 5 Nov 2005 4:17:22 A.... 1 056 768 1,01 M
divx.dll Wed 7 Dec 2005 18:05:52 A.... 573 952 560,50 K
divx_x~1.dll Wed 7 Dec 2005 18:05:50 A.... 679 936 664,00 K
divx_x~2.dll Wed 7 Dec 2005 18:05:50 A.... 679 936 664,00 K
divx_x~3.dll Wed 7 Dec 2005 18:05:50 A.... 663 552 648,00 K
dnp001~1.dll Tue 10 Jan 2006 0:20:32 ..S.R 234 024 228,54 K
dpl100.dll Thu 27 Oct 2005 20:37:46 A.... 86 016 84,00 K
dpu10.dll Thu 27 Oct 2005 20:37:44 A.... 294 912 288,00 K
dpu11.dll Thu 27 Oct 2005 20:37:44 A.... 294 912 288,00 K
dpugui10.dll Thu 27 Oct 2005 20:37:48 A.... 53 248 52,00 K
dpugui11.dll Thu 27 Oct 2005 20:37:46 A.... 593 920 580,00 K
dpus11.dll Thu 27 Oct 2005 20:37:44 A.... 339 968 332,00 K
dpv11.dll Thu 27 Oct 2005 20:37:44 A.... 57 344 56,00 K
dtu100.dll Thu 27 Oct 2005 20:37:44 A.... 200 704 196,00 K
dxtrans.dll Fri 21 Oct 2005 4:41:00 A.... 205 312 200,50 K
en2sl1~1.dll Tue 10 Jan 2006 15:54:40 ..S.R 234 108 228,62 K
esent.dll Thu 20 Oct 2005 23:25:54 A.... 1 097 728 1,05 M
extmgr.dll Fri 21 Oct 2005 4:41:00 A.... 55 808 54,50 K
fp2803~1.dll Tue 10 Jan 2006 12:34:08 ..S.R 233 659 228,18 K
g2lm0c~1.dll Mon 9 Jan 2006 21:15:56 ..S.R 237 308 231,75 K
gdi32.dll Thu 29 Dec 2005 3:56:04 A.... 280 064 273,50 K
i4lole~1.dll Mon 9 Jan 2006 17:36:42 ..S.R 236 122 230,59 K
iepeers.dll Fri 21 Oct 2005 4:41:00 A.... 251 392 245,50 K
inseng.dll Fri 21 Oct 2005 4:41:00 A.... 96 768 94,50 K
j64olg~1.dll Mon 9 Jan 2006 21:20:58 ..S.R 237 176 231,62 K
k8pm0i~1.dll Mon 9 Jan 2006 21:43:22 ..S.R 233 337 227,87 K
ktlql7~1.dll Mon 9 Jan 2006 21:46:46 ..S.R 234 016 228,53 K
ktlsl7~1.dll Tue 10 Jan 2006 15:36:08 ..S.R 233 596 228,12 K
l84q0i~1.dll Tue 10 Jan 2006 0:13:14 ..S.R 234 501 229,00 K
m0280a~1.dll Tue 10 Jan 2006 14:41:30 ..S.R 237 097 231,54 K
mg64la~1.dll Mon 9 Jan 2006 12:33:08 ..S.R 234 049 228,56 K
msgplu~1.dll Wed 4 Jan 2006 13:26:46 A.... 58 952 57,57 K
mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3 013 632 2,87 M
mshtmled.dll Fri 21 Oct 2005 4:41:04 A.... 448 512 438,00 K
msrating.dll Fri 21 Oct 2005 4:41:04 A.... 146 432 143,00 K
mstime.dll Fri 21 Oct 2005 4:41:04 A.... 530 944 518,50 K
nv4_disp.dll Fri 11 Nov 2005 13:47:00 A.... 3 924 992 3,74 M
nvapi.dll Fri 11 Nov 2005 13:47:00 A.... 86 016 84,00 K
nvcod.dll Fri 11 Nov 2005 13:47:00 A.... 35 328 34,50 K
nvcodins.dll Fri 11 Nov 2005 13:47:00 A.... 35 328 34,50 K
nvcpl.dll Fri 11 Nov 2005 13:47:00 A.... 7 311 360 6,97 M
nvhwvid.dll Fri 11 Nov 2005 13:47:00 A.... 573 440 560,00 K
nview.dll Fri 11 Nov 2005 13:47:00 A.... 1 466 368 1,40 M
nvmccs.dll Fri 11 Nov 2005 13:47:00 A.... 229 376 224,00 K
nvmccsrs.dll Fri 11 Nov 2005 13:47:00 A.... 45 056 44,00 K
nvmctray.dll Fri 11 Nov 2005 13:47:00 A.... 86 016 84,00 K
nvnt4cpl.dll Fri 11 Nov 2005 13:47:00 A.... 286 720 280,00 K
nvoglnt.dll Fri 11 Nov 2005 13:47:00 A.... 5 394 432 5,14 M
nvrsar.dll Fri 11 Nov 2005 13:47:00 A.... 319 488 312,00 K
nvrscs.dll Fri 11 Nov 2005 13:47:00 A.... 241 664 236,00 K
nvrsda.dll Fri 11 Nov 2005 13:47:00 A.... 245 760 240,00 K
nvrsde.dll Fri 11 Nov 2005 13:47:00 A.... 270 336 264,00 K
nvrsel.dll Fri 11 Nov 2005 13:47:00 A.... 274 432 268,00 K
nvrseng.dll Fri 11 Nov 2005 13:47:00 A.... 241 664 236,00 K
nvrses.dll Fri 11 Nov 2005 13:47:00 A.... 274 432 268,00 K
nvrsesm.dll Fri 11 Nov 2005 13:47:00 A.... 266 240 260,00 K
nvrsfi.dll Fri 11 Nov 2005 13:47:00 A.... 241 664 236,00 K
nvrsfr.dll Fri 11 Nov 2005 13:47:00 A.... 278 528 272,00 K
nvrshe.dll Fri 11 Nov 2005 13:47:00 A.... 319 488 312,00 K
nvrshu.dll Fri 11 Nov 2005 13:47:00 A.... 253 952 248,00 K
nvrsit.dll Fri 11 Nov 2005 13:47:00 A.... 274 432 268,00 K
