"Mes documents"s'ouvre tout seul au déma
Résolu/Fermé
<yassou>
Messages postés
589
Date d'inscription
lundi 17 décembre 2007
Statut
Membre
Dernière intervention
6 juin 2015
-
21 mai 2008 à 20:47
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 - 2 juin 2008 à 20:55
eZula Messages postés 3392 Date d'inscription samedi 26 avril 2008 Statut Contributeur Dernière intervention 8 mai 2021 - 2 juin 2008 à 20:55
A voir également:
- "Mes documents"s'ouvre tout seul au déma
- Yahoo mail ne s'ouvre plus - Guide
- Mon téléphone envoie des sms tout seul - Forum Samsung
- Un seul écouteur bluetooth fonctionne ✓ - Forum Casque et écouteurs
- Assistant google se lance tout seul avec écouteurs - Forum Accessoires & objets connectés
- Mon pc se verrouille tout seul - Forum Windows
16 réponses
eZula
Messages postés
3392
Date d'inscription
samedi 26 avril 2008
Statut
Contributeur
Dernière intervention
8 mai 2021
392
21 mai 2008 à 20:47
21 mai 2008 à 20:47
Télécharge le script "Silent Runners"
Clic droit > "enregistrer sous" (et non pas clic gauche) sur le lien suivant :
https://www.silentrunners.org/Silent%20Runners.vbs
clique ensuite 2 fois sur "yes"
Laisse lui le temps de faire son analyse (compte une minute, montre en main)
Poste le rapport généré qui se trouve dans le meme dossier que Silent Runners...
Si ton antivirus s'affole, autorise ce script. Ou au pire, désactive-le juste le temps du téléchargement et du scan. Ce script n'est pas dangereux.
Clic droit > "enregistrer sous" (et non pas clic gauche) sur le lien suivant :
https://www.silentrunners.org/Silent%20Runners.vbs
clique ensuite 2 fois sur "yes"
Laisse lui le temps de faire son analyse (compte une minute, montre en main)
Poste le rapport généré qui se trouve dans le meme dossier que Silent Runners...
Si ton antivirus s'affole, autorise ce script. Ou au pire, désactive-le juste le temps du téléchargement et du scan. Ce script n'est pas dangereux.
eZula
Messages postés
3392
Date d'inscription
samedi 26 avril 2008
Statut
Contributeur
Dernière intervention
8 mai 2021
392
21 mai 2008 à 21:08
21 mai 2008 à 21:08
Crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en italique ci-dessous, (copie tout d'un trait) :
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit" = "D:\WINDOWS\system32\userinit.exe,"
Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix0.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
L'icône de fix0.reg doit ressembler à cela [img]https://www.hiboox.com[/img]
quitte internet et double clique sur fix0.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
Redémarre l'oridnateur et dis ce qu'il en est
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit" = "D:\WINDOWS\system32\userinit.exe,"
Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix0.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
L'icône de fix0.reg doit ressembler à cela [img]https://www.hiboox.com[/img]
quitte internet et double clique sur fix0.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
Redémarre l'oridnateur et dis ce qu'il en est
<yassou>
Messages postés
589
Date d'inscription
lundi 17 décembre 2007
Statut
Membre
Dernière intervention
6 juin 2015
74
21 mai 2008 à 20:57
21 mai 2008 à 20:57
merci, voici le rapport :
"Silent Runners.vbs", revision 58, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"E07FDXRC_2158093" = ""E:\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE" -m" [MS]
"ctfmon.exe" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aide pour le lien d'Adobe PDF Reader"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
\InProcServer32\(Default) = "D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Programme d'aide de l'Assistant de connexion Windows Live"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{955BE0B8-BC85-4CAF-856E-8E0D8B610560}\(Default) = "BHO pour Compagnon Web Encarta"
-> {HKLM...CLSID} = "BHO pour Compagnon Web Encarta"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL" [MS]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FDMIECookiesBHO Class"
\InProcServer32\(Default) = "D:\Program Files\Free Download Manager\iefdm2.dll" [null data]
{EEE6C35C-6118-11DC-9C72-001320C79847}\(Default) = "SWEETIE"
-> {HKLM...CLSID} = "SweetIM Toolbar Helper"
