Rapport H.This à analyser après nettoyage sous mode sans échec

[Juli3tte]

Bonsoir à tous .

 

Voilà j'ai effectuer les 4phases de nettoyage en mode sans échec pour éliminer un max de malwares etc . . . Il faut maintenant que quelqu'un m'analyse mon rapport hijack this que je viens d'effectuer svp !

Merci bcp d'avance { Je précise je suis sous windows 2000 professional avec Mozilla Firefox }

 

Logfile of HijackThis v1.99.1

Scan saved at 21:33:43, on 14/06/2006

Platform: Windows 2000 SP3 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\WINNT\system32\stisvc.exe

C:\WINNT\system32\SUSS.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\Program Files\Network Associates\VirusScan\VsStat.exe

C:\Program Files\Network Associates\VirusScan\Vshwin32.exe

C:\Program Files\Network Associates\VirusScan\Avconsol.exe

C:\WINNT\Explorer.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Hijack This\HijackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://e-toile.edf.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par EDF Gaz de France

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O14 - IERESET.INF: START_PAGE_URL=http://e-toile.edf.fr

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ldf.edfgdf.fr

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ldf.edfgdf.fr,edfgdf.fr,edf.fr,gdf.fr

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe

O23 - Service: Agent TAP (TAP) - EDF-GDF - C:\PROGRAM FILES\TAP\tap2000.exe

[bruce lee]

bonjour,

 

ce rapport est propre, y a t'il un probleme en particulier ou etait ce pour une verification?

Modifié le 15 juin 2006 par bruce lee

[Juli3tte]

bonjour,

 

ce rapport est propre, y a t'il un probleme en particulier ou etait ce pour une verification?

 

 

C'était pour une vérification mais aussi parce que je n'arrive pas a éradiquer command service et voilà ^^ ! De plus étant sous P2P y a pas longtemps je voulais tout nettoyer et tout supprimer ^^ ! Voilà

 

Merci en tout cas et bonne fin de soirée

[bruce lee]

re,

C'était pour une vérification mais aussi parce que je n'arrive pas a éradiquer command service et voilà ^^ !

 

c'est bien un service? Si oui bizard qu'on ne le vois pas dans le log....

 

Si tu veux pousser les recherches:

 

1/telecharge silent runners http://www.silentrunners.org/Silent%20Runners.vbs

 

2/déconnecte toi du net et ferme toutes les applications en cours.

 

3/lance silent runners laisse le travailler quand il aura finit de scanner tu en sauras averti par un message et un nouveau fichier texte sera crée ouvre ce fichier texte et colle la totalité du rapport.

[Juli3tte]

D'accord merci beaucoup mais quand je vais sur le lien donnée c'est une page plein de code ! Je le telecharge où alors :s ? Ou est ce que je dois laisser faire la page tout seul o_O ?

 

Merci d'avance

[bruce lee]

bonjour,

 

tu fais cliques droit sur le lien et tu choisis "enregistrer la cible sous" et ensuite tu suis ce que j'ai marqué

 

@+ et bon courage

Modifié le 18 juin 2006 par bruce lee

[Juli3tte]

Bonsoir,

 

Voici le rapport demandé et désolé pour le retard :S ! Par contre je n'ai pas été avertie par un message mais il y a eu un nouveau fichier texte crée dans mes documents par silent runners . . . Je ne sais si c'est le vrai rapport mais je le poste quand même !

Merci d'avance :

 

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/

Operating System: Windows 2000

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"Synchronization Manager" = "mobsync.exe /logon" [** WMI GetObject error **]

"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" [** WMI GetObject error **]

 

HKLM\Software\Microsoft\Active Setup\Installed Components\

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = "Lecteur Windows Media"

\StubPath = "C:\WINNT\inf\unregmp2.exe /ShowWMP" [** WMI GetObject error **]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" [** WMI GetObject error **]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{00022613-0000-0000-C000-000000000046}" = "Feuille de propriétés du fichier multimédia"

-> {HKLM...CLSID} = "Feuille de propriétés du fichier multimédia"

\InProcServer32\(Default) = "mmsys.cpl" [** WMI GetObject error **]

"{176d6597-26d3-11d1-b350-080036a75b03}" = "Gestion de scanneur ICM"

-> {HKLM...CLSID} = "Gestion de scanneur ICM"

\InProcServer32\(Default) = "icmui.dll" [** WMI GetObject error **]

"{1F2E5C40-9550-11CE-99D2-00AA006E086C}" = "Page de sécurité NTFS"

-> {HKLM...CLSID} = "Extension noyau de sécurité"

\InProcServer32\(Default) = "rshx32.dll" [** WMI GetObject error **]

"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}" = "Page des propriétés de OLE DocFile"

-> {HKLM...CLSID} = "Page des propriétés de OLE DocFile"

\InProcServer32\(Default) = "docprop.dll" [** WMI GetObject error **]

"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}" = "Extensions de l'interpréteur de commandes pour le partage"

-> {HKLM...CLSID} = "Extensions de l'interpréteur de commandes pour le partage"

\InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **]

"{41E300E0-78B6-11ce-849B-444553540000}" = "Extension du Panneau de configuration PlusPack"

-> {HKLM...CLSID} = "Extension du Panneau de configuration PlusPack"

\InProcServer32\(Default) = "plustab.dll" [** WMI GetObject error **]