nvrsja.dll Fri 11 Nov 2005 13:47:00 A.... 258 048 252,00 K
nvrsko.dll Fri 11 Nov 2005 13:47:00 A.... 253 952 248,00 K
nvrsnl.dll Fri 11 Nov 2005 13:47:00 A.... 266 240 260,00 K
nvrsno.dll Fri 11 Nov 2005 13:47:00 A.... 249 856 244,00 K
nvrspl.dll Fri 11 Nov 2005 13:47:00 A.... 249 856 244,00 K
nvrspt.dll Fri 11 Nov 2005 13:47:00 A.... 266 240 260,00 K
nvrsptb.dll Fri 11 Nov 2005 13:47:00 A.... 262 144 256,00 K
nvrsru.dll Fri 11 Nov 2005 13:47:00 A.... 262 144 256,00 K
nvrssk.dll Fri 11 Nov 2005 13:47:00 A.... 249 856 244,00 K
nvrssl.dll Fri 11 Nov 2005 13:47:00 A.... 249 856 244,00 K
nvrssv.dll Fri 11 Nov 2005 13:47:00 A.... 245 760 240,00 K
nvrstr.dll Fri 11 Nov 2005 13:47:00 A.... 249 856 244,00 K
nvrszhc.dll Fri 11 Nov 2005 13:47:00 A.... 217 088 212,00 K
nvrszht.dll Fri 11 Nov 2005 13:47:00 A.... 118 784 116,00 K
nvshell.dll Fri 11 Nov 2005 13:47:00 A.... 466 944 456,00 K
nvwddi.dll Fri 11 Nov 2005 13:47:00 A.... 81 920 80,00 K
nvwdmcpl.dll Fri 11 Nov 2005 13:47:00 A.... 1 662 976 1,59 M
nvwimg.dll Fri 11 Nov 2005 13:47:00 A.... 1 019 904 996,00 K
nvwrsar.dll Fri 11 Nov 2005 13:47:00 A.... 282 624 276,00 K
nvwrscs.dll Fri 11 Nov 2005 13:47:00 A.... 286 720 280,00 K
nvwrsda.dll Fri 11 Nov 2005 13:47:00 A.... 294 912 288,00 K
nvwrsde.dll Fri 11 Nov 2005 13:47:00 A.... 311 296 304,00 K
nvwrsel.dll Fri 11 Nov 2005 13:47:00 A.... 335 872 328,00 K
nvwrseng.dll Fri 11 Nov 2005 13:47:00 A.... 286 720 280,00 K
nvwrses.dll Fri 11 Nov 2005 13:47:00 A.... 335 872 328,00 K
nvwrsesm.dll Fri 11 Nov 2005 13:47:00 A.... 327 680 320,00 K
nvwrsfi.dll Fri 11 Nov 2005 13:47:00 A.... 303 104 296,00 K
nvwrsfr.dll Fri 11 Nov 2005 13:47:00 A.... 327 680 320,00 K
nvwrshe.dll Fri 11 Nov 2005 13:47:00 A.... 278 528 272,00 K
nvwrshu.dll Fri 11 Nov 2005 13:47:00 A.... 315 392 308,00 K
nvwrsit.dll Fri 11 Nov 2005 13:47:00 A.... 323 584 316,00 K
nvwrsja.dll Fri 11 Nov 2005 13:47:00 A.... 212 992 208,00 K
nvwrsko.dll Fri 11 Nov 2005 13:47:00 A.... 196 608 192,00 K
nvwrsnl.dll Fri 11 Nov 2005 13:47:00 A.... 319 488 312,00 K
nvwrsno.dll Fri 11 Nov 2005 13:47:00 A.... 299 008 292,00 K
nvwrspl.dll Fri 11 Nov 2005 13:47:00 A.... 294 912 288,00 K
nvwrspt.dll Fri 11 Nov 2005 13:47:00 A.... 323 584 316,00 K
nvwrsptb.dll Fri 11 Nov 2005 13:47:00 A.... 319 488 312,00 K
nvwrsru.dll Fri 11 Nov 2005 13:47:00 A.... 315 392 308,00 K
nvwrssk.dll Fri 11 Nov 2005 13:47:00 A.... 299 008 292,00 K
nvwrssl.dll Fri 11 Nov 2005 13:47:00 A.... 303 104 296,00 K
nvwrssv.dll Fri 11 Nov 2005 13:47:00 A.... 294 912 288,00 K
nvwrstr.dll Fri 11 Nov 2005 13:47:00 A.... 303 104 296,00 K
nvwrszhc.dll Fri 11 Nov 2005 13:47:00 A.... 163 840 160,00 K
nvwrszht.dll Fri 11 Nov 2005 13:47:00 A.... 167 936 164,00 K
pa.dll Mon 9 Jan 2006 17:12:42 ..S.R 236 122 230,59 K
pngfilt.dll Fri 21 Oct 2005 4:41:04 A.... 39 424 38,50 K
sbrwvdrv.dll Tue 10 Jan 2006 0:20:32 ..S.R 233 953 228,47 K
scmpsnap.dll Tue 10 Jan 2006 15:54:40 ..S.R 237 097 231,54 K
shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1 492 992 1,42 M
shlwapi.dll Fri 21 Oct 2005 4:41:04 A.... 474 112 463,00 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K
spmsg.dll Thu 13 Oct 2005 0:15:26 ..... 15 072 14,72 K
urlmon.dll Sat 5 Nov 2005 4:17:26 A.... 606 208 592,00 K
wininet.dll Fri 21 Oct 2005 4:41:06 A.... 662 528 647,00 K
119 items found: 119 files (16 H/S), 0 directories.
Total of file sizes: 57 539 509 bytes 54,87 M
Locate .tmp files:
D:\WINDOWS\SYSTEM32\
guard.tmp Tue 10 Jan 2006 17:10:38 ..S.R 237 097 231,54 K
1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 237 097 bytes 231,54 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur D n'a pas de nom.
