Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

svchost qui me cause problemes...

xapate

Par xapate
dans Analyses et éradication malwares

 Partager

Messages recommandés

xapate Junior Member

xapate

Posté(e)
  • Auteur
Posté(e)
Salut,

 

Eh quand ton Svchost plante, y a t il d'autre processus qui surconsomme en cpu ou en ram ?

 

Sinon ton probleme etant assez recent tu peux toujours essayer une restauration systeme (si elle est activee bien sur)

 

@+

579859[/snapback]

 

salut seb,

 

Non, je n'ai pas d'autres processus qui surconsomment, c'est vraiment le svchost qui m'ennuie...

 

Quand à la restauration système, je l'avais désactivé, et je n'ai donc pas de points de restauration disponible...

 

Je crois que je vais tenter une réparation de windaube, je ne vois plus que ça à faire...

xapate Junior Member

xapate

Posté(e)
  • Auteur
Posté(e) (modifié)

Voila, je viens d'effectuer le "Pré-Nettoyage d'un PC infecté" ainsi que préconisé...

 

Au passage, j'en profite pour saluer le choix d'AntiVir comme anti-virus résident, très bon choix, du coup je l'ai gardé...

 

Voici le rapport HiJack qui en résulte :

 

Logfile of HijackThis v1.99.1

Scan saved at 18:29:22, on 28/09/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\LVComsX.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Logitech\Video\AlbumDB2.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

D:\Securité et outils de suppression de virus sur Pc-familial\HiJack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O8 - Extra context menu item: &Add to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O17 - HKLM\System\CCS\Services\Tcpip\..\{1310CAEB-F125-42FC-B615-4C450A9482C8}: NameServer = 80.118.196.42 80.118.192.112

O17 - HKLM\System\CCS\Services\Tcpip\..\{52D54F0F-E712-4340-81E1-1B8E244F4689}: NameServer = 127.0.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{1310CAEB-F125-42FC-B615-4C450A9482C8}: NameServer = 80.118.196.42 80.118.192.112

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Program Files\CachemanXP\CachemanXP.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

 

Je n'ai toujours rien trouvé d'anormal, mais il semblerait que depuis cet après midi mon svchost se sente mieux...

 

[EDIT]Rectification, ça va pas mieux du tout, à peine avais-je posté le message ici que ça me l'a refait...Je sais vraiment plus quoi faire...[/EDIT]

 

Je continue de chercher et vous tiendrai au courant...

 

En attendant, si vous avez d'autres pistes, je suis toujours preneur :P

Modifié par xapate
xapate Junior Member

xapate

Posté(e)
  • Auteur
Posté(e)

News :

 

J'ai tenté une réparation de windaube, sans succès, le problème revient...

 

Par contre AntiVir me trouve maintenant ceci, alors qu'il l'avait pas vu au scan, et n'arrète pas de me faire des alertes à ce sujet :

 

WORM/PoeBot.8192

 

La je sais vraiment plus quoi faire... :P

xapate Junior Member

xapate

Posté(e)
  • Auteur
Posté(e)

Rapport de Silent Runner :

 

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [** WMI GetObject error **]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NVMixerTray" = ""C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"" [** WMI GetObject error **]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [** WMI GetObject error **]

"nwiz" = "nwiz.exe /install" [** WMI GetObject error **]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [** WMI GetObject error **]

"Zone Labs Client" = "C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [** WMI GetObject error **]

"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" [** WMI GetObject error **]

"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " [** WMI GetObject error **]

"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" [** WMI GetObject error **]

"AVGCtrl" = "C:\Program Files\AVPersonal\AVGNT.EXE /min" [** WMI GetObject error **]

 

HKLM\Software\Microsoft\Active Setup\Installed Components\

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = "Lecteur Windows Media"

                                        \StubPath  = "C:\WINDOWS\INF\unregmp2.exe /ShowWMP" [** WMI GetObject error **]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{00022613-0000-0000-C000-000000000046}" = "Feuille de propriétés du fichier multimédia"