"{42071712-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Carte du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Carte du Panneau de configuration"

\InProcServer32\(Default) = "deskadp.dll" [** WMI GetObject error **]

"{42071713-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Écran du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Écran du Panneau de configuration"

\InProcServer32\(Default) = "deskmon.dll" [** WMI GetObject error **]

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"

-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{4E40F770-369C-11d0-8922-00A024AB2DBB}" = "Page de sécurité DS"

-> {HKLM...CLSID} = "Extension noyau de sécurité"

\InProcServer32\(Default) = "dssec.dll" [** WMI GetObject error **]

"{56117100-C0CD-101B-81E2-00AA004AE837}" = "Gestionnaire de données endommagées de l'interpréteur de commandes"

-> {HKLM...CLSID} = "Gestionnaire de données endommagées de l'interpréteur de commandes"

\InProcServer32\(Default) = "shscrap.dll" [** WMI GetObject error **]

"{59099400-57FF-11CE-BD94-0020AF85B590}" = "Extension copie de disquette"

-> {HKLM...CLSID} = "Extension copie de disquette"

\InProcServer32\(Default) = "diskcopy.dll" [** WMI GetObject error **]

"{59be4990-f85c-11ce-aff7-00aa003ca9f6}" = "Extensions de l'interpréteur de commandes pour les objets Microsoft Windows Network"

-> {HKLM...CLSID} = "Extensions de l'interpréteur de commandes pour les objets Microsoft Windows Network"

\InProcServer32\(Default) = "ntlanui2.dll" [** WMI GetObject error **]

"{5DB2625A-54DF-11D0-B6C4-0800091AA605}" = "Gestion d'écran ICM"

-> {HKLM...CLSID} = "Gestion d'écran ICM"

\InProcServer32\(Default) = "C:\WINNT\System32\icmui.dll" [** WMI GetObject error **]

"{675F097E-4C4D-11D0-B6C1-0800091AA605}" = "Gestion d'imprimante ICM"

-> {HKLM...CLSID} = "Gestion d'imprimante ICM"

\InProcServer32\(Default) = "C:\WINNT\system32\icmui.dll" [** WMI GetObject error **]

"{77597368-7b15-11d0-a0c2-080036af3f03}" = "Extension du shell d'imprimante Web"

-> {HKLM...CLSID} = "Extension de l'environnement d'impression Web"

\InProcServer32\(Default) = "printui.dll" [** WMI GetObject error **]

"{7988B573-EC89-11cf-9C00-00AA00A14F56}" = "Disk Quota UI"

-> {HKLM...CLSID} = "Microsoft Disk Quota UI"

\InProcServer32\(Default) = "dskquoui.dll" [** WMI GetObject error **]

"{85BBD920-42A0-1069-A2E4-08002B30309D}" = "Porte-documents"

-> {HKLM...CLSID} = "Porte-documents"

\InProcServer32\(Default) = "syncui.dll" [** WMI GetObject error **]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" [** WMI GetObject error **]

"{BD84B380-8CA2-1069-AB1D-08000948F534}" = "Fonts"

-> {HKLM...CLSID} = "Fonts"

\InProcServer32\(Default) = "fontext.dll" [** WMI GetObject error **]

"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}" = "Profil ICC"

-> {HKLM...CLSID} = "Profil ICC"

\InProcServer32\(Default) = "C:\WINNT\system32\icmui.dll" [** WMI GetObject error **]

"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}" = "Page de sécurité des imprimantes"

-> {HKLM...CLSID} = "Extension noyau de sécurité"

\InProcServer32\(Default) = "rshx32.dll" [** WMI GetObject error **]

"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}" = "Extensions de l'interpréteur de commandes pour le partage"

-> {HKLM...CLSID} = "Extensions de l'interpréteur de commandes pour le partage"

\InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **]

"{f92e8c40-3d33-11d2-b1aa-080036a75b03}" = "Display TroubleShoot CPL Extension"

-> {HKLM...CLSID} = "Display TroubleShoot CPL Extension"

\InProcServer32\(Default) = "deskperf.dll" [** WMI GetObject error **]

"{60254CA5-953B-11CF-8C96-00AA00B8708C}" = "Extension de l'interpréteur de commande pour Windows Script Host"

-> {HKLM...CLSID} = "Shell Extension For Windows Script Host"

\InProcServer32\(Default) = "C:\WINNT\System32\wshext.dll" [** WMI GetObject error **]

"{7444C717-39BF-11D1-8CD9-00C04FC29D45}" = "Extension de cryptographie PKO"

-> {HKLM...CLSID} = "CryptPKO Class"

\InProcServer32\(Default) = "C:\WINNT\system32\cryptext.dll" [** WMI GetObject error **]

"{7444C719-39BF-11D1-8CD9-00C04FC29D45}" = "Extension de cryptographie Sign"

-> {HKLM...CLSID} = "CryptSig Class"

\InProcServer32\(Default) = "C:\WINNT\system32\cryptext.dll" [** WMI GetObject error **]

"{7007ACC7-3202-11D1-AAD2-00805FC1270E}" = "Connexions réseau et accès à distance"

-> {HKLM...CLSID} = "Connexions réseau et accès à distance"

\InProcServer32\(Default) = "C:\WINNT\system32\NETSHELL.dll" [** WMI GetObject error **]

"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Icon Handler"

