Trojan W32.Beagle.DZ

[popolo]

voici le rapport de silent runners

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Adobe Version Cue CS2" = "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" ["Adobe Sytems Incorporated"]

"Acrobat Assistant 7.0" = ""C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]

"ClamWin" = ""C:\Program Files\ClamWin\bin\ClamTray.exe" --logon" [file not found]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

-> {HKLM...CLSID} = "Microsoft Office Outlook"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"

-> {HKLM...CLSID} = "SmartFTP Shell Extension DLL"

\InProcServer32\(Default) = "C:\Program Files\SmartFTP Client 2.0\smarthook.dll" ["SmartFTP"]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

"{C43B38BF-7AB7-11D2-9F7C-00104B64D446}" = "Shell Extension for MagniFind"

-> {HKLM...CLSID} = "HtShellExtension Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Inxight\MAGNIF~1\HtShlExt.dll" ["Inxight Software, Inc."]

"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"

-> {HKLM...CLSID} = "Mes dossiers de partage"

\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]

"{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension"

-> {HKLM...CLSID} = "KbLogiExt Class"

\InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" [null data]

"{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension"

-> {HKLM...CLSID} = "LogiExt Class"

\InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" [null data]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"

-> {HKLM...CLSID} = "ACTHUMBNAIL"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]

"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "AutoCAD Digital Signatures Icon Overlay Handler"

-> {HKLM...CLSID} = "AcSignIcon"

\InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]

"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"

-> {HKLM...CLSID} = "ACDWFTHMBPRXY"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll" ["Autodesk"]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"

-> {HKLM...CLSID} = "Acrobat Elements Context Menu"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

Autodesk.DWF.ContextMenu\(Default) = "{6C18531F-CA85-45F7-8278-FF33CF0A5964}"

-> {HKLM...CLSID} = "DWFShellExt Class"

\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Autodesk Shared\dwf Common\DWFShellExtension.dll" ["Autodesk, Inc."]

ClamWin\(Default) = "{65713842-C410-4f44-8383-BFE01A398C90}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" ["alch"]

WinMerge\(Default) = "{4E716236-AA30-4C65-B225-D68BBA81E9C2}"

-> {HKLM...CLSID} = "WinMergeShell Class"

\InProcServer32\(Default) = "C:\Program Files\WinMerge\ShellExtensionU.dll" [empty string]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinMerge\(Default) = "{4E716236-AA30-4C65-B225-D68BBA81E9C2}"

-> {HKLM...CLSID} = "WinMergeShell Class"

\InProcServer32\(Default) = "C:\Program Files\WinMerge\ShellExtensionU.dll" [empty string]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

ClamWin\(Default) = "{65713842-C410-4f44-8383-BFE01A398C90}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\ClamWin\bin\ExpShell.dll" ["alch"]

HtExplorer\(Default) = "{C43B38BF-7AB7-11D2-9F7C-00104B64D446}"

-> {HKLM...CLSID} = "HtShellExtension Class"

\InProcServer32\(Default) = "C:\PROGRA~1\Inxight\MAGNIF~1\HtShlExt.dll" ["Inxight Software, Inc."]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Default executables:

--------------------

 

HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"

<<!>> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""C:\WINDOWS\system32\notepad.exe" "%1"" [MS]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"NoCDBurning" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Je\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Startup items in "Je" & "All Users" startup folders:

----------------------------------------------------

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

"Accélérateur de démarrage AutoCAD" -> shortcut to: "C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe" [null data]

"Adobe Gamma" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Lancement rapide d'Adobe Acrobat" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe" [null data]

"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]

"Suitcase Startup" -> shortcut to: "C:\Program Files\Extensis\Suitcase\Suitcase.exe -Startup" ["Extensis Products Group"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18

%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

 

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [file not found]

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

 

Explorer Bars

 

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

 

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Console Java (Sun)"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

 

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\

"ButtonText" = "Créer un Favori de l'appareil mobile"

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

-> {HKLM...CLSID} = "Create Mobile Favorite"

\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\inetrepl.dll" [MS]

 

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\

"MenuText" = "Créer un Favori de l'appareil mobile..."