Le num‚ro de s‚rie du volume est E4EB-7747
R‚pertoire de D:\WINDOWS\System32
10/01/2006 17:10 237ÿ097 guard.tmp
10/01/2006 15:54 237ÿ097 scmpsnap.dll
10/01/2006 15:54 234ÿ108 en2sl1f71.dll
10/01/2006 15:36 233ÿ596 ktlsl7371.dll
10/01/2006 14:41 237ÿ097 m0280afued280.dll
10/01/2006 12:34 233ÿ659 fp2803fue.dll
10/01/2006 00:20 233ÿ953 sbrwvdrv.dll
10/01/2006 00:20 234ÿ024 dnp0017me.dll
10/01/2006 00:13 234ÿ501 l84q0ih5e84.dll
09/01/2006 21:46 234ÿ016 ktlql7351.dll
09/01/2006 21:43 233ÿ337 k8pm0i71e8.dll
09/01/2006 21:20 237ÿ176 j64olgh3164.dll
09/01/2006 21:15 237ÿ308 g2lm0c31ef.dll
09/01/2006 17:38 237ÿ176 betsprx2.dll
09/01/2006 17:36 236ÿ122 i4lole331h.dll
09/01/2006 17:12 236ÿ122 pa.dll
09/01/2006 12:33 234ÿ049 mG64lajq1doe.dll
09/01/2006 07:25 <REP> dllcache
27/11/2005 23:08 104 B6DA5E3D35.sys
01/01/2000 07:08 <REP> Microsoft
18 fichier(s) 4ÿ000ÿ542 octets
2 R‚p(s) 4ÿ876ÿ615ÿ680 octets libres
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="D:\\WINDOWS\\system32\\m0280afued280.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A3289F36-71FB-CD29-CF44-CE5ABBD2B4E6}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Feuille de propri‚t‚s du fichier multim‚dia"
"{176d6597-26d3-11d1-b350-080036a75b03}"="Gestion de scanneur ICM"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="Page de s‚curit‚ NTFS"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="Page des propri‚t‚s de OLE DocFile"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Carte du Panneau de configuration"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage cran du Panneau de configuration"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Extension Affichage Panorama du Panneau de configuration"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="Page de s‚curit‚ DS"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Page de compatibilit‚"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Gestionnaire de donn‚es endommag‚es de l'environnement"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Extension copie de disquette"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Extensions de l'environnement pour les objets r‚seau de Microsoft Windows"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="Gestion d'‚cran ICM"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="Gestion d'imprimante ICM"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Extensions de l'environnement de compression de fichiers"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Extension de l'environnement d'imprimante Web"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Menu contextuel de cryptage"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Porte-documents"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Extension ic“ne HyperTerminal"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="Profil ICC"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Page de s‚curit‚ des imprimantes"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Extensions de l'environnement pour le partage"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie PKO"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Extension de cryptographie Sign"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Connexions r‚seau"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Connexions r‚seau"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Scanneurs et appareils photo"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Scanneurs et appareils photo"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Scanneurs et appareils photo"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Scanneurs et appareils photo"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Scanneurs et appareils photo"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Extensions de l'interpr‚teur de commandes pour l'environnement d'ex‚cution de scripts Windows"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Liaison de donn‚es Microsoft"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Tƒches planifi‚es"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Barre des tƒches et menu D‚marrer"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Rechercher"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Aide et support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ex‚cuter..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="Courrier ‚lectronique"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Polices"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Outils d'administration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Page de propri‚t‚s des versions pr‚c‚dentes"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Versions pr‚c‚dentes"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Barre d'outils Internet Microsoft"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="tat du t‚l‚chargement"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Dossier Bureau ‚tendu"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Dossier du shell augment‚"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Bande du navigateur Microsoft"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Bande de recherche"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Volet int‚gr‚ de recherche"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Recherche Web"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Utilitaire des options de l'arborescence du Registre"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="BoŒte d'entr‚e de l'adresse"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Saisie semi-automatique Microsoft"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="Liste de saisie semi-automatique MRU"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Liste de saisie semi-automatique personnalis‚e MRU"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Barre de progrŠs auto-ouvrante"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Liste de saisie semi-automatique de l'historique Microsoft"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Liste de saisie