Sujet Précédent Sujet Suivant

Virus im plus

Résolu
abdellatifa Messages postés 10 Statut Membre -  
 selwa -
merci monsieur de m'eclaircire la procedure pour me debarasser de im plus
le premier rapport je ne l'ai pas enregistre
les deux autres rapports sont colle ci dessous
Logfile of HijackThis v1.99.1
Scan saved at 09:59:42, on 20/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\implus\implus.exe
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCSVR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\rachid\LOCALS~1\Temp\Rar$EX00.453\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [E06FXLRD_9460718] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [implus] C:\Program Files\implus\implus.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1299C81-4548-44D6-AA79-90BD361EB924}: NameServer = 212.217.1.4 212.217.0.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

---------------------------------------------------------------------------
BitDefender Online Scanner

Scan report generated at: Wed, Dec 20, 2006 - 05:47:16

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time
02:17:42

Files
420204

Folders
3130

Boot Sectors
2

Archives
2015

Packed Files
63227

Results

Identified Viruses
0

Infected Files
0

Suspect Files
2

Warnings
0

Disinfected
0

Deleted Files
2

Engines Info

Virus Definitions
353827

Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Program Files\Menara\ICW.exe
Suspected of: BehavesLike:Trojan.HangUp

C:\Program Files\Menara\ICW.exe
Disinfection failed

C:\Program Files\Menara\ICW.exe
Deleted

C:\System Volume Information\_restore{4AB39A8E-4D7B-44B7-810B-4C1A7097DCEB}\RP55\A0004046.exe
Suspected of: BehavesLike:Trojan.HangUp

C:\System Volume Information\_restore{4AB39A8E-4D7B-44B7-810B-4C1A7097DCEB}\RP55\A0004046.exe
Disinfection failed

C:\System Volume Information\_restore{4AB39A8E-4D7B-44B7-810B-4C1A7097DCEB}\RP55\A0004046.exe
Deleted
A voir également:

11 réponses

Réponse 1 / 11
salwa5 Messages postés 7552 Statut Contributeur 1 670
 
bonjour ouvre hijack coche cette lignes puis clic sur fix checked

O4 - HKCU\..\Run: [implus] C:\Program Files\implus\implus.exe

redemare en mode sans echec (redemarrage + tapotte sans arret sur la touche F8 desque l'ordi s'allume)

cherches et supprime le dossier en gras :
C:\Program Files\implus

redemare en mode normal

supprime les fichiers inutiles (fichiers temporaire , cookies .. ect avec ceci

Ccleaner
https://www.malekal.com/tutoriel-ccleaner/

si le probleme persiste refait un hijack et colle le resultat ici

a++
2
abdellatif
 
merci beaucoup salwa5 pour l'aide que vous venez de m' apporter pour résoudre mon problème de verus im plus
le verus a disparu de mon ordinateur au moins pour l'instant .
merci une autre fois
0
Elina.95 Messages postés 1 Statut Membre
 
Bonjour Salwa5
Je une problemme avec cette virus(IM Plus????) je ne peux pas lui effasse , pouvez-vous m'aide SVP merci!
0
Réponse 2 / 11
salwa5 Messages postés 7552 Statut Contributeur 1 670
 
de rien :)

a+++
0
abdellatifa Messages postés 10 Statut Membre
 
c'est du bon boulot bravo
0
Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
 
merci monsieur de m'eclaircire la procedure pour me debarasser de im plus
le premier rapport je ne l'ai pas enregistre

^o^
0
Réponse 3 / 11
abdellatifa Messages postés 10 Statut Membre
 
bonjour
hier a la fin de journee j'ai refait un scan de mon pc j'ai trouve que le nettoyage effectue il y a encore des traces de fichier infectes et voila le rappor

Logfile of HijackThis v1.99.1
Scan saved at 09:22:47, on 21/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Menara\dslmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCSVR.EXE
C:\PROGRA~1\MSNGAM~1\Windows\zclientm.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\rachid\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [E06FXLRD_9460718] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1299C81-4548-44D6-AA79-90BD361EB924}: NameServer = 212.217.1.4 212.217.0.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

BitDefender Online Scanner - Real Time Virus Report

Generated at: Thu, Dec 21, 2006 - 11:28:32

--------------------------------------------------------------------------------

Scan Info

Scanned Files
397644

Infected Files
0

Virus Detected

No virus found.