\InProcServer32\(Default) = "D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" ["SweetIM Technologies Ltd."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Microsoft Office\Office12\msohevi.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "E:\MICROS~3\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "E:\MICROS~3\Office12\MLSHEXT.DLL" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "D:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""D:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "D:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll" ["Avira GmbH"]
HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "D:\WINDOWS\system32\userinit.exe,userinit.exe,D:\WINDOWS\system32\ntos.exe," [MS], [MS], [file not found]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "D:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll" ["Avira GmbH"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""D:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
YsiShellExt\(Default) = "{E46B8A96-C11A-4EE5-9B0F-2050A3DD6A45}"
-> {HKLM...CLSID} = "YsiShellExt Class"
\InProcServer32\(Default) = "D:\Program Files\YouSendIt\Express\version2\YsiExt.dll" ["YouSendIt.com"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""D:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "D:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll" ["Avira GmbH"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
YsiShellExt\(Default) = "{E46B8A96-C11A-4EE5-9B0F-2050A3DD6A45}"
-> {HKLM...CLSID} = "YsiShellExt Class"
\InProcServer32\(Default) = "D:\Program Files\YouSendIt\Express\version2\YsiExt.dll" ["YouSendIt.com"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NofolderOptions" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Removes the Folder Options menu item from the Tools menu}
"NoFind" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoRun" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoFolderOptions" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableTaskmgr" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|
Remove Task Manager}
"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Client\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\system32\SSMYPICS.SCR" [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
NeroAutoPlay2AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_AudioToNeroDigital"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = "D:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracksND /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "D:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2CopyCD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "D:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "D:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "D:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_RipCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = "D:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L" ["Ahead Software AG"]
VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]
VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]
Enabled Scheduled Tasks:
------------------------
"Maintenance en 1 clic" -> launches: "D:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
avsda.dll ["Avira GmbH"], 01 - 02, 08
%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 09 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{EEE6C35B-6118-11DC-9C72-001320C79847}"
-> {HKLM...CLSID} = "SweetIM Toolbar for Internet Explorer"
\InProcServer32\(Default) = "D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" ["SweetIM Technologies Ltd."]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{147D6308-0614-4112-89B1-31402F9B82C4}"
-> {HKLM...CLSID} = "Compagnon Web Encarta"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL" [MS]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"
-> {HKLM...CLSID} = "SweetIM Toolbar for Internet Explorer"
\InProcServer32\(Default) = "D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" ["SweetIM Technologies Ltd."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{147D6308-0614-4112-89B1-31402F9B82C4}" = "Compagnon Web Encarta"
-> {HKLM...CLSID} = "Compagnon Web Encarta"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL" [MS]
"{EEE6C35B-6118-11DC-9C72-001320C79847}" = (no title provided)
-> {HKLM...CLSID} = "SweetIM Toolbar for Internet Explorer"
\InProcServer32\(Default) = "D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" ["SweetIM Technologies Ltd."]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "E:\MICROS~3\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" ["Sun Microsystems, Inc."]