-> {HKLM...CLSID} = "Scheduling UI icon handler"

\InProcServer32\(Default) = "C:\WINNT\System32\mstask.dll" [** WMI GetObject error **]

"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}" = "Tasks Folder Shell Extension"

-> {HKLM...CLSID} = "Scheduling UI property sheet handler"

\InProcServer32\(Default) = "C:\WINNT\System32\mstask.dll" [** WMI GetObject error **]

"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}" = "Tâches planifiées"

-> {HKLM...CLSID} = "Tâches planifiées"

\InProcServer32\(Default) = "C:\WINNT\System32\mstask.dll" [** WMI GetObject error **]

"{1A9BA3A0-143A-11CF-8350-444553540000}" = "Dossier favori du shell"

-> {HKLM...CLSID} = "Dossier favori du shell"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{20D04FE0-3AEA-1069-A2D8-08002B30309D}" = "Poste de travail"

-> {HKLM...CLSID} = "Poste de travail"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{86747AC0-42A0-1069-A2E6-08002B30309D}" = "Porte-documents"

-> {HKLM...CLSID} = "Porte-documents"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{0AFACED1-E828-11D1-9187-B532F1E9575D}" = "Raccourci vers le dossier"

-> {HKLM...CLSID} = "Raccourci vers le dossier"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{12518493-00B2-11d2-9FA5-9E3420524153}" = "Volume monté"

-> {HKLM...CLSID} = "Volume monté"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{21B22460-3AEA-1069-A2DC-08002B30309D}" = "Extension de la page de propriétés des fichiers"

-> {HKLM...CLSID} = "Extension de la page de propriétés des fichiers"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{B091E540-83E3-11CF-A713-0020AFD79762}" = "Page des types de fichiers"

-> {HKLM...CLSID} = "Page des types de fichiers"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{FBF23B41-E3F0-101B-8488-00AA003E56F8}" = "Gestionnaire des types de fichiers MIME"

-> {HKLM...CLSID} = "Gestionnaire des types de fichiers MIME"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{C2FBB630-2971-11d1-A18C-00C04FD75D13}" = "Service Copier vers Microsoft"

-> {HKLM...CLSID} = "Service Copier vers Microsoft"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{C2FBB631-2971-11d1-A18C-00C04FD75D13}" = "Service Déplacer vers Microsoft"

-> {HKLM...CLSID} = "Service Déplacer vers Microsoft"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{13709620-C279-11CE-A49E-444553540000}" = "Service d'automatisation de l'interface"

-> {HKLM...CLSID} = "Service d'automatisation de l'interface"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}" = "Shell Automation Folder View"

-> {HKLM...CLSID} = "Shell Automation Folder View"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{4622AD11-FF23-11d0-8D34-00A0C90F2719}" = "Menu Démarrer"

-> {HKLM...CLSID} = "Menu Démarrer"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{7BA4C740-9E81-11CF-99D3-00AA004AE837}" = "Service SendTo Microsoft"

-> {HKLM...CLSID} = "Service SendTo Microsoft"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{D969A300-E7FF-11d0-A93B-00A0C90F2719}" = "Service Nouvel objet Microsoft"

-> {HKLM...CLSID} = "Service Nouvel objet Microsoft"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{09799AFB-AD67-11d1-ABCD-00C04FC30936}" = "Ouvrir avec le gestionnaire de menu contextuel"

-> {HKLM...CLSID} = "Ouvrir avec le gestionnaire de menu contextuel"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{3FC0B520-68A9-11D0-8D77-00C04FD70822}" = "Afficher les extensions HTML du Panneau de configuration"

-> {HKLM...CLSID} = "Afficher les extensions HTML du Panneau de configuration"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{75048700-EF1F-11D0-9888-006097DEACF9}" = "ActiveDesktop"

-> {HKLM...CLSID} = "ActiveDesktop"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}" = "Extension de la page de propriétés des options des dossiers"

-> {HKLM...CLSID} = "Extension de la page de propriétés des options des dossiers"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{57651662-CE3E-11D0-8D77-00C04FC99D61}" = "CmdFileIcon"

-> {HKLM...CLSID} = "CmdFileIcon"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{4657278A-411B-11d2-839A-00C04FD918D0}" = "Application d'aide du système pour le glisser-déplacer"

-> {HKLM...CLSID} = "Application d'aide du système pour le glisser-déplacer"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{A470F8CF-A1E8-4f65-8335-227475AA5C46}" = "Ajouter l'élément de cryptage dans les menus contextuels de l'Explorateur"

-> {HKLM...CLSID} = "Ajouter l'élément de cryptage dans les menus contextuels de l'Explorateur"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

"{5E6AB780-7743-11CF-A12B-00AA004AE837}" = "Barre d'outils Internet Microsoft"

-> {HKLM...CLSID} = "Barre d'outils Internet Microsoft"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{22BF0C20-6DA7-11D0-B373-00A0C9034938}" = "État du téléchargement"

-> {HKLM...CLSID} = "État du téléchargement"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{568804CA-CBD7-11d0-9816-00C04FD91972}" = "Menu Dossier Bureau"

-> {HKLM...CLSID} = "Menu Dossier Bureau"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{5b4dae26-b807-11d0-9815-00c04fd91972}" = "Bande de menus"