semi-automatique du dossier Shell Microsoft"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Conteneur de la liste de saisie semi-automatique multiple Microsoft"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Menu Site de bandes"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Barre du Bureau"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Assistance utilisateur"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="ParamŠtres du dossier global"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Historique"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="Image de d‚marrage de la Suite IE4"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="Dossier ActiveX Cache"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Dossier Inscription"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Gestionnaire d'applications d'environnement"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="num‚rateur d'applications install‚es"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Publication d'application Darwin"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="Extracteur de miniatures de fichier + GDI"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Gestionnaire de miniatures - Informations de r‚sum‚ (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="Extracteur de miniatures HTML"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Assistant Publication de sites Web"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Commande d'impressions via le Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Objet Assistant de publication Shell"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Assistant Obtenir une identit‚ Passport"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Comptes d'utilisateurs"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Fichier de chaŒne"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Raccourci de chaŒne"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Dossier Fichiers hors connexion"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="Des &personnes..."
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"="BitDefender Antivirus v8"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{828F0ABB-9383-486D-941D-15CEA306BF42}"=""
"{E024D033-06A9-4A70-BD31-63E0CC5F7433}"=""
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{52E11716-0508-4F6D-A58B-AE4063310C28}"=""
"{10B095B3-40DC-4871-BF32-C65DA9D8C5E4}"=""
"{B0A6CCBB-4F23-4F7F-B861-250A9D0ED0FF}"=""
"{53073EA4-530A-4546-90D8-BC2BB36BD7CB}"=""
"{5E3667E3-C83B-4E66-B873-4495798E0535}"=""
"{A780921D-EF5A-4460-8B86-E88B355CC58F}"=""
"{0BB09FC1-2ED4-47AB-B4C0-8B7522813C76}"=""
"{2AFE3A35-6863-4E58-AC14-1E2D1FEDF039}"=""
"{F580F2DB-ADA3-4A2F-BC3D-9166396711E7}"=""
"{F79C14B5-8105-4260-83AC-067BBEAD66C4}"=""
"{5A34B713-D70B-473E-B965-A460FAAE7058}"=""
"{4342BB92-53DB-4B96-8F2F-8184CDAB5CB2}"=""
"{46005929-3042-4E5E-A69A-D933E00B91CC}"=""
"{99BC039B-FCB1-4565-8819-98D93EABB9FE}"=""
"{F6CB7F88-68A7-49AE-80D0-B1D06E4066B3}"=""
"{A45061CA-A03A-42D6-A385-99B6B7D79E94}"=""
"{BCE819DE-2B00-4AA6-9D1F-2C3856760111}"=""
"{E51B6680-2122-44F6-BD11-95797BF1A404}"=""
"{24BFC62B-168A-44AA-B619-65A96D75F3AF}"=""
"{333EC17B-3C5F-41BD-B00F-F9181A1AD148}"=""
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aý Context Menu Shell Extension"
"{65DDDD38-8B14-454B-9FC9-846BCD42CB42}"=""
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}\InprocServer32]
@="D:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}\InprocServer32]
@="D:\\WINDOWS\\system32\\scmpsnap.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
D:\WINDOWS\SYSTEM32\
betsprx2.dll Mon 9 Jan 2006 17:38:04 ..S.R 237 176 231,62 K
browseui.dll Thu 24 Nov 2005 1:08:34 A.... 1 022 976 999,00 K
cdfview.dll Fri 21 Oct 2005 4:41:00 A.... 152 064 148,50 K
danim.dll Sat 5 Nov 2005 4:17:22 A.... 1 056 768 1,01 M
divx.dll Wed 7 Dec 2005 18:05:52 A.... 573 952 560,50 K
divx_x~1.dll Wed 7 Dec 2005 18:05:50 A.... 679 936 664,00 K
divx_x~2.dll Wed 7 Dec 2005 18:05:50 A.... 679 936 664,00 K
divx_x~3.dll Wed 7 Dec 2005 18:05:50 A.... 663 552 648,00 K
dnp001~1.dll Tue 10 Jan 2006 0:20:32 ..S.R 234 024 228,54 K
dpl100.dll Thu 27 Oct 2005 20:37:46 A.... 86 016 84,00 K
dpu10.dll Thu 27 Oct 2005 20:37:44 A.... 294 912 288,00 K
dpu11.dll Thu 27 Oct 2005 20:37:44 A.... 294 912 288,00 K
dpugui10.dll Thu 27 Oct 2005 20:37:48 A.... 53 248 52,00 K
dpugui11.dll Thu 27 Oct 2005 20:37:46 A.... 593 920 580,00 K
dpus11.dll Thu 27 Oct 2005 20:37:44 A.... 339 968 332,00 K
dpv11.dll Thu 27 Oct 2005 20:37:44 A.... 57 344 56,00 K
dtu100.dll Thu 27 Oct 2005 20:37:44 A.... 200 704 196,00 K
dxtrans.dll Fri 21 Oct 2005 4:41:00 A.... 205 312 200,50 K
en2sl1~1.dll Tue 10 Jan 2006 15:54:40 ..S.R 234 108 228,62 K
esent.dll Thu 20 Oct 2005 23:25:54 A.... 1 097 728 1,05 M
extmgr.dll Fri 21 Oct 2005 4:41:00 A.... 55 808 54,50 K
fp2803~1.dll Tue 10 Jan 2006 12:34:08 ..S.R 233 659 228,18 K
g2lm0c~1.dll Mon 9 Jan 2006 21:15:56 ..S.R 237 308 231,75 K
gdi32.dll Thu 29 Dec 2005 3:56:04 A.... 280 064 273,50 K
i4lole~1.dll Mon 9 Jan 2006 17:36:42 ..S.R 236 122 230,59 K
iepeers.dll Fri 21 Oct 2005 4:41:00 A.... 251 392 245,50 K
inseng.dll Fri 21 Oct 2005 4:41:00 A.... 96 768 94,50 K
j64olg~1.dll Mon 9 Jan 2006 21:20:58 ..S.R 237 176 231,62 K
k8pm0i~1.dll Mon 9 Jan 2006 21:43:22 ..S.R 233 337 227,87 K
ktlql7~1.dll Mon 9 Jan 2006 21:46:46 ..S.R 234 016 228,53 K
ktlsl7~1.dll Tue 10 Jan 2006 15:36:08 ..S.R 233 596 228,12 K
l84q0i~1.dll Tue 10 Jan 2006 0:13:14 ..S.R 234 501 229,00 K
m0280a~1.dll Tue 10 Jan 2006 14:41:30 ..S.R 237 097 231,54 K
mg64la~1.dll Mon 9 Jan 2006 12:33:08 ..S.R 234 049 228,56 K
msgplu~1.dll Wed 4 Jan 2006 13:26:46 A.... 58 952 57,57 K
mshtml.dll Thu 24 Nov 2005 1:08:36 A.... 3 013 632 2,87 M
mshtmled.dll Fri 21 Oct 2005 4:41:04 A.... 448 512 438,00 K
msrating.dll Fri 21 Oct 2005 4:41:04 A.... 146 432 143,00 K
mstime.dll Fri 21 Oct 2005 4:41:04 A.... 530 944 518,50 K
nv4_disp.dll Fri 11 Nov 2005 13:47:00 A.... 3 924 992 3,74 M
nvapi.dll Fri 11 Nov 2005 13:47:00 A.... 86 016 84,00 K