{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
\InProcServer32\(Default) = "D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\
"ButtonText" = "Barre de recherche Encarta"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{EEE6C35D-6118-11DC-9C72-001320C79847}" = (no title provided)
-> {HKLM...CLSID} = "SweetIM ToolbarURLSearchHook Class"
\InProcServer32\(Default) = "D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" ["SweetIM Technologies Ltd."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://D|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir PersonalEdition Premium Guard, AntiVirService, ""D:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe"" ["Avira GmbH"]
AntiVir PersonalEdition Premium MailGuard helper service, AVEService, ""D:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe"" ["Avira GmbH"]
AntiVir PersonalEdition Premium Scheduler, AntiVirScheduler, ""D:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe"" ["Avira GmbH"]
avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
C-DillaSrv, C-DillaSrv, "D:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE" ["C-Dilla Ltd"]
Machine Debug Manager, MDM, ""D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
hpzsnt05\Driver = "hpzsnt05.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
---------- (launch time: 2008-05-21 19:53:37)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 111 seconds, including 13 seconds for message boxes)
"Silent Runners.vbs", revision 58, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"E07FDXRC_2158093" = ""E:\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE" -m" [MS]
"ctfmon.exe" = "D:\WINDOWS\system32\ctfmon.exe" [MS]
"msnmsgr" = ""D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aide pour le lien d'Adobe PDF Reader"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}\(Default) = "Skype add-on (mastermind)"
-> {HKLM...CLSID} = "Skype add-on (mastermind)"
\InProcServer32\(Default) = "D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Programme d'aide de l'Assistant de connexion Windows Live"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{955BE0B8-BC85-4CAF-856E-8E0D8B610560}\(Default) = "BHO pour Compagnon Web Encarta"
-> {HKLM...CLSID} = "BHO pour Compagnon Web Encarta"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL" [MS]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FDMIECookiesBHO Class"
\InProcServer32\(Default) = "D:\Program Files\Free Download Manager\iefdm2.dll" [null data]
{EEE6C35C-6118-11DC-9C72-001320C79847}\(Default) = "SWEETIE"
-> {HKLM...CLSID} = "SweetIM Toolbar Helper"
\InProcServer32\(Default) = "D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" ["SweetIM Technologies Ltd."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Microsoft Office\Office12\msohevi.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "E:\MICROS~3\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "E:\MICROS~3\Office12\MLSHEXT.DLL" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\Audiodev.dll" [MS]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "D:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll" [MS]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""D:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "D:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll" ["Avira GmbH"]
HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "D:\WINDOWS\system32\userinit.exe,userinit.exe,D:\WINDOWS\system32\ntos.exe," [MS], [MS], [file not found]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "D:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll" ["Avira GmbH"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""D:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
YsiShellExt\(Default) = "{E46B8A96-C11A-4EE5-9B0F-2050A3DD6A45}"
-> {HKLM...CLSID} = "YsiShellExt Class"
\InProcServer32\(Default) = "D:\Program Files\YouSendIt\Express\version2\YsiExt.dll" ["YouSendIt.com"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""D:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "D:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "D:\Program Files\Avira\AntiVir PersonalEdition Premium\shlext.dll" ["Avira GmbH"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {HKLM...CLSID} = "Trojan Remover Shell Extension"
\InProcServer32\(Default) = "D:\PROGRA~1\TROJAN~1\Trshlex.dll" ["Simply Super Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "D:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing LP"]
YsiShellExt\(Default) = "{E46B8A96-C11A-4EE5-9B0F-2050A3DD6A45}"
-> {HKLM...CLSID} = "YsiShellExt Class"
\InProcServer32\(Default) = "D:\Program Files\YouSendIt\Express\version2\YsiExt.dll" ["YouSendIt.com"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NofolderOptions" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Removes the Folder Options menu item from the Tools menu}
"NoFind" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoRun" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoFolderOptions" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableTaskmgr" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|