"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"

-> {HKLM...CLSID} = "Create Mobile Favorite"

\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\inetrepl.dll" [MS]

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Recherche"

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

 

Missing lines (compared with English-language version):

[strings]: 1 line

 

 

HOSTS file

----------

 

C:\WINDOWS\System32\drivers\etc\HOSTS

 

maps: 2 domain names to IP addresses,

1 of the IP addresses is *not* localhost!

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Adobe Version Cue CS2, Adobe Version Cue CS2, ""C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service" ["Adobe Systems Incorporated"]

iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]

Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}

SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]

hpzlnt09\Driver = "hpzlnt09.dll" ["HP"]

 

 

----------

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 121 seconds.

---------- (total run time: 172 seconds)

[bruce lee]

re,

 

Télécharge Blacklight (de F-Secure); clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.

 

Double-clique blbeta.exe et accepte la licence; clique Scan puis Next

 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

 

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "rename ou cleaning" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

[popolo]

blacklight me trouve 11 éléments voici le rapport

 

01/08/07 21:48:15 [info]: BlackLight Engine 1.0.55 initialized

01/08/07 21:48:15 [info]: OS: 5.1 build 2600 (Service Pack 2)

01/08/07 21:48:15 [Note]: 7019 4

01/08/07 21:48:15 [Note]: 7005 0

01/08/07 21:48:19 [Note]: 7006 0

01/08/07 21:48:19 [Note]: 7011 1588

01/08/07 21:48:19 [Note]: 7026 0

01/08/07 21:48:19 [Note]: 7026 0

01/08/07 21:48:19 [Note]: 7024 3

01/08/07 21:48:19 [info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe

01/08/07 21:48:19 [Note]: 7024 3

01/08/07 21:48:19 [info]: Hidden process: C:\WINDOWS\system32\hldrrr.exe

01/08/07 21:48:30 [Note]: FSRAW library version 1.7.1021

01/08/07 21:48:33 [info]: Hidden file: c:\Documents and Settings\Je\Application Data\hidires\hidr.exe

01/08/07 21:48:33 [Note]: 10002 2

01/08/07 21:48:33 [info]: Hidden file: c:\Documents and Settings\Je\Application Data\hidires\m_hook.sys

01/08/07 21:48:33 [Note]: 10002 2

01/08/07 21:48:34 [Note]: 10002 3

01/08/07 21:48:34 [Note]: 10002 3

01/08/07 21:48:34 [Note]: 10002 2

01/08/07 21:48:34 [Note]: 10002 2

01/08/07 21:53:54 [info]: Hidden file: c:\Program Files\Movie Maker\shared\empty.txt

01/08/07 21:53:54 [Note]: 10002 3

01/08/07 21:53:54 [info]: Hidden file: c:\Program Files\Movie Maker\shared\filters.xml

01/08/07 21:53:54 [Note]: 10002 3

01/08/07 21:53:54 [info]: Hidden file: c:\Program Files\Movie Maker\shared\news.png

01/08/07 21:53:54 [Note]: 10002 3

01/08/07 21:53:54 [info]: Hidden file: c:\Program Files\Movie Maker\shared\paint.png

01/08/07 21:53:54 [Note]: 10002 3

01/08/07 21:53:54 [info]: Hidden file: c:\Program Files\Movie Maker\shared\profiles\blank.txt

01/08/07 21:53:54 [Note]: 10002 3

01/08/07 21:53:54 [info]: Hidden file: c:\Program Files\Movie Maker\shared\sample1.jpg

01/08/07 21:53:54 [Note]: 10002 3

01/08/07 21:53:54 [info]: Hidden file: c:\Program Files\Movie Maker\shared\sample2.jpg