--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
0
Réponse 4 / 11
salwa5 Messages postés 7552 Statut Contributeur 1 670
 
bonjour :)

ouvre hijack coches ces ligne puis clic sur fix checked

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll

telecharge et execute

AVG anti spyware
https://www.01net.com/telecharger/

(n'oublie pas de le mettre a jour avant de lancer le scan)

Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "

Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau ensuite colle le raport ici

supprime les fichiers inutiles (fichiers temporaire , cookies .. ect avec ceci

Ccleaner
https://www.malekal.com/tutoriel-ccleaner/

Nettoye ta base de registre avec regcleaner : https://www.malekal.com/nettoyer-sa-base-de-registre-avec-windows-registry-cleaner/

a+++
0
abdellatifa Messages postés 10 Statut Membre
 
MERCI POUR VOTRE AIDE
apres avoir effectuer l'annalyse je n'ai pas supprimer les fichiers inffectes mais je les mis en quarantaine alors est ce que je doit les supprimer un jour ou bien ça va se faire automatiquement
et pour le nettoyage de la base de mes registre je ne sais pas exactement qu'est ce que je vai nettoyer alors je vous envoi toute la list si vous pover m'indiquer les cases a couchee
merci
LE RAPPORT
-------------------------------------------
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:55:47 21/12/2006

+ Résultat de l'analyse:



C:\Documents and Settings\rachid\Cookies\rachid@247realmedia[2].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.


Fin du rapport

------------------------------------------------------
LA LIST
---------------------------------------------------------------
RegCleaner 4.3 by Jouni Vuorio
Software registered to the Registry. You should delete every program's entries you know you've had, but don't have anymore, selected 89 of 89
[syntax: Author, Software, Age ]