  -> {CLSID}\InProcServer32\(Default) = "mmsys.cpl" [** WMI GetObject error **]

"{176d6597-26d3-11d1-b350-080036a75b03}" = "Gestion de scanneur ICM"

  -> {CLSID}\InProcServer32\(Default) = "icmui.dll" [** WMI GetObject error **]

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "Page de sécurité NTFS"

  -> {CLSID}\InProcServer32\(Default) = "rshx32.dll" [** WMI GetObject error **]

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "Page des propriétés de OLE DocFile"

  -> {CLSID}\InProcServer32\(Default) = "docprop.dll" [** WMI GetObject error **]

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Extensions de l'environnement pour le partage"

  -> {CLSID}\InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **]

"{41E300E0-78B6-11ce-849B-444553540000}" = "PlusPack CPL Extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\themeui.dll" [** WMI GetObject error **]

"{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Carte du Panneau de configuration"

  -> {CLSID}\InProcServer32\(Default) = "deskadp.dll" [** WMI GetObject error **]

"{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Écran du Panneau de configuration"

  -> {CLSID}\InProcServer32\(Default) = "deskmon.dll" [** WMI GetObject error **]

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "Page de sécurité DS"

  -> {CLSID}\InProcServer32\(Default) = "dssec.dll" [** WMI GetObject error **]

"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" = "Page de compatibilité"

  -> {CLSID}\InProcServer32\(Default) = "SlayerXP.dll" [** WMI GetObject error **]

"{56117100-C0CD-101B-81E2-00AA004AE837}" = "Gestionnaire de données endommagées de l'environnement"

  -> {CLSID}\InProcServer32\(Default) = "shscrap.dll" [** WMI GetObject error **]

"{59099400-57FF-11CE-BD94-0020AF85B590}" = "Extension copie de disquette"

  -> {CLSID}\InProcServer32\(Default) = "diskcopy.dll" [** WMI GetObject error **]

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Extensions de l'environnement pour les objets réseau de Microsoft Windows"

  -> {CLSID}\InProcServer32\(Default) = "ntlanui2.dll" [** WMI GetObject error **]

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "Gestion d'écran ICM"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\icmui.dll" [** WMI GetObject error **]

"{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "Gestion d'imprimante ICM"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [** WMI GetObject error **]

"{77597368-7b15-11d0-a0c2-080036af3f03}" = "Extension de l'environnement d'imprimante Web"

  -> {CLSID}\InProcServer32\(Default) = "printui.dll" [** WMI GetObject error **]

"{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI"

  -> {CLSID}\InProcServer32\(Default) = "dskquoui.dll" [** WMI GetObject error **]

"{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Porte-documents"

  -> {CLSID}\InProcServer32\(Default) = "syncui.dll" [** WMI GetObject error **]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" [** WMI GetObject error **]

"{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts"

  -> {CLSID}\InProcServer32\(Default) = "fontext.dll" [** WMI GetObject error **]

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "Profil ICC"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\icmui.dll" [** WMI GetObject error **]

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Page de sécurité des imprimantes"

  -> {CLSID}\InProcServer32\(Default) = "rshx32.dll" [** WMI GetObject error **]

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Extensions de l'environnement pour le partage"

  -> {CLSID}\InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **]

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension"

  -> {CLSID}\InProcServer32\(Default) = "deskperf.dll" [** WMI GetObject error **]

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Extension de cryptographie PKO"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [** WMI GetObject error **]

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Extension de cryptographie Sign"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\cryptext.dll" [** WMI GetObject error **]

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Connexions réseau"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [** WMI GetObject error **]

"{992CFFA0-F557-101A-88EC-00DD010CCC48}" = "Connexions réseau"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\NETSHELL.dll" [** WMI GetObject error **]