-> {HKLM...CLSID} = "Bande de menus"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{8278F931-2A3E-11d2-838F-00C04FD918D0}" = "Suivi du menu Shell"

-> {HKLM...CLSID} = "Suivi du menu Shell"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}" = "Menu Site"

-> {HKLM...CLSID} = "Menu Site"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}" = "Menu Barre du Bureau"

-> {HKLM...CLSID} = "Menu Barre du Bureau"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{91EA3F8B-C99B-11d0-9815-00C04FD91972}" = "Dossier Bureau étendu"

-> {HKLM...CLSID} = "Dossier Bureau étendu"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{6413BA2C-B461-11d1-A18A-080036B11A03}" = "Dossier du shell augmenté"

-> {HKLM...CLSID} = "Dossier du shell augmenté"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{F61FFEC1-754F-11d0-80CA-00AA005B4383}" = "BandProxy"

-> {HKLM...CLSID} = "BandProxy"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}" = "IShellFolderBand"

-> {HKLM...CLSID} = "IShellFolderBand"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{7BA4C742-9E81-11CF-99D3-00AA004AE837}" = "Bande du navigateur Microsoft"

-> {HKLM...CLSID} = "Bande du navigateur Microsoft"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{30D02401-6A81-11d0-8274-00C04FD5AE38}" = "Bande de recherche"

-> {HKLM...CLSID} = "Bande de recherche"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" = "Volet intégré de recherche"

-> {HKLM...CLSID} = "Volet intégré de recherche"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{07798131-AF23-11d1-9111-00A0C98BA67D}" = "Recherche Web"

-> {HKLM...CLSID} = "Recherche Web"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{0E5CBF21-D15F-11d0-8301-00AA005B4383}" = "&Liens"

-> {HKLM...CLSID} = "&Liens"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{AF4F6510-F982-11d0-8595-00AA004CD6D8}" = "Utilitaire des options de l'arborescence du Registre"

-> {HKLM...CLSID} = "Utilitaire des options de l'arborescence du Registre"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{01E04581-4EEE-11d0-BFE9-00AA005B4383}" = "&Adresse"

-> {HKLM...CLSID} = "&Adresse"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{A08C11D2-A228-11d0-825B-00AA005B4383}" = "Boîte d'entrée de l'adresse"

-> {HKLM...CLSID} = "Boîte d'entrée de l'adresse"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{00BB2763-6A77-11D0-A535-00C04FD7D062}" = "Saisie semi-automatique Microsoft"

-> {HKLM...CLSID} = "Saisie semi-automatique Microsoft"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{7487cd30-f71a-11d0-9ea7-00805f714772}" = "Image miniature"

-> {HKLM...CLSID} = "Image miniature"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{7376D660-C583-11d0-A3A5-00C04FD706EC}" = "TridentImageExtractor"

-> {HKLM...CLSID} = "TridentImageExtractor"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{6756A641-DE71-11d0-831B-00AA005B4383}" = "Liste de saisie semi-automatique MRU"

-> {HKLM...CLSID} = "Liste de saisie semi-automatique MRU"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{00BB2764-6A77-11D0-A535-00C04FD7D062}" = "Liste de saisie semi-automatique de l'historique Microsoft"

-> {HKLM...CLSID} = "Liste de saisie semi-automatique de l'historique Microsoft"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{03C036F1-A186-11D0-824A-00AA005B4383}" = "Liste de saisie semi-automatique du dossier Shell Microsoft"

-> {HKLM...CLSID} = "Liste de saisie semi-automatique du dossier Shell Microsoft"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{00BB2765-6A77-11D0-A535-00C04FD7D062}" = "Conteneur de la liste de saisie semi-automatique multiple Microsoft"

-> {HKLM...CLSID} = "Conteneur de la liste de saisie semi-automatique multiple Microsoft"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" = "Menu Site de bandes"

-> {HKLM...CLSID} = "Menu Site de bandes"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" = "Shell DeskBarApp"

-> {HKLM...CLSID} = "Shell DeskBarApp"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" = "Barre du Bureau"

-> {HKLM...CLSID} = "Barre du Bureau"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" = "Shell Rebar BandSite"

-> {HKLM...CLSID} = "Shell Rebar BandSite"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" = "Assistance utilisateur"

-> {HKLM...CLSID} = "Assistance utilisateur"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" = "Paramètres du dossier global"

-> {HKLM...CLSID} = "Paramètres du dossier global"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" = "Favorites Band"

-> {HKLM...CLSID} = "Favorites Band"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{0A89A860-D7B1-11CE-8350-444553540000}" = "Shell Automation Inproc Service"

-> {HKLM...CLSID} = "Shell Automation Inproc Service"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" = "Shell DocObject Viewer"

-> {HKLM...CLSID} = "Shell DocObject Viewer"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}" = "InternetShortcut"

-> {HKLM...CLSID} = "Raccourci Internet"

\InProcServer32\(Default) = "shdocvw.dll" [** WMI GetObject error **]

"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" = "Microsoft Url History Service"

-> {HKLM...CLSID} = "Microsoft Url History Service"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{FF393560-C2A7-11CF-BFF4-444553540000}" = "Historique"

-> {HKLM...CLSID} = "Historique"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"

-> {HKLM...CLSID} = "Temporary Internet Files"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" = "Microsoft Url Search Hook"