Remove Task Manager}
"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Client\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\system32\SSMYPICS.SCR" [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
NeroAutoPlay2AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_AudioToNeroDigital"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = "D:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracksND /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "D:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2CopyCD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "D:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "D:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "D:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_RipCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = "D:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L" ["Ahead Software AG"]
VLCPlayCDAudioOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file cdda:%1" ["VideoLAN Team"]
VLCPlayDVDMovieOnArrival\
"Provider" = "VideoLAN VLC media player"
"InvokeProgID" = "VLC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "D:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1" ["VideoLAN Team"]
Enabled Scheduled Tasks:
------------------------
"Maintenance en 1 clic" -> launches: "D:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
avsda.dll ["Avira GmbH"], 01 - 02, 08
%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 09 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{EEE6C35B-6118-11DC-9C72-001320C79847}"
-> {HKLM...CLSID} = "SweetIM Toolbar for Internet Explorer"
\InProcServer32\(Default) = "D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" ["SweetIM Technologies Ltd."]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{147D6308-0614-4112-89B1-31402F9B82C4}"
-> {HKLM...CLSID} = "Compagnon Web Encarta"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL" [MS]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"
-> {HKLM...CLSID} = "SweetIM Toolbar for Internet Explorer"
\InProcServer32\(Default) = "D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" ["SweetIM Technologies Ltd."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{147D6308-0614-4112-89B1-31402F9B82C4}" = "Compagnon Web Encarta"
-> {HKLM...CLSID} = "Compagnon Web Encarta"
\InProcServer32\(Default) = "D:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL" [MS]
"{EEE6C35B-6118-11DC-9C72-001320C79847}" = (no title provided)
-> {HKLM...CLSID} = "SweetIM Toolbar for Internet Explorer"
\InProcServer32\(Default) = "D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" ["SweetIM Technologies Ltd."]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "E:\MICROS~3\Office12\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0"
\InProcServer32\(Default) = "D:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" ["Sun Microsystems, Inc."]
{77BF5300-1474-4EC7-9980-D32B190E9B07}\
"ButtonText" = "Skype"
"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"
-> {HKLM...CLSID} = "Skype add-on (button)"
\InProcServer32\(Default) = "D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\
"ButtonText" = "Barre de recherche Encarta"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{EEE6C35D-6118-11DC-9C72-001320C79847}" = (no title provided)
-> {HKLM...CLSID} = "SweetIM ToolbarURLSearchHook Class"
\InProcServer32\(Default) = "D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" ["SweetIM Technologies Ltd."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> "TuneUp" = "file://D|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AntiVir PersonalEdition Premium Guard, AntiVirService, ""D:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe"" ["Avira GmbH"]
AntiVir PersonalEdition Premium MailGuard helper service, AVEService, ""D:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe"" ["Avira GmbH"]
AntiVir PersonalEdition Premium Scheduler, AntiVirScheduler, ""D:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe"" ["Avira GmbH"]
avast! Antivirus, avast! Antivirus, ""D:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
C-DillaSrv, C-DillaSrv, "D:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE" ["C-Dilla Ltd"]
Machine Debug Manager, MDM, ""D:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
hpzsnt05\Driver = "hpzsnt05.dll" ["HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
---------- (launch time: 2008-05-21 19:53:37)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 111 seconds, including 13 seconds for message boxes)
<yassou>
Messages postés
589
Date d'inscription
lundi 17 décembre 2007
Statut
Membre
Dernière intervention
6 juin 2015
74
21 mai 2008 à 21:23
21 mai 2008 à 21:23
j'ai fait comme tu m'as dit mais il a encore redémarrer en ouvrant Mes Documents
que dois je faire?
que dois je faire?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
eZula
Messages postés
3392
Date d'inscription
samedi 26 avril 2008
Statut
Contributeur
Dernière intervention
8 mai 2021
392
21 mai 2008 à 21:29
21 mai 2008 à 21:29
As-tu désinstallé Avast ou Antivir, et surtout, depuis quand as-tu ce pb ?