"{E211B736-43FD-11D1-9EFB-0000F8757FCD}" = "&Scanneurs et appareils photo"

  -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]

"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}" = "&Scanneurs et appareils photo"

  -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]

"{905667aa-acd6-11d2-8080-00805f6596d2}" = "&Scanneurs et appareils photo"

  -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]

"{3F953603-1008-4f6e-A73A-04AAC7A992F1}" = "&Scanneurs et appareils photo"

  -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]

"{83bbcbf3-b28a-4919-a5aa-73027445d672}" = "&Scanneurs et appareils photo"

  -> {CLSID}\InProcServer32\(Default) = "wiashext.dll" [** WMI GetObject error **]

"{F0152790-D56E-4445-850E-4F3117DB740C}" = "Remote Sessions CPL Extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\remotepg.dll" [** WMI GetObject error **]

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Extension de la page de propriétés de mise à jour automatique"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wuaueng.dll" [** WMI GetObject error **]

"{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Extension de l'interpréteur de commande pour Windows Script Host"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wshext.dll" [** WMI GetObject error **]

"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" = "Liaison de données Microsoft"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\System\Ole DB\oledb32.dll" [** WMI GetObject error **]

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [** WMI GetObject error **]

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [** WMI GetObject error **]

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Tâches planifiées"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mstask.dll" [** WMI GetObject error **]

"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" = "Rechercher"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]

"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" = "Aide et support"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]

"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" = "Aide et support"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]

"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" = "Exécuter..."

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]

"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" = "Internet"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]

"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" = "Courrier électronique"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]

"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}" = "Audio Media Properties Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [** WMI GetObject error **]

"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}" = "Video Media Properties Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [** WMI GetObject error **]

"{E4B29F9D-D390-480b-92FD-7DDB47101D71}" = "Wav Properties Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [** WMI GetObject error **]

"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}" = "Avi Properties Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [** WMI GetObject error **]

"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}" = "Midi Properties Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [** WMI GetObject error **]

"{c5a40261-cd64-4ccf-84cb-c394da41d590}" = "Video Thumbnail Extractor"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shmedia.dll" [** WMI GetObject error **]

"{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Barre d'outils Internet Microsoft"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "État du téléchargement"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Dossier Bureau étendu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Dossier du shell augmenté"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Bande du navigateur Microsoft"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "Bande de recherche"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{32683183-48a0-441b-a342-7c2a440a9478}" = "Media Band"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "Volet intégré de recherche"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Recherche Web"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Utilitaire des options de l'arborescence du Registre"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Adresse"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Boîte d'entrée de l'adresse"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Saisie semi-automatique Microsoft"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{6756A641-DE71-11d0-831B-00AA005B4383}" = "Liste de saisie semi-automatique MRU"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Liste de saisie semi-automatique personnalisée MRU"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Accessible"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{acf35015-526e-4230-9596-becbe19f0ac9}" = "Barre de progrès auto-ouvrante"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}" = "Analyseur de la barre d'adresses"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Liste de saisie semi-automatique de l'historique Microsoft"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{03C036F1-A186-11D0-824A-00AA005B4383}" = "Liste de saisie semi-automatique du dossier Shell Microsoft"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Conteneur de la liste de saisie semi-automatique multiple Microsoft"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Menu Site de bandes"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Shell DeskBarApp"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Barre du Bureau"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "Assistance utilisateur"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Paramètres du dossier global"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" = "Favorites Band"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{0A89A860-D7B1-11CE-8350-444553540000}" = "Shell Automation Inproc Service"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" = "Shell DocObject Viewer"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" = "Microsoft Browser Architecture"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut"

  -> {CLSID}\InProcServer32\(Default) = "shdocvw.dll" [** WMI GetObject error **]