[Unknown], CCleaner, Old
[Unknown], Licenses, Old
[Unknown], PSCONVDriver, Old
[Unknown], Winsock2, Old
[Unknown], WinRAR SFX, Old
Adobe, Color, Old
Adobe, CommonFiles, Old
Adobe, Repair, Old
Adobe, Acrobat Reader, Old
Adobe, Adobe Gamma, Old
Adobe, Photoshop, Old
Adobe, Acrobat, Old
Adobe Systems, Common Install, Old
Ahead, Cover Designer, Old
Ahead, InCD, Old
Ahead, Nero BackItUp, Old
Ahead, Nero Fast CD-Burning Plug-in, Old
Ahead, Nero SoundTrax, Old
Ahead, Nero Toolkit, Old
Ahead, Nero Wave Editor, Old
Ahead, Shared, Old
Ahead, Nero - Burning Rom, Old
Ahead, Nero StartSmart, Old
Analog Devices, ADI USB ADSL Interface, Old
Analog Devices, Dsl, Old
Belltech, Business Card Designer Pro, Old
C07ft5Y, WinXP, Old
CyberLink, Common, Old
CyberLink, PowerDVD, Old
Eset, Nod, Old
Gemplus, Cryptography, Old
Google, GoogleToolbarNotifier, Old
Google, NavClient, Old
Google, Google Toolbar, Old
Gopolo, B4zero, Old
GPL Ghostscript, 8.15, Old
Grisoft, AVGAntiSpyware, Old
IM Providers, MSN Messenger, Old
Intel, IgfxCfg, Old
Intel, Indeo, Old
L&h, G2p, Old
L&h, Tts, Old
Macromedia, FlashPlayer, Old
Macromedia, Shockwave 10, Old
Macromedia, SwInstall, Old
Menara, Kit De Connexion MENARA, Old
Microsoft Corporation, Tweak UI, Old
MozillaPlugins, @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3, Old
MozillaPlugins, Yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1, Old
Netscape, Netscape Navigator, Old
Pdf-convert, Word2pdf, Old
PopCap, Zuma, Old
RealNetworks, Rdx, Old
RealNetworks, RealPlayer, Old
RealNetworks, Setup, Old
Realore, Aqua Words, Old
RichFX, Player, Old
Sagem, F@st800, Old
Schlumberger, Smart Cards And Terminals, Old
Skype, Phone, Old
Skype, ProtectedStorage, Old
Soeperman Enterprises Ltd., HijackThis, Old
TechCity, OutlookParam, Old
TGT Soft, StyleXP, Old
Trymedia Systems, ActiveMARK Software, Old
TuneUp, Utilities, Old
VB And VBA Program Settings, Abc4kids, Old
VB And VBA Program Settings, CCleaner, Old
Voice, VoiceText, Old
WinRAR, ArcHistory, Old
WinRAR, FileList, Old
WinRAR, Formats, Old
WinRAR, General, Old
WinRAR, Interface, Old
WinRAR, Profiles, Old
Yahoo, Essentials, Old
Yahoo, Installer, Old
Yahoo, Skin, Old
Yahoo, SuiteInstall, Old
Yahoo, Ycust, Old
Yahoo, Common, Old
Yahoo, Companion, Old
Yahoo, MailTo, Old
Yahoo, Pager, Old
Yahoo, Profiles, Old
Yahoo, Pub, Old
Yahoo, YFriendsBar, Old
Yahoo, Ypsr, Old
Yahoo, YUserDef, Old
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
salwa5 Messages postés 7552 Statut Contributeur 1 670
 
bonsoir pour avg AS tu peu vider la quarantaine quand tu veut :)

pour effectué un netoyage du registre il faut aller dans le menu outil /netoyage du regsitre/ tout faire

apres la fin du scan va dans le menu selection / choisi TOUT pour selectioné toute les entrée

ensuite clic sur le bouton " supprimer selection " qui se trouve en bas a droite

pour mieu comprendre lis le tutorial suivant https://forums.cnetfrance.fr

a+++
0
abdellatifa Messages postés 10 Statut Membre
 
bonjour
merci pour votre aide
j'ai pu faire le nettoyage du registre .mais a chaque fois que je fait un scan pc je trouve toujours 5 ou 6 fichiers infectes
je me demande est ce que c'est normal ou bien j'ai tjrs un probleme de virus dans mon ordinateur
merci de me repondre
a++
0
Réponse 6 / 11
salwa5 Messages postés 7552 Statut Contributeur 1 670
  
mais a chaque fois que je fait un scan pc je trouve toujours 5 ou 6 fichiers infectes 
je me demande est ce que c'est normal ou bien j'ai tjrs un probleme de virus dans mon ordinateur


quelle programe te detecte les "virus"??

si il te detecte des cookies ( comme pour ton dernier scan AVG antispyware ) c'est normal .
si c'est des virus ou trojan c'est pas normal car ca prouve que ton ordi est mal protegé ou infecté

le mieu c'est que tu colle le resultat du scan ici :p ca m'aidera a mieu comprendre le probleme

a++
0
Réponse 7 / 11
abdellatifa Messages postés 10 Statut Membre
 
voila le rapport
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 00:04:46 23/12/2006

+ Résultat de l'analyse:

C:\Documents and Settings\rachid\Cookies\rachid@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@casalemedia[1].txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@fastclick[2].txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

Fin du rapport
0
abdellatifa Messages postés 10 Statut Membre
 
et un autre rapport plus recent
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 01:04:30 23/12/2006

+ Résultat de l'analyse:



C:\Documents and Settings\rachid\Cookies\rachid@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@as1.falkag[1].txt -> TrackingCookie.Falkag : Aucune action entreprise.
C:\Documents and Settings\rachid\Cookies\rachid@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.