<yassou>
Messages postés
589
Date d'inscription
lundi 17 décembre 2007
Statut
Membre
Dernière intervention
6 juin 2015
74
21 mai 2008 à 21:36
21 mai 2008 à 21:36
non je n'ai rien désinstallé et j'ai eu ce problème après avoir installer antivir, et depuis que trojan remover me detecte une entrée ntos.exe manquante dans le registre
ces évènement coincident avec ce problème, mais quelle est la relation?
ces évènement coincident avec ce problème, mais quelle est la relation?
eZula
Messages postés
3392
Date d'inscription
samedi 26 avril 2008
Statut
Contributeur
Dernière intervention
8 mai 2021
392
21 mai 2008 à 21:44
21 mai 2008 à 21:44
normalement, la manip précédente a du rétablir la valeur userinit qui était détournée avec ce "ntos.exe", d'ailleurs vérifie dans Silent Runners que tu ne vois plus :
HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "D:\WINDOWS\system32\userinit.exe,userinit.exe,D:\WINDOWS\system32\ntos.exe," [MS], [MS], [file not found]
Sinon deux antivirus en même temps ce n'est pas possible, il faut que tu en désinstalles un
Pour aller un peu plus loin, télécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau
dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre
Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "D:\WINDOWS\system32\userinit.exe,userinit.exe,D:\WINDOWS\system32\ntos.exe," [MS], [MS], [file not found]
Sinon deux antivirus en même temps ce n'est pas possible, il faut que tu en désinstalles un
Pour aller un peu plus loin, télécharge GenProc http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip sur ton bureau
dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre
Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
<yassou>
Messages postés
589
Date d'inscription
lundi 17 décembre 2007
Statut
Membre
Dernière intervention
6 juin 2015
74
21 mai 2008 à 22:05
21 mai 2008 à 22:05
j'ai désinstallé antivir, là j'ai lancé GenProc.bat
j'ai une fenètre DOS ouverte et un rapport GenProc.txt est ouvert aussi, on me dit de patienter, ça prends combien de temps?
en tous les cas le rapport est le suivant :
GenProc 1.964 [1] 21/05/2008 - Windows [XP] : Aucune infection caractéristique trouvée
j'ai une fenètre DOS ouverte et un rapport GenProc.txt est ouvert aussi, on me dit de patienter, ça prends combien de temps?
en tous les cas le rapport est le suivant :
GenProc 1.964 [1] 21/05/2008 - Windows [XP] : Aucune infection caractéristique trouvée
eZula
Messages postés
3392
Date d'inscription
samedi 26 avril 2008
Statut
Contributeur
Dernière intervention
8 mai 2021
392
21 mai 2008 à 22:15
21 mai 2008 à 22:15
Disons que ça permet d'élmiminer un certain nombre d'hypothèses, ce résultat.
fais ce scan en ligne : https://forum.pcastuces.com/sujet.asp?f=25&s=31584&page=1 puis poste le rapport lorsqu'il a terminé.
fais ce scan en ligne : https://forum.pcastuces.com/sujet.asp?f=25&s=31584&page=1 puis poste le rapport lorsqu'il a terminé.
<yassou>
Messages postés
589
Date d'inscription
lundi 17 décembre 2007
Statut
Membre
Dernière intervention
6 juin 2015
74
21 mai 2008 à 22:22
21 mai 2008 à 22:22
merci eZula, tu m'as donné une idée sur userinit, alors j'ai fait la manipulation suivante pour voir ce qu'il en était, et ça a marché
démarrer > executer > j'ai tappé regedit > ok
j'ai cherché userinit dans : HKEY_LOCAL_MACHINE
software > microsoft > windows NT > winlogon > j'ai regardé userinit
j'avais la valeur : D:\WINDOWS\system32\userinit.exe,userinit.exe,D:\WINDOWS\system32\ntos.exe,
je l'ai remplacé par : D:\WINDOWS\system32\userinit.exe,
c'était bien ce ntos.exe, j'ai redémarré ma machine et je n'ai plus eu cette fenètre de Mes Documents
merci beaucoup eZula
démarrer > executer > j'ai tappé regedit > ok
j'ai cherché userinit dans : HKEY_LOCAL_MACHINE
software > microsoft > windows NT > winlogon > j'ai regardé userinit
j'avais la valeur : D:\WINDOWS\system32\userinit.exe,userinit.exe,D:\WINDOWS\system32\ntos.exe,
je l'ai remplacé par : D:\WINDOWS\system32\userinit.exe,
c'était bien ce ntos.exe, j'ai redémarré ma machine et je n'ai plus eu cette fenètre de Mes Documents
merci beaucoup eZula
eZula
Messages postés
3392
Date d'inscription
samedi 26 avril 2008
Statut
Contributeur
Dernière intervention
8 mai 2021
392
21 mai 2008 à 22:29
21 mai 2008 à 22:29
lorsque tu as exécuté le fichier fix0.reg, tu as eu le message de confirmation ? car il était censé faire la même chose que ce que tu viens d'effectuer
<yassou>
Messages postés
589
Date d'inscription
lundi 17 décembre 2007
Statut
Membre
Dernière intervention
6 juin 2015
74
21 mai 2008 à 22:33
21 mai 2008 à 22:33
oui, j'ai eu le message de confirmation c'est ce qui m'a étonné tout comme toi, bizzare !