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" = "Microsoft Url History Service"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{FF393560-C2A7-11CF-BFF4-444553540000}" = "Historique"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" = "Image de démarrage de la Suite IE4"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" = "CDF Extension Copy Hook"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{131A6951-7F78-11D0-A979-00C04FD705A2}" = "ISFBand OC"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}" = "Search Assistant OC"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "Internet"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{871C5380-42A0-1069-A2EA-08002B30309D}" = "Internet Name Space"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" = "Explorer Band"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\shdocvw.dll" [** WMI GetObject error **]

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\sendmail.dll" [** WMI GetObject error **]

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\sendmail.dll" [** WMI GetObject error **]

"{88C6C381-2E85-11D0-94DE-444553540000}" = "Dossier ActiveX Cache"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\occache.dll" [** WMI GetObject error **]

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" = "Subscription Mgr"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]

"{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Dossier Inscription"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]

"{08165EA0-E946-11CF-9C87-00AA005127ED}" = "WebCheckWebCrawler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" = "WebCheckChannelAgent"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" = "TrayAgent"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" = "Code Download Agent"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" = "ConnectionAgent"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}" = "PostAgent"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" = "WebCheck SyncMgr Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]

"{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Gestionnaire d'applications d'environnement"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [** WMI GetObject error **]

"{0B124F8F-91F0-11D1-B8B5-006008059382}" = "Énumérateur d'applications installées"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [** WMI GetObject error **]

"{CFCCC7A0-A282-11D1-9082-006008059382}" = "Publication d'application Darwin"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\appwiz.cpl" [** WMI GetObject error **]

"{e84fda7c-1d6a-45f6-b725-cb260c236066}" = "Shell Image Verbs"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [** WMI GetObject error **]

"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}" = "Shell Image Data Factory"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [** WMI GetObject error **]

"{3F30C968-480A-4C6C-862D-EFC0897BB84B}" = "Extracteur de miniatures de fichier + GDI"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [** WMI GetObject error **]

"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}" = "Gestionnaire de miniatures - Informations de résumé (DOCFILES)"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [** WMI GetObject error **]

"{EAB841A0-9550-11cf-8C16-00805F1408F3}" = "Extracteur de miniatures HTML"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [** WMI GetObject error **]

"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}" = "Shell Image Property Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shimgvw.dll" [** WMI GetObject error **]

"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}" = "Assistant Publication de sites Web"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [** WMI GetObject error **]

"{add36aa8-751a-4579-a266-d66f5202ccbb}" = "Commande d'impressions via le Web"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [** WMI GetObject error **]

"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}" = "Objet Assistant de publication Shell"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [** WMI GetObject error **]

"{58f1f272-9240-4f51-b6d4-fd63d1618591}" = "Assistant Obtenir une identité Passport"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\netplwiz.dll" [** WMI GetObject error **]

"{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}" = "Dossier compressé"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [** WMI GetObject error **]

"{BD472F60-27FA-11cf-B8B4-444553540000}" = "Compressed (zipped) Folder Right Drag Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [** WMI GetObject error **]

"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}" = "Compressed (zipped) Folder SendTo Target"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\zipfldr.dll" [** WMI GetObject error **]

"{63da6ec0-2e98-11cf-8d82-444553540000}" = "FTP Folders Webview"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msieftp.dll" [** WMI GetObject error **]

"{883373C3-BF89-11D1-BE35-080036B11A03}" = "Microsoft DocProp Shell Ext"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [** WMI GetObject error **]

"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}" = "Microsoft DocProp Inplace Edit Box Control"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [** WMI GetObject error **]

"{8EE97210-FD1F-4B19-91DA-67914005F020}" = "Microsoft DocProp Inplace ML Edit Box Control"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [** WMI GetObject error **]

"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}" = "Microsoft DocProp Inplace Droplist Combo Control"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [** WMI GetObject error **]

"{6A205B57-2567-4A2C-B881-F787FAB579A3}" = "Microsoft DocProp Inplace Calendar Control"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [** WMI GetObject error **]

"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}" = "Microsoft DocProp Inplace Time Control"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\docprop2.dll" [** WMI GetObject error **]