Fin du rapport
0
salwa5 Messages postés 7552 Statut Contributeur 1 670 > abdellatifa Messages postés 10 Statut Membre
 
C'est des cookies rien de grave ...


a+++
0
Réponse 8 / 11
salwa5 Messages postés 7552 Statut Contributeur 1 670
 
bonsoir oui c'est des cookies C:\Documents and Settings\rachid\Cookies\ meme moi j'en ai :p , c'est normal ....

clic sur le bouton "appliqué toute les actions " pour les supprimer ou les mettre en quarantaine

par contre je vien de m'apercevoir que t'as pas un parefeu , il serai preferable d'installé un pour renforcé la securité de ton ordi

je te conseille kerio il est bien et gratuit

Kerio (parefeu)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html

tuto

http://www.malekal.com/kerio_firewall.php

a+++
0
abdellatifa Messages postés 10 Statut Membre
 
merci salwa5 et la prochainne
le probleme est resolu et parfeu instale
0
Réponse 9 / 11
salwa5 Messages postés 7552 Statut Contributeur 1 670
 
de rien :)

a+++
0
Réponse 10 / 11
salwa5 Messages postés 7552 Statut Contributeur 1 670
 
bonjour elina esssay d'appliquer les solution proposé si ca donne rien

telecharge hijackthis et colle le resultat ici :

http://www.infos-du-net.com/telecharger/HijackThis.html
demo :
http://pageperso.aol.fr/balltrap34/demohijack.htm

a+++
0
Réponse 11 / 11
selwa
 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-dan.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-cht.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-nld.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-deu.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-ita.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-jpn.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-kor.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-nor.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-ptg.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-rus.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-esp.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-sve.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-fin.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-ptb.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-chs.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-plk.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-csy.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-sky.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-slv.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-hun.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-tha.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-trk.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-ell.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\CoverDesigner\\covered-esl.nls"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_chs.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_cht.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_deu.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_esl.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_esp.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_ita.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_jpn.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_kor.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_nld.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_ptg.chm"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\\Program Files\\Ahead\\Nero StartSmart\\NeroStartSmart_sve.chm"=dword:00000001

[HKEY_CLASSES_ROOT\accès]

[HKEY_CLASSES_ROOT\OISbmpfile]
@=""

[HKEY_CLASSES_ROOT\OISemffile]
@=""

[HKEY_CLASSES_ROOT\OISgiffile]
@=""

[HKEY_CLASSES_ROOT\OISjpegfile]
@=""

[HKEY_CLASSES_ROOT\OISpngfile]
@=""

[HKEY_CLASSES_ROOT\OIStiffile]
@=""

[HKEY_CLASSES_ROOT\OISwmffile]
@=""

[HKEY_CLASSES_ROOT\SysmonLogManager.Snapin]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.7z]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.7z\OpenWithList]
"a"="IEXPLORE.EXE"
"MRUList"="ba"
"b"="arioner 0[1].27.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.8587601164667887]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.8587601164667887\OpenWithList]
"a"="IEXPLORE.EXE"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.88]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.88\OpenWithList]
"a"="arioner 0[1].27.exe"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.auc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.auc\OpenWithList]
"a"="MultiAri.exe"
"MRUList"="dhgefcba"
"b"="Arioner_024.exe"
"c"="Arioner.exe"
"d"="arioner 0[1].27.exe"
"e"="IEXPLORE.EXE"
"f"="CW4Ferdek.exe"
"g"="Biss keys patcher v1.2 .exe"
"h"="BissEdit_1.2.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.awb]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.awb\OpenWithProgids]
"RealPlayer.AMR_WB.10"=hex(0):