nvcod.dll Fri 11 Nov 2005 13:47:00 A.... 35 328 34,50 K
nvcodins.dll Fri 11 Nov 2005 13:47:00 A.... 35 328 34,50 K
nvcpl.dll Fri 11 Nov 2005 13:47:00 A.... 7 311 360 6,97 M
nvhwvid.dll Fri 11 Nov 2005 13:47:00 A.... 573 440 560,00 K
nview.dll Fri 11 Nov 2005 13:47:00 A.... 1 466 368 1,40 M
nvmccs.dll Fri 11 Nov 2005 13:47:00 A.... 229 376 224,00 K
nvmccsrs.dll Fri 11 Nov 2005 13:47:00 A.... 45 056 44,00 K
nvmctray.dll Fri 11 Nov 2005 13:47:00 A.... 86 016 84,00 K
nvnt4cpl.dll Fri 11 Nov 2005 13:47:00 A.... 286 720 280,00 K
nvoglnt.dll Fri 11 Nov 2005 13:47:00 A.... 5 394 432 5,14 M
nvrsar.dll Fri 11 Nov 2005 13:47:00 A.... 319 488 312,00 K
nvrscs.dll Fri 11 Nov 2005 13:47:00 A.... 241 664 236,00 K
nvrsda.dll Fri 11 Nov 2005 13:47:00 A.... 245 760 240,00 K
nvrsde.dll Fri 11 Nov 2005 13:47:00 A.... 270 336 264,00 K
nvrsel.dll Fri 11 Nov 2005 13:47:00 A.... 274 432 268,00 K
nvrseng.dll Fri 11 Nov 2005 13:47:00 A.... 241 664 236,00 K
nvrses.dll Fri 11 Nov 2005 13:47:00 A.... 274 432 268,00 K
nvrsesm.dll Fri 11 Nov 2005 13:47:00 A.... 266 240 260,00 K
nvrsfi.dll Fri 11 Nov 2005 13:47:00 A.... 241 664 236,00 K
nvrsfr.dll Fri 11 Nov 2005 13:47:00 A.... 278 528 272,00 K
nvrshe.dll Fri 11 Nov 2005 13:47:00 A.... 319 488 312,00 K
nvrshu.dll Fri 11 Nov 2005 13:47:00 A.... 253 952 248,00 K
nvrsit.dll Fri 11 Nov 2005 13:47:00 A.... 274 432 268,00 K
nvrsja.dll Fri 11 Nov 2005 13:47:00 A.... 258 048 252,00 K
nvrsko.dll Fri 11 Nov 2005 13:47:00 A.... 253 952 248,00 K
nvrsnl.dll Fri 11 Nov 2005 13:47:00 A.... 266 240 260,00 K
nvrsno.dll Fri 11 Nov 2005 13:47:00 A.... 249 856 244,00 K
nvrspl.dll Fri 11 Nov 2005 13:47:00 A.... 249 856 244,00 K
nvrspt.dll Fri 11 Nov 2005 13:47:00 A.... 266 240 260,00 K
nvrsptb.dll Fri 11 Nov 2005 13:47:00 A.... 262 144 256,00 K
nvrsru.dll Fri 11 Nov 2005 13:47:00 A.... 262 144 256,00 K
nvrssk.dll Fri 11 Nov 2005 13:47:00 A.... 249 856 244,00 K
nvrssl.dll Fri 11 Nov 2005 13:47:00 A.... 249 856 244,00 K
nvrssv.dll Fri 11 Nov 2005 13:47:00 A.... 245 760 240,00 K
nvrstr.dll Fri 11 Nov 2005 13:47:00 A.... 249 856 244,00 K
nvrszhc.dll Fri 11 Nov 2005 13:47:00 A.... 217 088 212,00 K
nvrszht.dll Fri 11 Nov 2005 13:47:00 A.... 118 784 116,00 K
nvshell.dll Fri 11 Nov 2005 13:47:00 A.... 466 944 456,00 K
nvwddi.dll Fri 11 Nov 2005 13:47:00 A.... 81 920 80,00 K
nvwdmcpl.dll Fri 11 Nov 2005 13:47:00 A.... 1 662 976 1,59 M
nvwimg.dll Fri 11 Nov 2005 13:47:00 A.... 1 019 904 996,00 K
nvwrsar.dll Fri 11 Nov 2005 13:47:00 A.... 282 624 276,00 K
nvwrscs.dll Fri 11 Nov 2005 13:47:00 A.... 286 720 280,00 K
nvwrsda.dll Fri 11 Nov 2005 13:47:00 A.... 294 912 288,00 K
nvwrsde.dll Fri 11 Nov 2005 13:47:00 A.... 311 296 304,00 K
nvwrsel.dll Fri 11 Nov 2005 13:47:00 A.... 335 872 328,00 K
nvwrseng.dll Fri 11 Nov 2005 13:47:00 A.... 286 720 280,00 K
nvwrses.dll Fri 11 Nov 2005 13:47:00 A.... 335 872 328,00 K
nvwrsesm.dll Fri 11 Nov 2005 13:47:00 A.... 327 680 320,00 K
nvwrsfi.dll Fri 11 Nov 2005 13:47:00 A.... 303 104 296,00 K
nvwrsfr.dll Fri 11 Nov 2005 13:47:00 A.... 327 680 320,00 K
nvwrshe.dll Fri 11 Nov 2005 13:47:00 A.... 278 528 272,00 K
nvwrshu.dll Fri 11 Nov 2005 13:47:00 A.... 315 392 308,00 K
nvwrsit.dll Fri 11 Nov 2005 13:47:00 A.... 323 584 316,00 K
nvwrsja.dll Fri 11 Nov 2005 13:47:00 A.... 212 992 208,00 K
nvwrsko.dll Fri 11 Nov 2005 13:47:00 A.... 196 608 192,00 K
nvwrsnl.dll Fri 11 Nov 2005 13:47:00 A.... 319 488 312,00 K
nvwrsno.dll Fri 11 Nov 2005 13:47:00 A.... 299 008 292,00 K
nvwrspl.dll Fri 11 Nov 2005 13:47:00 A.... 294 912 288,00 K
nvwrspt.dll Fri 11 Nov 2005 13:47:00 A.... 323 584 316,00 K
nvwrsptb.dll Fri 11 Nov 2005 13:47:00 A.... 319 488 312,00 K
nvwrsru.dll Fri 11 Nov 2005 13:47:00 A.... 315 392 308,00 K
nvwrssk.dll Fri 11 Nov 2005 13:47:00 A.... 299 008 292,00 K
nvwrssl.dll Fri 11 Nov 2005 13:47:00 A.... 303 104 296,00 K
nvwrssv.dll Fri 11 Nov 2005 13:47:00 A.... 294 912 288,00 K
nvwrstr.dll Fri 11 Nov 2005 13:47:00 A.... 303 104 296,00 K
nvwrszhc.dll Fri 11 Nov 2005 13:47:00 A.... 163 840 160,00 K
nvwrszht.dll Fri 11 Nov 2005 13:47:00 A.... 167 936 164,00 K
pa.dll Mon 9 Jan 2006 17:12:42 ..S.R 236 122 230,59 K
pngfilt.dll Fri 21 Oct 2005 4:41:04 A.... 39 424 38,50 K
sbrwvdrv.dll Tue 10 Jan 2006 0:20:32 ..S.R 233 953 228,47 K
scmpsnap.dll Tue 10 Jan 2006 15:54:40 ..S.R 237 097 231,54 K
shdocvw.dll Thu 1 Dec 2005 5:01:16 A.... 1 492 992 1,42 M
shlwapi.dll Fri 21 Oct 2005 4:41:04 A.... 474 112 463,00 K
sirenacm.dll Thu 13 Oct 2005 0:11:06 A.... 118 784 116,00 K
spmsg.dll Thu 13 Oct 2005 0:15:26 ..... 15 072 14,72 K
urlmon.dll Sat 5 Nov 2005 4:17:26 A.... 606 208 592,00 K
wininet.dll Fri 21 Oct 2005 4:41:06 A.... 662 528 647,00 K
119 items found: 119 files (16 H/S), 0 directories.
Total of file sizes: 57 539 509 bytes 54,87 M
Locate .tmp files:
D:\WINDOWS\SYSTEM32\
guard.tmp Tue 10 Jan 2006 17:10:38 ..S.R 237 097 231,54 K
1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 237 097 bytes 231,54 K
**********************************************************************************
Directory Listing of system files:
Le volume dans le lecteur D n'a pas de nom.
Le num‚ro de s‚rie du volume est E4EB-7747
R‚pertoire de D:\WINDOWS\System32
10/01/2006 17:10 237ÿ097 guard.tmp
10/01/2006 15:54 237ÿ097 scmpsnap.dll
10/01/2006 15:54 234ÿ108 en2sl1f71.dll
10/01/2006 15:36 233ÿ596 ktlsl7371.dll
10/01/2006 14:41 237ÿ097 m0280afued280.dll
10/01/2006 12:34 233ÿ659 fp2803fue.dll
10/01/2006 00:20 233ÿ953 sbrwvdrv.dll
10/01/2006 00:20 234ÿ024 dnp0017me.dll
10/01/2006 00:13 234ÿ501 l84q0ih5e84.dll
09/01/2006 21:46 234ÿ016 ktlql7351.dll
09/01/2006 21:43 233ÿ337 k8pm0i71e8.dll
09/01/2006 21:20 237ÿ176 j64olgh3164.dll
09/01/2006 21:15 237ÿ308 g2lm0c31ef.dll
09/01/2006 17:38 237ÿ176 betsprx2.dll
09/01/2006 17:36 236ÿ122 i4lole331h.dll
09/01/2006 17:12 236ÿ122 pa.dll
09/01/2006 12:33 234ÿ049 mG64lajq1doe.dll
09/01/2006 07:25 <REP> dllcache
27/11/2005 23:08 104 B6DA5E3D35.sys
01/01/2000 07:08 <REP> Microsoft
18 fichier(s) 4ÿ000ÿ542 octets
2 R‚p(s) 4ÿ876ÿ615ÿ680 octets libres
re: g fait loption 2 voila le log au demarrage jespere ke ca te dit quelque chose car moi wow!!!