01/08/07 21:53:54 [Note]: 10002 3

01/08/07 21:53:54 [Note]: 10002 2

01/08/07 21:53:54 [Note]: 10002 2

01/08/07 21:55:32 [Note]: 10002 2

01/08/07 21:55:32 [Note]: 10002 2

01/08/07 21:56:03 [info]: Hidden file: c:\WINDOWS\system32\wintems.exe

01/08/07 21:56:03 [Note]: 10002 2

01/08/07 21:56:03 [info]: Hidden file: C:\WINDOWS\system32\hldrrr.exe

01/08/07 21:56:03 [Note]: 10002 2

01/08/07 21:57:36 [Note]: 2000 1012

[popolo]

re,

j'ai renommé les 11 fichiers trouvé par Blacklight suite à ca j'ai enfin pu installer un antivirus , AntiVir apres configuration suivant le tuto trouvé sur le forum et scan m'as trouvé 21 fichiers suspect que j'ai mis en quarantaine. je croyais le problème resolu sauf que je ne peux toujours pas redémarrer en mode sans échec, j'ai toujours le meme probleme les pilotes se chargent jusqu'à l'apparition furtive d'un ecran bleu puis reboot.

j'ai cependant remarqué une tres nette amélioration au démarrage en mode normal, le bureau se charge beaucoup plus rapidement et je ne trouve plus d'adresse inconnu dans l'historique de navigation d'IE.

quelqu'un saurait il m'orienter pour corriger le probleme de démarrage en mode sans échec.

 

je tiens à remercier BruceLee pour son aide précieuse.

[bruce lee]

bonjour popolo,

 

je vois que tu as pris les devants mais fait attention, ne renomme pas les fichiers se trouvant dans c:\Program Files\Movie Maker ils sont legitimes. Les autres fichiers (hldrrr.exe...etc) tu peux les supprimer.

 

 

lances hijackthis et tu vas dans:

 

Open Misc Tools Section

 

Assure toi que les deux cases de droite sont bien cochées:

 

* List all minor sections(Full)

* List Empty Sections(Complete)

 

Clique sur Generate StartupList Log

 

Click sur "oui" lorsque l'on te le demande.

 

Cela va générer un rapport, tu me le copies dans son integralité.

[popolo]

salut bruce,

voici le rapport startuplist de HJT

 

StartupList report, 09/01/2007, 18:36:37

StartupList version: 1.52.2

Started from : C:\Documents and Settings\Je\Bureau\Hijak.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Extensis\Suitcase\Suitcase.exe

C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Je\Bureau\Hijak.exe

 

pour les fichiers movie maker est ce important? en sachant que je n'utiliserai jamais movie maker.

[bruce lee]

re,

 

pour les fichiers movie maker est ce important? en sachant que je n'utiliserai jamais movie maker.

 

Si tu ne l'utiliseras jamais c'est pas grave. La startup list n'est pas complete refais en une et poste tout le contenu du bloc note.

Modifié le 9 janvier 2007 par bruce lee

[popolo]

pardon j'avais pas vu la suite

 

StartupList report, 09/01/2007, 21:50:02

StartupList version: 1.52.2

Started from : C:\Documents and Settings\Je\Bureau\Hijak.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Extensis\Suitcase\Suitcase.exe

C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Je\Bureau\Hijak.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]

Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe

Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

Lancement rapide d'Adobe Acrobat.lnk = ?

Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

Suitcase Startup.lnk = ?

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

Adobe Version Cue CS2 = C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

Acrobat Assistant 7.0 = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"

avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

 

(Default) = "C:\WINDOWS\system32\notepad.exe" "%1"

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[MsnMessengerSetupDownloadControl Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx

CODEBASE = http://messenger.msn.com/download/MsnMesse...pDownloader.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

 

--------------------------------------------------

End of report, 5 706 bytes

Report generated in 0,110 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

[bruce lee]

bonjour popolo,

 

Télécharge WinPFind http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip

 

dezippe le et lance winpfind.exe

clique sur Start Scan et laisse le faire puis quand il aura finit poste le rapport.

[popolo]

bonjour bruce,

c 'est fait voici le rapport WinPFind

 

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

 

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

 

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Logfile created on: 10/01/2007 12:02:43

WinPFind v1.5.0 Folder = C:\Documents and Settings\Je\Bureau\WinPFind\

Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)

Internet Explorer (Version = 6.0.2900.2180)

 

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

 

Checking %SystemDrive% folder...

 

Checking %ProgramFilesDir% folder...