-> {HKLM...CLSID} = "Microsoft Url Search Hook"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" = "Image de démarrage de la Suite IE4"

-> {HKLM...CLSID} = "Image de démarrage de la Suite IE4"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" = "CDF Extension Copy Hook"

-> {HKLM...CLSID} = "CDF Extension Copy Hook"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{131A6951-7F78-11D0-A979-00C04FD705A2}" = "ISFBand OC"

-> {HKLM...CLSID} = "ISFBand OC"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{9461b922-3c5a-11d2-bf8b-00c04fb93661}" = "Search Assistant OC"

-> {HKLM...CLSID} = "Search Assistant OC"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "Internet"

-> {HKLM...CLSID} = "Internet"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{871C5380-42A0-1069-A2EA-08002B30309D}" = "Internet Name Space"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINNT\System32\sendmail.dll" [** WMI GetObject error **]

"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}" = "Sendmail service"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINNT\System32\sendmail.dll" [** WMI GetObject error **]

"{88C6C381-2E85-11D0-94DE-444553540000}" = "Dossier ActiveX Cache"

-> {HKLM...CLSID} = "Dossier ActiveX Cache"

\InProcServer32\(Default) = "C:\WINNT\System32\occache.dll" [** WMI GetObject error **]

"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" = "WebCheck"

-> {HKLM...CLSID} = "WebCheck"

\InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **]

"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" = "Subscription Mgr"

-> {HKLM...CLSID} = "Subscription Mgr"

\InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **]

"{F5175861-2688-11d0-9C5E-00AA00A45957}" = "Dossier Inscription"

-> {HKLM...CLSID} = "Dossier Inscription"

\InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **]

"{08165EA0-E946-11CF-9C87-00AA005127ED}" = "WebCheckWebCrawler"

-> {HKLM...CLSID} = "WebCheckWebCrawler"

\InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **]

"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" = "WebCheckChannelAgent"

-> {HKLM...CLSID} = "WebCheckChannelAgent"

\InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **]

"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" = "TrayAgent"

-> {HKLM...CLSID} = "TrayAgent"

\InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **]

"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" = "Code Download Agent"

-> {HKLM...CLSID} = "Code Download Agent"

\InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **]

"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" = "ConnectionAgent"

-> {HKLM...CLSID} = "ConnectionAgent"

\InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **]

"{D8BD2030-6FC9-11D0-864F-00AA006809D9}" = "PostAgent"

-> {HKLM...CLSID} = "PostAgent"

\InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **]

"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" = "WebCheck SyncMgr Handler"

-> {HKLM...CLSID} = "WebCheck SyncMgr Handler"

\InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **]

"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}" = "Miniatures"

-> {HKLM...CLSID} = "Miniatures"

\InProcServer32\(Default) = "C:\WINNT\System32\thumbvw.dll" [** WMI GetObject error **]

"{EAB841A0-9550-11CF-8C16-00805F1408F3}" = "Extracteur de miniatures HTML"

-> {HKLM...CLSID} = "Extracteur de miniatures HTML"

\InProcServer32\(Default) = "C:\WINNT\System32\thumbvw.dll" [** WMI GetObject error **]

"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}" = "Extracteur de miniatures des filtres graphiques Office"

-> {HKLM...CLSID} = "Extracteur de miniatures des filtres graphiques Office"

\InProcServer32\(Default) = "C:\WINNT\System32\thumbvw.dll" [** WMI GetObject error **]

"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}" = "Summary Info Thumbnail handler (DOCFILES)"

-> {HKLM...CLSID} = "Summary Info Thumbnail handler (DOCFILES)"

\InProcServer32\(Default) = "C:\WINNT\System32\thumbvw.dll" [** WMI GetObject error **]

"{500202A0-731E-11D0-B829-00C04FD706EC}" = "LNK file thumbnail interface delegator"

-> {HKLM...CLSID} = "LNK file thumbnail interface delegator"

\InProcServer32\(Default) = "C:\WINNT\System32\thumbvw.dll" [** WMI GetObject error **]

"{352EC2B7-8B9A-11D1-B8AE-006008059382}" = "Gestionnaire d'application du shell"

-> {HKLM...CLSID} = "%DESC_AppMgr%"

\InProcServer32\(Default) = "C:\WINNT\System32\appwiz.cpl" [** WMI GetObject error **]

"{0B124F8C-91F0-11D1-B8B5-006008059382}" = "Énumérateur d'applications installées"

-> {HKLM...CLSID} = "Énumérateur d'applications installées"

\InProcServer32\(Default) = "C:\WINNT\System32\appwiz.cpl" [** WMI GetObject error **]

"{CFCCC7A0-A282-11D1-9082-006008059382}" = "Darwin App Publisher"

-> {HKLM...CLSID} = "Darwin App Publisher"

\InProcServer32\(Default) = "C:\WINNT\System32\appwiz.cpl" [** WMI GetObject error **]

"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}" = "Directory Namespace"

-> {HKLM...CLSID} = "Active Directory"

\InProcServer32\(Default) = "dsfolder.dll" [** WMI GetObject error **]

"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}" = "Shell properties for a DS object"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "dsfolder.dll" [** WMI GetObject error **]

"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}" = "Directory Query UI"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "dsquery.dll" [** WMI GetObject error **]

"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}" = "Directory Object Find"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "dsquery.dll" [** WMI GetObject error **]