L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
D:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 452 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 680 'winlogon.exe'
Killing PID 680 'winlogon.exe'
Killing PID 680 'winlogon.exe'
Killing PID 680 'winlogon.exe'
Killing PID 680 'winlogon.exe'
Killing PID 680 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 2340 'explorer.exe'
Killing PID 2340 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1480 'rundll32.exe'
Killing PID 2868 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: D:\WINDOWS\system32\betsprx2.dll
Successfully Deleted: D:\WINDOWS\system32\betsprx2.dll
Deleting: D:\WINDOWS\system32\dnp0017me.dll
Successfully Deleted: D:\WINDOWS\system32\dnp0017me.dll
Deleting: D:\WINDOWS\system32\en2sl1f71.dll
Successfully Deleted: D:\WINDOWS\system32\en2sl1f71.dll
Deleting: D:\WINDOWS\system32\fp2803fue.dll
Successfully Deleted: D:\WINDOWS\system32\fp2803fue.dll
Deleting: D:\WINDOWS\system32\g2lm0c31ef.dll
Successfully Deleted: D:\WINDOWS\system32\g2lm0c31ef.dll
Deleting: D:\WINDOWS\system32\i4lole331h.dll
Successfully Deleted: D:\WINDOWS\system32\i4lole331h.dll
Deleting: D:\WINDOWS\system32\j64olgh3164.dll
Successfully Deleted: D:\WINDOWS\system32\j64olgh3164.dll
Deleting: D:\WINDOWS\system32\k8pm0i71e8.dll
Successfully Deleted: D:\WINDOWS\system32\k8pm0i71e8.dll
Deleting: D:\WINDOWS\system32\ktlql7351.dll
Successfully Deleted: D:\WINDOWS\system32\ktlql7351.dll
Deleting: D:\WINDOWS\system32\ktlsl7371.dll
Successfully Deleted: D:\WINDOWS\system32\ktlsl7371.dll
Deleting: D:\WINDOWS\system32\l84q0ih5e84.dll
Successfully Deleted: D:\WINDOWS\system32\l84q0ih5e84.dll
Deleting: D:\WINDOWS\system32\m0280afued280.dll
Successfully Deleted: D:\WINDOWS\system32\m0280afued280.dll
Deleting: D:\WINDOWS\system32\mG64lajq1doe.dll
Successfully Deleted: D:\WINDOWS\system32\mG64lajq1doe.dll
Deleting: D:\WINDOWS\system32\pa.dll
Successfully Deleted: D:\WINDOWS\system32\pa.dll
Deleting: D:\WINDOWS\system32\sbrwvdrv.dll
Successfully Deleted: D:\WINDOWS\system32\sbrwvdrv.dll
Deleting: D:\WINDOWS\system32\scmpsnap.dll
Successfully Deleted: D:\WINDOWS\system32\scmpsnap.dll
Deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp
msg11?.dll
0 fichier(s) copi‚(s).
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="D:\\WINDOWS\\system32\\m0280afued280.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
D:\WINDOWS\system32\betsprx2.dll
D:\WINDOWS\system32\dnp0017me.dll
D:\WINDOWS\system32\en2sl1f71.dll
D:\WINDOWS\system32\fp2803fue.dll
D:\WINDOWS\system32\g2lm0c31ef.dll
D:\WINDOWS\system32\i4lole331h.dll
D:\WINDOWS\system32\j64olgh3164.dll
D:\WINDOWS\system32\k8pm0i71e8.dll
D:\WINDOWS\system32\ktlql7351.dll
D:\WINDOWS\system32\ktlsl7371.dll
D:\WINDOWS\system32\l84q0ih5e84.dll
D:\WINDOWS\system32\m0280afued280.dll
D:\WINDOWS\system32\mG64lajq1doe.dll
D:\WINDOWS\system32\pa.dll
D:\WINDOWS\system32\sbrwvdrv.dll
D:\WINDOWS\system32\scmpsnap.dll
D:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}\InprocServer32]
@="D:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}\InprocServer32]
@="D:\\WINDOWS\\system32\\scmpsnap.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{828F0ABB-9383-486D-941D-15CEA306BF42}"=-
"{E024D033-06A9-4A70-BD31-63E0CC5F7433}"=-
"{52E11716-0508-4F6D-A58B-AE4063310C28}"=-
"{10B095B3-40DC-4871-BF32-C65DA9D8C5E4}"=-
"{B0A6CCBB-4F23-4F7F-B861-250A9D0ED0FF}"=-
"{53073EA4-530A-4546-90D8-BC2BB36BD7CB}"=-
"{5E3667E3-C83B-4E66-B873-4495798E0535}"=-
"{A780921D-EF5A-4460-8B86-E88B355CC58F}"=-
"{0BB09FC1-2ED4-47AB-B4C0-8B7522813C76}"=-
"{2AFE3A35-6863-4E58-AC14-1E2D1FEDF039}"=-
"{F580F2DB-ADA3-4A2F-BC3D-9166396711E7}"=-
"{F79C14B5-8105-4260-83AC-067BBEAD66C4}"=-
"{5A34B713-D70B-473E-B965-A460FAAE7058}"=-
"{4342BB92-53DB-4B96-8F2F-8184CDAB5CB2}"=-
"{46005929-3042-4E5E-A69A-D933E00B91CC}"=-
"{99BC039B-FCB1-4565-8819-98D93EABB9FE}"=-
"{F6CB7F88-68A7-49AE-80D0-B1D06E4066B3}"=-
"{A45061CA-A03A-42D6-A385-99B6B7D79E94}"=-
"{BCE819DE-2B00-4AA6-9D1F-2C3856760111}"=-
"{E51B6680-2122-44F6-BD11-95797BF1A404}"=-
"{24BFC62B-168A-44AA-B619-65A96D75F3AF}"=-
"{333EC17B-3C5F-41BD-B00F-F9181A1AD148}"=-
"{65DDDD38-8B14-454B-9FC9-846BCD42CB42}"=-
"{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}"=-
[-HKEY_CLASSES_ROOT\CLSID\{828F0ABB-9383-486D-941D-15CEA306BF42}]
[-HKEY_CLASSES_ROOT\CLSID\{E024D033-06A9-4A70-BD31-63E0CC5F7433}]
[-HKEY_CLASSES_ROOT\CLSID\{52E11716-0508-4F6D-A58B-AE4063310C28}]
[-HKEY_CLASSES_ROOT\CLSID\{10B095B3-40DC-4871-BF32-C65DA9D8C5E4}]
[-HKEY_CLASSES_ROOT\CLSID\{B0A6CCBB-4F23-4F7F-B861-250A9D0ED0FF}]
[-HKEY_CLASSES_ROOT\CLSID\{53073EA4-530A-4546-90D8-BC2BB36BD7CB}]
[-HKEY_CLASSES_ROOT\CLSID\{5E3667E3-C83B-4E66-B873-4495798E0535}]
[-HKEY_CLASSES_ROOT\CLSID\{A780921D-EF5A-4460-8B86-E88B355CC58F}]
[-HKEY_CLASSES_ROOT\CLSID\{0BB09FC1-2ED4-47AB-B4C0-8B7522813C76}]
[-HKEY_CLASSES_ROOT\CLSID\{2AFE3A35-6863-4E58-AC14-1E2D1FEDF039}]