 

Checking %WinDir% folder...

 

Checking %System% folder...

PEC2 28/08/2001 13:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc ()

PEC2 24/05/2006 23:42:26 619156 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)

PECompact2 24/05/2006 23:42:26 619156 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)

PTech 27/07/2005 23:43:32 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft® Corporation)

PECompact2 07/12/2006 15:13:46 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)

aspack 07/12/2006 15:13:46 10716584 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)

WSUD 04/08/2004 00:55:00 1230848 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)

aspack 04/08/2004 00:54:16 733184 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)

WSUD 04/08/2004 00:55:04 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)

Umonitor 04/08/2004 00:54:38 685056 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)

winsync 28/08/2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()

 

Checking %System%\Drivers folder and sub-folders...

PTech 03/08/2004 22:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

 

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

 

 

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...

10/01/2007 11:12:52 S 2048 C:\WINDOWS\bootstat.dat ()

09/01/2007 14:48:54 H 54156 C:\WINDOWS\QTFont.qfn ()

21/12/2006 14:02:42 H 73 C:\WINDOWS\system32\superpad6.lnf ()

21/11/2006 04:43:56 H 35 C:\WINDOWS\system32\superpad8.lnf ()

21/11/2006 04:43:56 H 35 C:\WINDOWS\system32\superpad9.lnf ()

08/12/2006 03:11:20 S 9090 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat ()

18/11/2006 07:02:36 S 22261 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925454.cat ()

10/01/2007 11:13:38 H 1024 C:\WINDOWS\system32\config\default.LOG ()

10/01/2007 11:12:56 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()

10/01/2007 11:23:02 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG ()

10/01/2007 12:03:14 H 1024 C:\WINDOWS\system32\config\software.LOG ()

10/01/2007 11:14:54 H 1024 C:\WINDOWS\system32\config\system.LOG ()

15/12/2006 03:00:58 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()

18/11/2006 02:36:46 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\989734a3-c0f3-45e2-bd08-c3a879fa0c1c ()

18/11/2006 02:36:46 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()

10/01/2007 11:12:56 H 6 C:\WINDOWS\Tasks\SA.DAT ()

 

Checking for CPL files...

04/08/2004 00:55:04 71680 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)

04/08/2004 00:55:04 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)

04/08/2004 00:55:04 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)

04/08/2004 00:55:04 138240 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)

04/08/2004 00:55:04 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)

04/08/2004 00:55:04 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)

04/08/2004 00:55:04 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)

04/08/2004 00:55:04 134144 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)

04/08/2004 00:55:04 380928 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)

04/08/2004 00:55:04 70144 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)

10/11/2005 13:03:50 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)

28/08/2001 13:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)

06/12/2004 14:07:08 69632 C:\WINDOWS\SYSTEM32\mbllnk.cpl (AvantGo, Inc.)

04/08/2004 00:55:04 626176 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)

28/08/2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)

04/08/2004 00:55:04 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)

04/08/2004 00:55:04 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)

28/08/2001 13:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)

04/08/2004 00:55:04 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)

30/11/2006 17:16:18 199760 C:\WINDOWS\SYSTEM32\plotman.cpl (Autodesk, Inc.)

04/08/2004 00:55:04 118272 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)

30/11/2006 17:16:18 199760 C:\WINDOWS\SYSTEM32\styleman.cpl (Autodesk, Inc.)

04/08/2004 00:55:04 305152 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)

28/08/2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)

04/08/2004 00:55:04 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)

04/08/2004 00:55:04 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)

26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)

28/08/2001 13:00:00 189952 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)

28/08/2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)

28/08/2001 13:00:00 38400 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)

28/08/2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)

26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

 

Checking for Downloaded Program Files...

{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMesse...pDownloader.cab

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab

Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

 

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

 

Checking files in %ALLUSERSPROFILE%\Startup folder...

30/11/2006 17:42:10 1995 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Accélérateur de démarrage AutoCAD.lnk ()

03/01/2006 04:17:38 1016 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk ()

02/01/2006 23:21:42 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

10/01/2007 11:12:58 2359 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk ()

23/08/2006 16:19:10 1687 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk ()

08/01/2006 22:23:58 565 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Suitcase Startup.lnk ()

 

Checking files in %ALLUSERSPROFILE%\Application Data folder...