"{F020E586-5264-11d1-A532-0000F8757D7E}" = "Directory Start/Search Find"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "dsquery.dll" [** WMI GetObject error **]

"{0D45D530-764B-11d0-A1CA-00AA00C16E65}" = "Directory Property UI"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "dsuiext.dll" [** WMI GetObject error **]

"{62AE1F9A-126A-11D0-A14B-0800361B1103}" = "Directory Context Menu Verbs"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "dsuiext.dll" [** WMI GetObject error **]

"{450D8FBA-AD25-11D0-98A8-0800361B1103}" = "MyDocs Folder"

-> {HKLM...CLSID} = "Mes documents"

\InProcServer32\(Default) = "mydocs.dll" [** WMI GetObject error **]

"{ECF03A33-103D-11d2-854D-006008059367}" = "MyDocs Copy Hook"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "mydocs.dll" [** WMI GetObject error **]

"{ECF03A32-103D-11d2-854D-006008059367}" = "MyDocs Drop Target"

-> {HKLM...CLSID} = "MyDocs Drop Target"

\InProcServer32\(Default) = "mydocs.dll" [** WMI GetObject error **]

"{4a7ded0a-ad25-11d0-98a8-0800361b1103}" = "MyDocs Properties"

-> {HKLM...CLSID} = "MyDocs menu and properties"

\InProcServer32\(Default) = "mydocs.dll" [** WMI GetObject error **]

"{750fdf0e-2a26-11d1-a3ea-080036587f03}" = "Menu Fichiers hors connexion"

-> {HKLM...CLSID} = "Menu Fichiers hors connexion"

\InProcServer32\(Default) = "cscui.dll" [** WMI GetObject error **]

"{10CFC467-4392-11d2-8DB4-00C04FA31A66}" = "Options du dossier Fichiers hors connexion"

-> {HKLM...CLSID} = "Options du dossier Fichiers hors connexion"

\InProcServer32\(Default) = "cscui.dll" [** WMI GetObject error **]

"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}" = "Dossier Fichiers hors connexion"

-> {HKLM...CLSID} = "Dossier Fichiers hors connexion"

\InProcServer32\(Default) = "cscui.dll" [** WMI GetObject error **]

"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}" = "MMC Icon Handler"

-> {HKLM...CLSID} = "ExtractIcon Class"

\InProcServer32\(Default) = "mmcshext.dll" [** WMI GetObject error **]

"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}" = ".CAB file viewer"

-> {HKLM...CLSID} = "Fichier CAB"

\InProcServer32\(Default) = "cabview.dll" [** WMI GetObject error **]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\Progra~1\WinZip\WZSHLSTB.DLL" [** WMI GetObject error **]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\Progra~1\WinZip\WZSHLSTB.DLL" [** WMI GetObject error **]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\Progra~1\WinZip\WZSHLSTB.DLL" [** WMI GetObject error **]

"{32683183-48a0-441b-a342-7c2a440a9478}" = "Media Band"

-> {HKLM...CLSID} = "Media Band"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" = "Liste de saisie semi-automatique personnalisée MRU"

-> {HKLM...CLSID} = "Liste de saisie semi-automatique personnalisée MRU"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{7e653215-fa25-46bd-a339-34a2790f3cb7}" = "Accessible"

-> {HKLM...CLSID} = "Accessible"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{acf35015-526e-4230-9596-becbe19f0ac9}" = "Barre de progrès auto-ouvrante"

-> {HKLM...CLSID} = "Barre de progrès auto-ouvrante"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}" = "Analyseur de la barre d'adresses"

-> {HKLM...CLSID} = "Analyseur de la barre d'adresses"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" = "Microsoft Browser Architecture"

-> {HKLM...CLSID} = "Microsoft Browser Architecture"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" = "Temporary Internet Files"

-> {HKLM...CLSID} = "Temporary Internet Files"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" = "Explorer Band"

-> {HKLM...CLSID} = "Explorer Band"

\InProcServer32\(Default) = "C:\WINNT\System32\shdocvw.dll" [** WMI GetObject error **]

"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}" = "Fichier de chaîne"

-> {HKLM...CLSID} = "Channel"

\InProcServer32\(Default) = "C:\WINNT\System32\cdfview.dll" [** WMI GetObject error **]

"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}" = "Raccourci de chaîne"

-> {HKLM...CLSID} = "Raccourci de chaîne"

\InProcServer32\(Default) = "C:\WINNT\System32\cdfview.dll" [** WMI GetObject error **]

"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}" = "Channel Handler Object"

-> {HKLM...CLSID} = "Channel Handler Object"

\InProcServer32\(Default) = "C:\WINNT\System32\cdfview.dll" [** WMI GetObject error **]

"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}" = "Channel Menu"

-> {HKLM...CLSID} = "Channel Menu Handler Object"

\InProcServer32\(Default) = "C:\WINNT\System32\cdfview.dll" [** WMI GetObject error **]

"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}" = "Channel Properties"

-> {HKLM...CLSID} = "Channel Shortcut Property Pages"

\InProcServer32\(Default) = "C:\WINNT\System32\cdfview.dll" [** WMI GetObject error **]

"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" = "Auto Update Property Sheet Extension"

-> {HKLM...CLSID} = "Auto Update Property Sheet Extension"

\InProcServer32\(Default) = "C:\WINNT\System32\wuaueng.dll" [** WMI GetObject error **]