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [** WMI GetObject error **]

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" = "Shell properties for a DS object"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [** WMI GetObject error **]

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" = "Directory Object Find"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [** WMI GetObject error **]

"{F020E586-5264-11d1-A532-0000F8757D7E}" = "Directory Start/Search Find"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsquery.dll" [** WMI GetObject error **]

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [** WMI GetObject error **]

"{62AE1F9A-126A-11D0-A14B-0800361B1103}" = "Directory Context Menu Verbs"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dsuiext.dll" [** WMI GetObject error **]

"{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [** WMI GetObject error **]

"{ECF03A32-103D-11d2-854D-006008059367}" = "MyDocs Drop Target"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [** WMI GetObject error **]

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}" = "MyDocs Properties"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mydocs.dll" [** WMI GetObject error **]

"{750fdf0e-2a26-11d1-a3ea-080036587f03}" = "Offline Files Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [** WMI GetObject error **]

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}" = "Offline Files Folder Options"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [** WMI GetObject error **]

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" = "Dossier Fichiers hors connexion"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [** WMI GetObject error **]

"{143A62C8-C33B-11D1-84FE-00C04FA34A14}" = "Microsoft Agent Character Property Sheet Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\msagent\agentpsh.dll" [** WMI GetObject error **]

"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}" = "DfsShell"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\dfsshlex.dll" [** WMI GetObject error **]

"{60fd46de-f830-4894-a628-6fa81bc0190d}" = "%DESC_PublishDropTarget%"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\photowiz.dll" [** WMI GetObject error **]

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" = "MMC Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\mmcshext.dll" [** WMI GetObject error **]

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer"

  -> {CLSID}\InProcServer32\(Default) = "cabview.dll" [** WMI GetObject error **]

"{32714800-2E5F-11d0-8B85-00AA0044F941}" = "Des &personnes..."

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Outlook Express\wabfind.dll" [** WMI GetObject error **]

"{8DD448E6-C188-4aed-AF92-44956194EB1F}" = "Windows Media Player Play as Playlist Context Menu Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [** WMI GetObject error **]

"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" = "Windows Media Player Burn Audio CD Context Menu Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [** WMI GetObject error **]

"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" = "Windows Media Player Add to Playlist Context Menu Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\wmpshell.dll" [** WMI GetObject error **]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" [** WMI GetObject error **]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" [** WMI GetObject error **]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" [** WMI GetObject error **]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" [** WMI GetObject error **]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" [** WMI GetObject error **]

"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Labtec Pictures"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" [** WMI GetObject error **]

"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = "Dossiers Web"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL" [** WMI GetObject error **]

"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [** WMI GetObject error **]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [** WMI GetObject error **]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [** WMI GetObject error **]

"{D20EA4E1-3957-11d2-A40B-0C5020524152}" = "Polices"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]

"{D20EA4E1-3957-11d2-A40B-0C5020524153}" = "Outils d'administration"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [** WMI GetObject error **]

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}" = "Fichier de chaîne"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [** WMI GetObject error **]

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}" = "Raccourci de chaîne"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [** WMI GetObject error **]

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}" = "Channel Handler Object"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [** WMI GetObject error **]

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}" = "Channel Menu"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [** WMI GetObject error **]

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}" = "Channel Properties"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cdfview.dll" [** WMI GetObject error **]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

INFECTION WARNING! "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Pré-chargeur Browseui"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

INFECTION WARNING! "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Démon de cache des catégories de composant"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\browseui.dll" [** WMI GetObject error **]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" = "URL Exec Hook" [from CLSID]

  -> {CLSID}\InProcServer32\(Default) = "shell32.dll" [** WMI GetObject error **]

INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" [** WMI GetObject error **]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]

"CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]

"WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\webcheck.dll" [** WMI GetObject error **]

"SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\stobject.dll" [** WMI GetObject error **]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! Class Install Handler\CLSID = "{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [** WMI GetObject error **]