08/01/2007 23:18:12 305 C:\Documents and Settings\All Users\Application Data\addr_file.html ()

02/01/2006 23:06:14 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

31/12/2006 12:28:02 953 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

 

Checking files in %USERPROFILE%\Startup folder...

02/01/2006 23:21:42 HS 84 C:\Documents and Settings\Je\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

 

Checking files in %USERPROFILE%\Application Data folder...

02/01/2006 23:06:14 HS 62 C:\Documents and Settings\Je\Application Data\desktop.ini ()

 

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

 

>>> Internet Explorer Settings <<<

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home

\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

\\Local Page - %SystemRoot%\system32\blank.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

\\Start Page - http://www.google.fr/

\\Search Bar - http://www.google.com/ie

\\Search Page - http://www.google.com

\\Local Page - C:\WINDOWS\system32\blank.htm

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

\\SearchAssistant - http://www.google.com/ie

 

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

 

>>> BHO's <<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

\{AE7CD045-E861-484f-8273-0445EE161910} - Adobe PDF Conversion Toolbar Helper = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

 

>>> Internet Explorer Bars, Toolbars and Extensions <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

\{182EC0BE-5110-49C8-A062-BEB1D02A220B} - Adobe PDF = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Astuce du jour = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

\{32683183-48a0-441b-a342-7c2a440a9478} - = ()

\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - Bandeau de recherche de l'Explorateur = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

\ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Adresse = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Liens = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - = ()

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]

\\NEXTID - 8198

\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8193 = Windows Messenger

\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8194 =

\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8195 = Console Java (Sun)

\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - 8196 =

\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - 8197 = Créer un Favori de l'appareil mobile...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Console Java (Sun) = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)

\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Console Java (Sun) = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)

\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - ButtonText: Créer un Favori de l'appareil mobile =

\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - MenuText: Créer un Favori de l'appareil mobile... = C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)

\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Recherche =

\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

 

>>> Approved Shell Extensions (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Extension Affichage Panorama du Panneau de configuration = deskpan.dll ()

\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Extensions de l'environnement de compression de fichiers = ()

\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Menu contextuel de cryptage = ()

\\{88895560-9AA2-1069-930E-00AA0030EBC8} - Extension icône HyperTerminal = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)

\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Barre des tâches et menu Démarrer = ()

\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()

\\{7A9D77BD-5403-11d2-8785-2E0420524153} - Comptes d'utilisateurs = ()

\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()

\\{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} - Adobe.Acrobat.ContextMenu = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.)

\\{B8323370-FF27-11D2-97B6-204C4F4F5020} - SmartFTP Shell Extension DLL = C:\Program Files\SmartFTP Client 2.0\smarthook.dll (SmartFTP)

\\{C43B38BF-7AB7-11D2-9F7C-00104B64D446} - Shell Extension for MagniFind = C:\PROGRA~1\Inxight\MAGNIF~1\HtShlExt.dll (Inxight Software, Inc.)

\\{D9872D13-7651-4471-9EEE-F0A00218BEBB} - Multiscan = ()

\\{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} - Logitech Setpoint Extension = C:\Program Files\Logitech\SetPoint\kbcplext.dll ()

\\{B9B9F083-2B04-452A-8691-83694AC1037B} - Logitech Setpoint Extension = C:\Program Files\Logitech\SetPoint\mcplext.dll ()

\\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - iTunes = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.)

\\{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} - Autodesk Drawing Preview = C:\Program Files\Fichiers communs\Autodesk Shared\Thumbnail\AcThumbnail16.dll (Autodesk)

\\{36A21736-36C2-4C11-8ACB-D4136F2B57BD} - AutoCAD Digital Signatures Icon Overlay Handler = C:\WINDOWS\system32\AcSignIcon.dll (Autodesk)

\\{6DEA92E9-8682-4b6a-97DE-354772FE5727} - Autodesk DWF Preview = C:\Program Files\Fichiers communs\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll (Autodesk)

\\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

 

>>> Context Menu Handlers (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]

\Adobe.Acrobat.ContextMenu - {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\ContextMenu.dll (Adobe Systems Inc.)