"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"

-> {HKLM...CLSID} = "a² Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [** WMI GetObject error **]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

INFECTION WARNING! "{438755C2-A8BA-11D1-B96B-00A0C90312E1}" = "Pré-chargeur Browseui"

-> {HKLM...CLSID} = "Pré-chargeur Browseui"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

INFECTION WARNING! "{8C7461EF-2B13-11d2-BE35-3078302C2030}" = "Démon de cache des catégories de composant"

-> {HKLM...CLSID} = "Démon de cache des catégories de composant"

\InProcServer32\(Default) = "C:\WINNT\System32\browseui.dll" [** WMI GetObject error **]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" = (no title provided)

-> {HKLM...CLSID} = "URL Exec Hook"

\InProcServer32\(Default) = "shell32.dll" [** WMI GetObject error **]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"Network.ConnectionTray" = "{7007ACCF-3202-11D1-AAD2-00805FC1270E}"

-> {HKLM...CLSID} = "Network Connections Tray"

\InProcServer32\(Default) = "C:\WINNT\system32\NETSHELL.dll" [** WMI GetObject error **]

"WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

-> {HKLM...CLSID} = "WebCheck"

\InProcServer32\(Default) = "C:\WINNT\System32\webcheck.dll" [** WMI GetObject error **]

"SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}"

-> {HKLM...CLSID} = "SysTray"

\InProcServer32\(Default) = "stobject.dll" [** WMI GetObject error **]

 

HKLM\Software\Policies\Microsoft\Windows\System\Scripts\

"Startup" -> launches: "C:\WINNT\pdt\scripts\numlock.vbs" [** WMI GetObject error **]

 

HKLM\Software\Classes\PROTOCOLS\Filter\

INFECTION WARNING! Class Install Handler\CLSID = "{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

-> {HKLM...CLSID} = "AP Class Install Handler filter"

\InProcServer32\(Default) = "C:\WINNT\system32\urlmon.dll" [** WMI GetObject error **]

INFECTION WARNING! deflate\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"

-> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"

\InProcServer32\(Default) = "C:\WINNT\system32\urlmon.dll" [** WMI GetObject error **]

INFECTION WARNING! gzip\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"

-> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"

\InProcServer32\(Default) = "C:\WINNT\system32\urlmon.dll" [** WMI GetObject error **]

INFECTION WARNING! lzdhtml\CLSID = "{8f6b0360-b80d-11d0-a9b3-006097942311}"

-> {HKLM...CLSID} = "AP lzdhtml encoding/decoding Filter"

\InProcServer32\(Default) = "C:\WINNT\system32\urlmon.dll" [** WMI GetObject error **]

INFECTION WARNING! text/webviewhtml\CLSID = "{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

-> {HKLM...CLSID} = "Filtre MIME de l'afficheur Web"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

 

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\

{0D2E74C4-3C34-11d2-A27E-00C04FC30871}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

{24F14F01-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

{24F14F02-7B1C-11d1-838f-0000F80461CF}\(Default) = (no title provided)

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

{66742402-F9B9-11D1-A202-0000F81FEDEE}\(Default) = "Version Column Provider"

-> {HKLM...CLSID} = "Version Column Provider"

\InProcServer32\(Default) = "C:\WINNT\System32\docprop2.dll" [** WMI GetObject error **]

{7f9609be-af9a-11d1-83e0-00c04fb6e984}\(Default) = "Fax Tiff Data Column Provider"

-> {HKLM...CLSID} = "Fax Tiff Data Column Provider"

\InProcServer32\(Default) = "C:\WINNT\system32\faxshell.dll" [** WMI GetObject error **]

{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}\(Default) = (no title provided)

-> {HKLM...CLSID} = "ShAVColumnProvider class"

\InProcServer32\(Default) = "C:\WINNT\System32\docprop2.dll" [** WMI GetObject error **]

 

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"

-> {HKLM...CLSID} = "Menu Fichiers hors connexion"

\InProcServer32\(Default) = "cscui.dll" [** WMI GetObject error **]

Open With\(Default) = "{09799AFB-AD67-11d1-ABCD-00C04FC30936}"

-> {HKLM...CLSID} = "Ouvrir avec le gestionnaire de menu contextuel"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"

-> {HKLM...CLSID} = "Ajouter l'élément de cryptage dans les menus contextuels de l'Explorateur"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\Progra~1\WinZip\WZSHLSTB.DLL" [** WMI GetObject error **]

 

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

Offline Files\(Default) = "{750fdf0e-2a26-11d1-a3ea-080036587f03}"

-> {HKLM...CLSID} = "Menu Fichiers hors connexion"

\InProcServer32\(Default) = "cscui.dll" [** WMI GetObject error **]

Open With EncryptionMenu\(Default) = "{A470F8CF-A1E8-4f65-8335-227475AA5C46}"

-> {HKLM...CLSID} = "Ajouter l'élément de cryptage dans les menus contextuels de l'Explorateur"

\InProcServer32\(Default) = "C:\WINNT\system32\shell32.dll" [** WMI GetObject error **]

Sharing\(Default) = "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"

-> {HKLM...CLSID} = "Extensions de l'interpréteur de commandes pour le partage"

\InProcServer32\(Default) = "ntshrui.dll" [** WMI GetObject error **]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\Progra~1\WinZip\WZSHLSTB.DLL" [** WMI GetObject error **]