timbaloca
Messages postés
1
Date d'inscription
jeudi 22 mai 2008
Statut
Membre
Dernière intervention
22 mai 2008
22 mai 2008 à 13:55
22 mai 2008 à 13:55
merci pour le tuyau
j'avais exactement le meme pb
la ptit manip marche impec
merci encore
j'avais exactement le meme pb
la ptit manip marche impec
merci encore
<yassou>
Messages postés
589
Date d'inscription
lundi 17 décembre 2007
Statut
Membre
Dernière intervention
6 juin 2015
74
22 mai 2008 à 18:56
22 mai 2008 à 18:56
mais de rien! contente de t'avoir aider :)
"Silent Runners.vbs", revision 58, https://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aide pour le lien d'Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{2b232f20-fa0d-11d1-8a3e-00c0f64105cd}" = "Shuttle Shell Extension for Drive"
-> {HKLM...CLSID} = "Shuttle Shell Extension for Drive"
\InProcServer32\(Default) = "stlhook.dll" ["SCM Microsystems Inc."]
HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "C:\WINDOWS\System32\userinit.exe,userinit.exe" [MS], [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Dune.jpg"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Sven.GROSPC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classi"
"InvokeProgID" = "MPC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\MPC.CDAudio\shell\play\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /cd" ["Gabest"]
MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MPC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\MPC.DVDMovie\shell\play\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /dvd" ["Gabest"]
MSPlayMusicFilesOnArrival\
"Provider" = "@wmploc.dll,-6502"
"ProgID" = "WMPShell.HWEventHandler.1"
HKLM\SOFTWARE\Classes\WMPShell.HWEventHandler.1\CLSID\(Default) = "{9B186A8F-F520-4eeb-B553-118304AC46C5}"
-> {HKLM...CLSID} = "WMP HWEventHandler"
\LocalServer32\(Default) = "C:\WINDOWS\System32\wmpstub.exe" [MS]
MSPlayVideoFilesOnArrival\
"Provider" = "@wmploc.dll,-6502"
"ProgID" = "WMPShell.HWEventHandler.1"
HKLM\SOFTWARE\Classes\WMPShell.HWEventHandler.1\CLSID\(Default) = "{9B186A8F-F520-4eeb-B553-118304AC46C5}"
-> {HKLM...CLSID} = "WMP HWEventHandler"
\LocalServer32\(Default) = "C:\WINDOWS\System32\wmpstub.exe" [MS]
NeroAutoPlay2CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2CopyCD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]
PSASE30ImportPicturesOnArrival\
"Provider" = "Adobe Photoshop Album Edition Découverte"
"InvokeProgID" = "PSASE30.autoplay"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\PSASE30.autoplay\shell\launch\command\(Default) = ""C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\psaproxy.exe" -v %1\" ["Adobe Systems Incorporated"]
RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]
RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]
RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]
RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]
RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}"
-> {HKLM...CLSID} = "SweetIM For Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll" [file not found]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
Que dois-je faire ensuite pour ne plus avoir mes documents ouvert à chaque ouverture de ma session? Je suis une vraie buse en informatique!