\Autodesk.DWF.ContextMenu - {6C18531F-CA85-45F7-8278-FF33CF0A5964} = C:\Program Files\Fichiers communs\Autodesk Shared\dwf Common\DWFShellExtension.dll (Autodesk, Inc.)

\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)

\WinMerge - {4E716236-AA30-4C65-B225-D68BBA81E9C2} = C:\Program Files\WinMerge\ShellExtensionU.dll ()

\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

 

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

 

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]

\WinMerge - {4E716236-AA30-4C65-B225-D68BBA81E9C2} = C:\Program Files\WinMerge\ShellExtensionU.dll ()

\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

 

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

 

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]

\HtExplorer - {C43B38BF-7AB7-11D2-9F7C-00104B64D446} = C:\PROGRA~1\Inxight\MAGNIF~1\HtShlExt.dll (Inxight Software, Inc.)

\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)

\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()

\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} - = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll (Nero AG)

 

>>> Column Handlers (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

 

>>> Registry Run Keys <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Adobe Version Cue CS2 - C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)

Acrobat Assistant 7.0 - C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)

QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)

avgnt - C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

IMAIL Installed = 1

MAPI Installed = 1

MSFS Installed = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)

H/PC Connection Agent - C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

 

>>> Startup Links <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Accélérateur de démarrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe (Autodesk, Inc)

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Suitcase Startup.lnk - C:\Program Files\Extensis\Suitcase\Suitcase.exe (Extensis Products Group)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]

C:\Documents and Settings\Je\Menu Démarrer\Programmes\Démarrage\desktop.ini ()

 

>>> MSConfig Disabled Items <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

 

[All Users Startup Folder Disabled Items]

 

[Current User Startup Folder Disabled Items]

 

>>> User Agent Post Platform <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

\\SV1 -

 

>>> AppInit Dll's <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

 

>>> Image File Execution Options <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

\Your Image File Name Here without a path - Debugger = ntsd -d

 

>>> Shell Service Object Delay Load <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)

\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

 

>>> Shell Execute Hooks <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

 

>>> Shared Task Scheduler <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Pré-chargeur Browseui = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Démon de cache des catégories de composant = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

 

>>> Winlogon <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

\\UserInit = C:\WINDOWS\system32\userinit.exe,

\\Shell = Explorer.exe

\\System =

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

\crypt32chain - crypt32.dll = (Microsoft Corporation)

\cryptnet - cryptnet.dll = (Microsoft Corporation)

\cscdll - cscdll.dll = (Microsoft Corporation)

\ScCertProp - wlnotify.dll = (Microsoft Corporation)

\Schedule - wlnotify.dll = (Microsoft Corporation)

\sclgntfy - sclgntfy.dll = (Microsoft Corporation)

\SensLogn - WlNotify.dll = (Microsoft Corporation)

\termsrv - wlnotify.dll = (Microsoft Corporation)

\wlballoon - wlnotify.dll = (Microsoft Corporation)

 

>>> DNS Name Servers <<<

{12D1A063-C8BD-46AF-B17E-D07778D0FE1D} - (Intel® PRO/Wireless LAN 2100 3B Mini PCI Adapter)

{39DDF421-8739-4810-A16F-1E5C3FB27319} - (Carte réseau Fast Ethernet PCI Realtek RTL8139 Family)

{8585AC4D-11F8-44E0-977F-9E886E3FC6F8} - (Carte réseau 1394)

{CEEFAE27-9949-4102-8B21-B2E97AA4B231} - ()

 

>>> All Winsock2 Catalogs <<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]

\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)

\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)

\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]

\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000004\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)

\000000000006\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)

\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

 

>>> Protocol Handlers (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]

\cetihpz - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

\ipp - ()

\msdaipp - ()

 

>>> Protocol Filters (Non-Microsoft Only) <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

 

>>> Selected AddOn's <<<

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»