 

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"

-> {HKLM...CLSID} = "a² Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [** WMI GetObject error **]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\Progra~1\WinZip\WZSHLSTB.DLL" [** WMI GetObject error **]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

 

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\

"SCRNSAVE.EXE" = "C:\WINNT\system32\ssstars.scr" [** WMI GetObject error **]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [** WMI GetObject error **]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [** WMI GetObject error **]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\msafd.dll [** WMI GetObject error **], 01 - 03, 06 - 16

%SystemRoot%\system32\rsvpsp.dll [** WMI GetObject error **], 04 - 05

 

 

Miscellaneous IE Hijack Points

------------------------------

 

C:\WINNT\INF\IERESET.INF (used to "Reset Web Settings")

 

Added lines (compared with English-language version):

[strings]: START_PAGE_URL=http://e-toile.edf.fr

[strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

 

Missing lines (compared with English-language version):

[strings]: 2 lines

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Affichage des messages, Messenger, "C:\WINNT\System32\services.exe" [** WMI GetObject error **]

Agent de stratégie IPSEC, PolicyAgent, "C:\WINNT\System32\lsass.exe" [** WMI GetObject error **]

Agent TAP, TAP, "C:\PROGRAM FILES\TAP\tap2000.exe" [** WMI GetObject error **]

Appel de procédure distante (RPC), RpcSs, "C:\WINNT\system32\svchost -k rpcss" {"C:\WINNT\system32\rpcss.dll" [** WMI GetObject error **]}

AVSync Manager, AvSynMgr, ""C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe"" [** WMI GetObject error **]

Client de suivi de lien distribué, TrkWks, "C:\WINNT\system32\services.exe" [** WMI GetObject error **]

Client DHCP, Dhcp, "C:\WINNT\System32\services.exe" [** WMI GetObject error **]

Client DNS, Dnscache, "C:\WINNT\System32\services.exe" [** WMI GetObject error **]

Connexions réseau, Netman, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\netman.dll" [** WMI GetObject error **]}

Emplacement protégé, ProtectedStorage, "C:\WINNT\system32\services.exe" [** WMI GetObject error **]

Extensions du pilote WMI, Wmi, "C:\WINNT\system32\Services.exe" [** WMI GetObject error **]

Gestionnaire de comptes de sécurité, SamSs, "C:\WINNT\system32\lsass.exe" [** WMI GetObject error **]

Gestionnaire de connexions d'accès distant, RasMan, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\rasmans.dll" [** WMI GetObject error **]}

Gestionnaire de disque logique, dmserver, "C:\WINNT\System32\services.exe" [** WMI GetObject error **]

Horloge Windows, W32Time, "C:\WINNT\System32\services.exe" [** WMI GetObject error **]

Infrastructure de gestion Windows, WinMgmt, "C:\WINNT\System32\WBEM\WinMgmt.exe" [** WMI GetObject error **]

Journal des événements, Eventlog, "C:\WINNT\system32\services.exe" [** WMI GetObject error **]

McShield, McShield, ""C:\Program Files\Fichiers communs\Network Associates\McShield\Mcshield.exe"" [** WMI GetObject error **]

Moniteur infrarouge, Irmon, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\irmon.dll" [** WMI GetObject error **]}

Médias amovibles, NtmsSvc, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\NtmsSvc.dll" [** WMI GetObject error **]}

Notification d'événement système, SENS, "C:\WINNT\system32\svchost.exe -k netsvcs" {"C:\WINNT\system32\sens.dll" [** WMI GetObject error **]}

Ouverture de session réseau, Netlogon, "C:\WINNT\System32\lsass.exe" [** WMI GetObject error **]

Planificateur de tâches, Schedule, "C:\WINNT\system32\MSTask.exe" [** WMI GetObject error **]

Plug-and-Play, PlugPlay, "C:\WINNT\system32\services.exe" [** WMI GetObject error **]

Service d'accès à distance au Registre, RemoteRegistry, "C:\WINNT\system32\regsvc.exe" [** WMI GetObject error **]

Service d'application d'assistance TCP/IP NetBIOS, LmHosts, "C:\WINNT\System32\services.exe" [** WMI GetObject error **]

Service d'exécution par délégation, seclogon, "C:\WINNT\system32\services.exe" [** WMI GetObject error **]

Spouleur d'impression, Spooler, "C:\WINNT\system32\spoolsv.exe" [** WMI GetObject error **]

Station de travail, lanmanworkstation, "C:\WINNT\System32\services.exe" [** WMI GetObject error **]

Still Image Service, StiSvc, "C:\WINNT\system32\stisvc.exe" [** WMI GetObject error **]

SU Service, SU, "C:\WINNT\system32\SUSS.EXE" [** WMI GetObject error **]

Système d'événements de COM+, EventSystem, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\es.dll" [** WMI GetObject error **]}

Téléphonie, TapiSrv, "C:\WINNT\System32\svchost.exe -k netsvcs" {"C:\WINNT\System32\tapisrv.dll" [** WMI GetObject error **]}

 

 

Print Monitors:

---------------

 

HKLM\System\CurrentControlSet\Control\Print\Monitors\

BJ Language Monitor

[bruce lee]

Bonjour,

 

ce rapport n'est pas complet, refais en un s'il te plait.

 

@+