INFECTION WARNING! deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [** WMI GetObject error **]

INFECTION WARNING! gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [** WMI GetObject error **]

INFECTION WARNING! lzdhtml\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\urlmon.dll" [** WMI GetObject error **]

INFECTION WARNING! text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]

INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [** WMI GetObject error **]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" [** WMI GetObject error **]

AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" [** WMI GetObject error **]

IMMenuShellExt\(Default) = "{F8984111-38B6-11D5-8725-0050DA2761C4}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\IncrediMail\bin\IMShExt.dll" [** WMI GetObject error **]

Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [** WMI GetObject error **]

Open With\(Default) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]

Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]

TheCleaner\(Default) = "{2DE506B9-4320-11d3-8E42-002035221EDA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" [** WMI GetObject error **]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" [** WMI GetObject error **]

EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [** WMI GetObject error **]

Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"

  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\cscui.dll" [** WMI GetObject error **]

Sharing\(Default) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"

  -> {CLSID}\InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **]

TheCleaner\(Default) = "{2DE506B9-4320-11D3-8E42-002035221EDA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" [** WMI GetObject error **]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zipn.dll" [** WMI GetObject error **]

AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AVPersonal\AVShlExt.DLL" [** WMI GetObject error **]

TheCleaner\(Default) = "{2DE506B9-4320-11D3-8E42-002035221EDA}"

  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" [** WMI GetObject error **]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop is disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp"

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [** WMI GetObject error **]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [** WMI GetObject error **]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [** WMI GetObject error **]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [** WMI GetObject error **], 01 - 03, 06 - 21

%SystemRoot%\system32\rsvpsp.dll [** WMI GetObject error **], 04 - 05

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

 

Missing lines (compared with English-language version):

[strings]: 2 lines

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

INFECTION WARNING! The running services cannot be counted.

Presence of a spyware service is suspected.

The script has been forced to exit.

 

 

 

----------

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

  use the -supp parameter or answer "No" at the first message box.

---------- (total run time: 623 seconds, including 5 seconds for message boxes)

 

Je le découvre en même temps que vous...

 

Je lis avant de commenter, mais n'hésitez pas si vous y voyez des choses anormales...

xapate Junior Member

xapate

Posté(e)
  • Auteur
Posté(e)

Voila maintenant que j'ai autorite nt/system qui m'initie des arrèts...

 

Cette saleté de virus PoeBot reviens sans cesse, malgré divers scans avec antivir en mode sse et la MàJ de windaube complète...

 

Ca va se finir par un formatage en règle tout ça!!!

 

J'ai passé anti blaster et anti sasser sans succès au cas ou (rapport à autorite nt/system)

 

HELP!!!!! :P:P:-P

sebdraluorg Godlike Member

sebdraluorg

Posté(e)
Posté(e)

Salut,

 

Peux tu nous faire parvenir une tasklist (liste des processus en cours)

 

En attendant lorsque tu as un arret systeme, tu peux toujours aller dans menu demarrer\executer et tu tape : ShutDown -a ce qui aura pour consequence d'annuler l'arret systeme.

 

Sinon normalement il doit te donner le nom du processus incrimine svchost ou lsass ou ...

 

@+

xapate Junior Member

xapate

Posté(e)
  • Auteur
Posté(e)

OK allons y pour une tasklist :