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"" ["Sun Microsystems, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Aide pour le lien d'Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{2b232f20-fa0d-11d1-8a3e-00c0f64105cd}" = "Shuttle Shell Extension for Drive"
-> {HKLM...CLSID} = "Shuttle Shell Extension for Drive"
\InProcServer32\(Default) = "stlhook.dll" ["SCM Microsystems Inc."]
HKLM\SOFTWA RE\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Userinit" = "C:\WINDOWS\System32\userinit.exe,userinit.exe" [MS], [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Dune.jpg"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Sven.GROSPC\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classi"
"InvokeProgID" = "MPC.CDAudio"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\MPC.CDAudio\shell\play\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /cd" ["Gabest"]
MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MPC.DVDMovie"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\MPC.DVDMovie\shell\play\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /dvd" ["Gabest"]
MSPlayMusicFilesOnArrival\
"Provider" = "@wmploc.dll,-6502"
"ProgID" = "WMPShell.HWEventHandler.1"
HKLM\SOFTWARE\Classes\WMPShell.HWEventHandler.1\CLSID\(Default) = "{9B186A8F-F520-4eeb-B553-118304AC46C5}"
-> {HKLM...CLSID} = "WMP HWEventHandler"
\LocalServer32\(Default) = "C:\WINDOWS\System32\wmpstub.exe" [MS]
MSPlayVideoFilesOnArrival\
"Provider" = "@wmploc.dll,-6502"
"ProgID" = "WMPShell.HWEventHandler.1"
HKLM\SOFTWARE\Classes\WMPShell.HWEventHandler.1\CLSID\(Default) = "{9B186A8F-F520-4eeb-B553-118304AC46C5}"
-> {HKLM...CLSID} = "WMP HWEventHandler"
\LocalServer32\(Default) = "C:\WINDOWS\System32\wmpstub.exe" [MS]
NeroAutoPlay2CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2CopyCD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]
PSASE30ImportPicturesOnArrival\
"Provider" = "Adobe Photoshop Album Edition Découverte"
"InvokeProgID" = "PSASE30.autoplay"
"InvokeVerb" = "launch"
HKLM\SOFTWARE\Classes\PSASE30.autoplay\shell\launch\command\(Default) = ""C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\psaproxy.exe" -v %1\" ["Adobe Systems Incorporated"]
RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."]
RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]
RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."]
RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."]
RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}"
-> {HKLM...CLSID} = "SweetIM For Internet Explorer"
\InProcServer32\(Default) = "C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll" [file not found]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
Que dois-je faire ensuite pour ne plus avoir mes documents ouvert à chaque ouverture de ma session? Je suis une vraie buse en informatique!
eZula
Messages postés
3392
Date d'inscription
samedi 26 avril 2008
Statut
Contributeur
Dernière intervention
8 mai 2021
392
2 juin 2008 à 20:55
2 juin 2008 à 20:55
*
Ce message vous semble utile, votez !
* Signaler ce message aux modérateurs
*
Par eZula, le mercredi 21 mai 2008 à 21:08:19 Fil de Discussions
Crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en italique ci-dessous, (copie tout d'un trait) :
Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix0.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
L'icône de fix0.reg doit ressembler à cela [img]https://www.hiboox.com
quitte internet et double clique sur fix0.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
Redémarre l'oridnateur et dis ce qu'il en est
Ce message vous semble utile, votez !
* Signaler ce message aux modérateurs
*
Par eZula, le mercredi 21 mai 2008 à 21:08:19 Fil de Discussions
Crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en italique ci-dessous, (copie tout d'un trait) :
REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit" = "C:\WINDOWS\system32\userinit.exe,"
Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix0.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
L'icône de fix0.reg doit ressembler à cela [img]https://www.hiboox.com
quitte internet et double clique sur fix0.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
Redémarre l'oridnateur et dis ce qu'il en est