[-HKEY_CLASSES_ROOT\CLSID\{F580F2DB-ADA3-4A2F-BC3D-9166396711E7}]
[-HKEY_CLASSES_ROOT\CLSID\{F79C14B5-8105-4260-83AC-067BBEAD66C4}]
[-HKEY_CLASSES_ROOT\CLSID\{5A34B713-D70B-473E-B965-A460FAAE7058}]
[-HKEY_CLASSES_ROOT\CLSID\{4342BB92-53DB-4B96-8F2F-8184CDAB5CB2}]
[-HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}]
[-HKEY_CLASSES_ROOT\CLSID\{99BC039B-FCB1-4565-8819-98D93EABB9FE}]
[-HKEY_CLASSES_ROOT\CLSID\{F6CB7F88-68A7-49AE-80D0-B1D06E4066B3}]
[-HKEY_CLASSES_ROOT\CLSID\{A45061CA-A03A-42D6-A385-99B6B7D79E94}]
[-HKEY_CLASSES_ROOT\CLSID\{BCE819DE-2B00-4AA6-9D1F-2C3856760111}]
[-HKEY_CLASSES_ROOT\CLSID\{E51B6680-2122-44F6-BD11-95797BF1A404}]
[-HKEY_CLASSES_ROOT\CLSID\{24BFC62B-168A-44AA-B619-65A96D75F3AF}]
[-HKEY_CLASSES_ROOT\CLSID\{333EC17B-3C5F-41BD-B00F-F9181A1AD148}]
[-HKEY_CLASSES_ROOT\CLSID\{65DDDD38-8B14-454B-9FC9-846BCD42CB42}]
[-HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/betsprx2.dll (164 bytes security) (deflated 6%)
adding: dlls/dnp0017me.dll (164 bytes security) (deflated 5%)
adding: dlls/en2sl1f71.dll (164 bytes security) (deflated 5%)
adding: dlls/fp2803fue.dll (164 bytes security) (deflated 4%)
adding: dlls/g2lm0c31ef.dll (164 bytes security) (deflated 6%)
adding: dlls/guard.tmp (164 bytes security) (deflated 6%)
adding: dlls/i4lole331h.dll (164 bytes security) (deflated 5%)
adding: dlls/j64olgh3164.dll (164 bytes security) (deflated 6%)
adding: dlls/k8pm0i71e8.dll (164 bytes security) (deflated 4%)
adding: dlls/ktlql7351.dll (164 bytes security) (deflated 5%)
adding: dlls/ktlsl7371.dll (164 bytes security) (deflated 4%)
adding: dlls/l84q0ih5e84.dll (164 bytes security) (deflated 5%)
adding: dlls/m0280afued280.dll (164 bytes security) (deflated 6%)
adding: dlls/mG64lajq1doe.dll (164 bytes security) (deflated 5%)
adding: dlls/pa.dll (164 bytes security) (deflated 5%)
adding: dlls/sbrwvdrv.dll (164 bytes security) (deflated 4%)
adding: dlls/scmpsnap.dll (164 bytes security) (deflated 6%)
adding: backregs/1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9.reg (212 bytes security) (deflated 70%)
adding: backregs/46005929-3042-4E5E-A69A-D933E00B91CC.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 72%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
L2mfix 010406
Creating Account.
La commande s'est termin‚e correctement.
Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Running From:
D:\WINDOWS\system32
Killing Processes!
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 452 'smss.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 680 'winlogon.exe'
Killing PID 680 'winlogon.exe'
Killing PID 680 'winlogon.exe'
Killing PID 680 'winlogon.exe'
Killing PID 680 'winlogon.exe'
Killing PID 680 'winlogon.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 2340 'explorer.exe'
Killing PID 2340 'explorer.exe'
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1480 'rundll32.exe'
Killing PID 2868 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrateurs ... successful
Scanning First Pass. Please Wait!
First Pass Completed
Second Pass Scanning
Second pass Completed!
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
1 fichier(s) copi‚(s).
Deleting: D:\WINDOWS\system32\betsprx2.dll
Successfully Deleted: D:\WINDOWS\system32\betsprx2.dll
Deleting: D:\WINDOWS\system32\dnp0017me.dll
Successfully Deleted: D:\WINDOWS\system32\dnp0017me.dll
Deleting: D:\WINDOWS\system32\en2sl1f71.dll
Successfully Deleted: D:\WINDOWS\system32\en2sl1f71.dll
Deleting: D:\WINDOWS\system32\fp2803fue.dll
Successfully Deleted: D:\WINDOWS\system32\fp2803fue.dll
Deleting: D:\WINDOWS\system32\g2lm0c31ef.dll
Successfully Deleted: D:\WINDOWS\system32\g2lm0c31ef.dll
Deleting: D:\WINDOWS\system32\i4lole331h.dll
Successfully Deleted: D:\WINDOWS\system32\i4lole331h.dll
Deleting: D:\WINDOWS\system32\j64olgh3164.dll
Successfully Deleted: D:\WINDOWS\system32\j64olgh3164.dll
Deleting: D:\WINDOWS\system32\k8pm0i71e8.dll
Successfully Deleted: D:\WINDOWS\system32\k8pm0i71e8.dll
Deleting: D:\WINDOWS\system32\ktlql7351.dll
Successfully Deleted: D:\WINDOWS\system32\ktlql7351.dll
Deleting: D:\WINDOWS\system32\ktlsl7371.dll
Successfully Deleted: D:\WINDOWS\system32\ktlsl7371.dll
Deleting: D:\WINDOWS\system32\l84q0ih5e84.dll
Successfully Deleted: D:\WINDOWS\system32\l84q0ih5e84.dll
Deleting: D:\WINDOWS\system32\m0280afued280.dll
Successfully Deleted: D:\WINDOWS\system32\m0280afued280.dll
Deleting: D:\WINDOWS\system32\mG64lajq1doe.dll
Successfully Deleted: D:\WINDOWS\system32\mG64lajq1doe.dll
Deleting: D:\WINDOWS\system32\pa.dll
Successfully Deleted: D:\WINDOWS\system32\pa.dll
Deleting: D:\WINDOWS\system32\sbrwvdrv.dll
Successfully Deleted: D:\WINDOWS\system32\sbrwvdrv.dll
Deleting: D:\WINDOWS\system32\scmpsnap.dll
Successfully Deleted: D:\WINDOWS\system32\scmpsnap.dll
Deleting: D:\WINDOWS\system32\guard.tmp
Successfully Deleted: D:\WINDOWS\system32\guard.tmp
msg11?.dll
0 fichier(s) copi‚(s).