 

vNom de l'image              PID  Nom de la sessio Numéro d Utilisation

========================= ====== ================ ======== ============

System Idle Process            0 Console                0        20 Ko

System                        4 Console                0      220 Ko

smss.exe                    668 Console                0      344 Ko

csrss.exe                    716 Console                0    3 308 Ko

winlogon.exe                740 Console                0    4 012 Ko

services.exe                784 Console                0    3 024 Ko

lsass.exe                    796 Console                0    1 396 Ko

svchost.exe                  976 Console                0    3 160 Ko

svchost.exe                1120 Console                0    19 360 Ko

svchost.exe                1176 Console                0    6 732 Ko

spoolsv.exe                1316 Console                0    3 852 Ko

explorer.exe                1492 Console                0    17 188 Ko

NvMixerTray.exe            1912 Console                0    4 260 Ko

rundll32.exe                1976 Console                0    1 896 Ko

zlclient.exe                1984 Console                0    3 152 Ko

MsgPlus.exe                1992 Console                0    2 984 Ko

LogiTray.exe                2004 Console                0    7 360 Ko

AVGNT.EXE                  2012 Console                0    3 144 Ko

ctfmon.exe                  2020 Console                0    2 700 Ko

LVCOMSX.EXE                  184 Console                0    4 480 Ko

FxSvr2.exe                  276 Console                0    4 580 Ko

alg.exe                      472 Console                0    3 732 Ko

AVGUARD.EXE                  488 Console                0    14 228 Ko

AVWUPSRV.EXE                504 Console                0    1 376 Ko

CachemanXP.exe              524 Console                0      532 Ko

ewidoctrl.exe                568 Console                0    1 928 Ko

winjava.exe                  604 Console                0    4 300 Ko

nvsvc32.exe                1008 Console                0    2 140 Ko

locator.exe                1068 Console                0    1 420 Ko

svchost.exe                1092 Console                0    2 976 Ko

vsmon.exe                  1376 Console                0    5 560 Ko

msnmsgr.exe                3884 Console                0    26 936 Ko

firefox.exe                3068 Console                0    29 980 Ko

cmd.exe                    1844 Console                0    1 488 Ko

tasklist.exe                2844 Console                0    3 492 Ko

wmiprvse.exe                3056 Console                0    4 640 Ko

 

Une petite tasklist /svc au passage;)

 

Nom de l'image              PID  Services

========================= ====== =============================================

System Idle Process            0 N/D

System                        4 N/D

smss.exe                    668 N/D

csrss.exe                    716 N/D

winlogon.exe                740 N/D

services.exe                784 Eventlog, PlugPlay

lsass.exe                    796 ProtectedStorage, SamSs

svchost.exe                  976 RpcSs

svchost.exe                1120 AudioSrv, BITS, Browser, CryptSvc, dmserver,

                                EventSystem, FastUserSwitchingCompatibility,

                                helpsvc, lanmanserver, lanmanworkstation,

                                Netman, Nla, RasMan, Schedule, SENS,

                                SharedAccess, ShellHWDetection, srservice,

                                TapiSrv, TermService, Themes, TrkWks,

                                W32Time, winmgmt, wuauserv

svchost.exe                1176 LmHosts, RemoteRegistry, SSDPSRV, upnphost

spoolsv.exe                1316 Spooler

explorer.exe                1492 N/D

NvMixerTray.exe            1912 N/D

rundll32.exe                1976 N/D

zlclient.exe                1984 N/D

MsgPlus.exe                1992 N/D

LogiTray.exe                2004 N/D

AVGNT.EXE                  2012 N/D

ctfmon.exe                  2020 N/D

LVCOMSX.EXE                  184 N/D

FxSvr2.exe                  276 N/D

alg.exe                      472 ALG

AVGUARD.EXE                  488 AntiVirService

AVWUPSRV.EXE                504 AVWUpSrv

CachemanXP.exe              524 CachemanXPService

ewidoctrl.exe                568 ewido security suite control

winjava.exe                  604 Java

nvsvc32.exe                1008 NVSvc

locator.exe                1068 RpcLocator

svchost.exe                1092 stisvc

vsmon.exe                  1376 vsmon

msnmsgr.exe                3884 N/D

firefox.exe                3068 N/D

cmd.exe                    1844 N/D

notepad.exe                3220 N/D

tasklist.exe                3036 N/D

wmiprvse.exe                2172 N/D

 

Je sais vraiment plus quoi faire...

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...