Restoring Windows Update Certificates.:
The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WebCheck]
"Asynchronous"=dword:00000000
"DllName"="D:\\WINDOWS\\system32\\m0280afued280.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
The following are the files found:
****************************************************************************
D:\WINDOWS\system32\betsprx2.dll
D:\WINDOWS\system32\dnp0017me.dll
D:\WINDOWS\system32\en2sl1f71.dll
D:\WINDOWS\system32\fp2803fue.dll
D:\WINDOWS\system32\g2lm0c31ef.dll
D:\WINDOWS\system32\i4lole331h.dll
D:\WINDOWS\system32\j64olgh3164.dll
D:\WINDOWS\system32\k8pm0i71e8.dll
D:\WINDOWS\system32\ktlql7351.dll
D:\WINDOWS\system32\ktlsl7371.dll
D:\WINDOWS\system32\l84q0ih5e84.dll
D:\WINDOWS\system32\m0280afued280.dll
D:\WINDOWS\system32\mG64lajq1doe.dll
D:\WINDOWS\system32\pa.dll
D:\WINDOWS\system32\sbrwvdrv.dll
D:\WINDOWS\system32\scmpsnap.dll
D:\WINDOWS\system32\guard.tmp
Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}\InprocServer32]
@="D:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}\InprocServer32]
@="D:\\WINDOWS\\system32\\scmpsnap.dll"
"ThreadingModel"="Apartment"
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{828F0ABB-9383-486D-941D-15CEA306BF42}"=-
"{E024D033-06A9-4A70-BD31-63E0CC5F7433}"=-
"{52E11716-0508-4F6D-A58B-AE4063310C28}"=-
"{10B095B3-40DC-4871-BF32-C65DA9D8C5E4}"=-
"{B0A6CCBB-4F23-4F7F-B861-250A9D0ED0FF}"=-
"{53073EA4-530A-4546-90D8-BC2BB36BD7CB}"=-
"{5E3667E3-C83B-4E66-B873-4495798E0535}"=-
"{A780921D-EF5A-4460-8B86-E88B355CC58F}"=-
"{0BB09FC1-2ED4-47AB-B4C0-8B7522813C76}"=-
"{2AFE3A35-6863-4E58-AC14-1E2D1FEDF039}"=-
"{F580F2DB-ADA3-4A2F-BC3D-9166396711E7}"=-
"{F79C14B5-8105-4260-83AC-067BBEAD66C4}"=-
"{5A34B713-D70B-473E-B965-A460FAAE7058}"=-
"{4342BB92-53DB-4B96-8F2F-8184CDAB5CB2}"=-
"{46005929-3042-4E5E-A69A-D933E00B91CC}"=-
"{99BC039B-FCB1-4565-8819-98D93EABB9FE}"=-
"{F6CB7F88-68A7-49AE-80D0-B1D06E4066B3}"=-
"{A45061CA-A03A-42D6-A385-99B6B7D79E94}"=-
"{BCE819DE-2B00-4AA6-9D1F-2C3856760111}"=-
"{E51B6680-2122-44F6-BD11-95797BF1A404}"=-
"{24BFC62B-168A-44AA-B619-65A96D75F3AF}"=-
"{333EC17B-3C5F-41BD-B00F-F9181A1AD148}"=-
"{65DDDD38-8B14-454B-9FC9-846BCD42CB42}"=-
"{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}"=-
[-HKEY_CLASSES_ROOT\CLSID\{828F0ABB-9383-486D-941D-15CEA306BF42}]
[-HKEY_CLASSES_ROOT\CLSID\{E024D033-06A9-4A70-BD31-63E0CC5F7433}]
[-HKEY_CLASSES_ROOT\CLSID\{52E11716-0508-4F6D-A58B-AE4063310C28}]
[-HKEY_CLASSES_ROOT\CLSID\{10B095B3-40DC-4871-BF32-C65DA9D8C5E4}]
[-HKEY_CLASSES_ROOT\CLSID\{B0A6CCBB-4F23-4F7F-B861-250A9D0ED0FF}]
[-HKEY_CLASSES_ROOT\CLSID\{53073EA4-530A-4546-90D8-BC2BB36BD7CB}]
[-HKEY_CLASSES_ROOT\CLSID\{5E3667E3-C83B-4E66-B873-4495798E0535}]
[-HKEY_CLASSES_ROOT\CLSID\{A780921D-EF5A-4460-8B86-E88B355CC58F}]
[-HKEY_CLASSES_ROOT\CLSID\{0BB09FC1-2ED4-47AB-B4C0-8B7522813C76}]
[-HKEY_CLASSES_ROOT\CLSID\{2AFE3A35-6863-4E58-AC14-1E2D1FEDF039}]
[-HKEY_CLASSES_ROOT\CLSID\{F580F2DB-ADA3-4A2F-BC3D-9166396711E7}]
[-HKEY_CLASSES_ROOT\CLSID\{F79C14B5-8105-4260-83AC-067BBEAD66C4}]
[-HKEY_CLASSES_ROOT\CLSID\{5A34B713-D70B-473E-B965-A460FAAE7058}]
[-HKEY_CLASSES_ROOT\CLSID\{4342BB92-53DB-4B96-8F2F-8184CDAB5CB2}]
[-HKEY_CLASSES_ROOT\CLSID\{46005929-3042-4E5E-A69A-D933E00B91CC}]
[-HKEY_CLASSES_ROOT\CLSID\{99BC039B-FCB1-4565-8819-98D93EABB9FE}]
[-HKEY_CLASSES_ROOT\CLSID\{F6CB7F88-68A7-49AE-80D0-B1D06E4066B3}]
[-HKEY_CLASSES_ROOT\CLSID\{A45061CA-A03A-42D6-A385-99B6B7D79E94}]
[-HKEY_CLASSES_ROOT\CLSID\{BCE819DE-2B00-4AA6-9D1F-2C3856760111}]
[-HKEY_CLASSES_ROOT\CLSID\{E51B6680-2122-44F6-BD11-95797BF1A404}]
[-HKEY_CLASSES_ROOT\CLSID\{24BFC62B-168A-44AA-B619-65A96D75F3AF}]
[-HKEY_CLASSES_ROOT\CLSID\{333EC17B-3C5F-41BD-B00F-F9181A1AD148}]
[-HKEY_CLASSES_ROOT\CLSID\{65DDDD38-8B14-454B-9FC9-846BCD42CB42}]
[-HKEY_CLASSES_ROOT\CLSID\{1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9}]
REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
adding: dlls/betsprx2.dll (164 bytes security) (deflated 6%)
adding: dlls/dnp0017me.dll (164 bytes security) (deflated 5%)
adding: dlls/en2sl1f71.dll (164 bytes security) (deflated 5%)
adding: dlls/fp2803fue.dll (164 bytes security) (deflated 4%)
adding: dlls/g2lm0c31ef.dll (164 bytes security) (deflated 6%)
adding: dlls/guard.tmp (164 bytes security) (deflated 6%)
adding: dlls/i4lole331h.dll (164 bytes security) (deflated 5%)
adding: dlls/j64olgh3164.dll (164 bytes security) (deflated 6%)
adding: dlls/k8pm0i71e8.dll (164 bytes security) (deflated 4%)
adding: dlls/ktlql7351.dll (164 bytes security) (deflated 5%)
adding: dlls/ktlsl7371.dll (164 bytes security) (deflated 4%)
adding: dlls/l84q0ih5e84.dll (164 bytes security) (deflated 5%)
adding: dlls/m0280afued280.dll (164 bytes security) (deflated 6%)
adding: dlls/mG64lajq1doe.dll (164 bytes security) (deflated 5%)
adding: dlls/pa.dll (164 bytes security) (deflated 5%)
adding: dlls/sbrwvdrv.dll (164 bytes security) (deflated 4%)
adding: dlls/scmpsnap.dll (164 bytes security) (deflated 6%)
adding: backregs/1D89BFBB-FF1A-4315-A500-6F8F30EBD8C9.reg (212 bytes security) (deflated 70%)
adding: backregs/46005929-3042-4E5E-A69A-D933E00B91CC.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 72%)
adding: backregs/shell.reg (164 bytes security) (deflated 73%)
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumAnalyse rapport hijack this
- ForumConfirmation rapport hijack this
- ForumRapport hijack this. probleme
- ForumSpyware rapport hijack this
- ForumRapport hijack this a analyser
- ForumRapport hijack this
- ForumDoute sur rapport hijack this
- ForumLire un rapport hijack this
- ForumRapport hijack this lag
- ForumLecture rapport hijack this
- Voir plus