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.blz]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.blz\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.buc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.buc\OpenWithList]
"a"="Arioner_024.exe"
"MRUList"="bca"
"b"="arioner 0[1].27.exe"
"c"="IEXPLORE.EXE"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.irk]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.irk\OpenWithList]
"a"="Gasoline.exe"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.npl]
"ProgID"="Nokia.MultimediaPlaylist"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pyd]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pyd\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.r3t]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rax]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rax\OpenWithProgids]
"RealPlayer.RAX.6"=hex(0):

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RC3auc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RC3auc\OpenWithList]
"a"="arioner 0[1].27.exe"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rjs]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rjt]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rnx]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rp]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rpl]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rpl\OpenWithProgids]
"RealPlayer.RPL.6"=hex(0):

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rt]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rvx]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rvx\OpenWithProgids]
"RealPlayer.RVX.6"=hex(0):

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sav]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sav\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp]
"Application"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sis]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sis\OpenWithList]
"a"="IEXPLORE.EXE"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.URS]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.URS\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\OpenWithList]

[HKEY_CLASSES_ROOT\ADCS]
@="Conteneur de classe Annuaire"

[HKEY_CLASSES_ROOT\ADCS\CLSID]
@="{89E30300-764D-11d0-B282-00A0C90F56FC}"

[HKEY_CLASSES_ROOT\Connection Manager Profile\DefaultIcon]
@="C:\\WINDOWS\\System32\\CMMGR32.EXE,1"

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open]

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\open\command]
@="C:\\WINDOWS\\System32\\CMMGR32.EXE \"%1\""

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...]

[HKEY_CLASSES_ROOT\Connection Manager Profile\shell\Settings...\command]
@="C:\\WINDOWS\\System32\\CMMGR32.EXE /settings \"%1\""

[HKEY_CLASSES_ROOT\dcsfile\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,11"

[HKEY_CLASSES_ROOT\ecsfile\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,10"

[HKEY_CLASSES_ROOT\fcsfile\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,12"

[HKEY_CLASSES_ROOT\igfx.CUITestConfig.1]
@="CUITestConfig Class"

[HKEY_CLASSES_ROOT\igfx.CUITestConfig.1\CLSID]
@="c"

[HKEY_CLASSES_ROOT\MailFileAtt]
@=""

[HKEY_CLASSES_ROOT\MailFileAtt\CLSID]
@="{00020D05-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\mapifvbx.object]
@="MAPIForm object"

[HKEY_CLASSES_ROOT\mapifvbx.object\Clsid]
@="{41116C00-8B90-101B-96CD-00AA003B14FC}"

[HKEY_CLASSES_ROOT\mapifvbx.object.1]
@="MAPIForm object (V 1.0)"

[HKEY_CLASSES_ROOT\mapifvbx.object.1\Clsid]
@="{41116C00-8B90-101B-96CD-00AA003B14FC}"

[HKEY_CLASSES_ROOT\ncsfile\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,14"

[HKEY_CLASSES_ROOT\tcsfile\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,13"

[HKEY_CLASSES_ROOT\urn:content-classes:catalog\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,15"

[HKEY_CLASSES_ROOT\urn:content-classes:catalog-settings\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12471"

[HKEY_CLASSES_ROOT\urn:content-classes:contentclassdef\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-13101"

[HKEY_CLASSES_ROOT\urn:content-classes:exchange55startaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12451"

[HKEY_CLASSES_ROOT\urn:content-classes:exchangestartaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12451"

[HKEY_CLASSES_ROOT\urn:content-classes:filestartaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12453"

[HKEY_CLASSES_ROOT\urn:content-classes:management\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,20"

[HKEY_CLASSES_ROOT\urn:content-classes:notesstartaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12456"

[HKEY_CLASSES_ROOT\urn:content-classes:remoteworkspacestartaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12454"

[HKEY_CLASSES_ROOT\urn:content-classes:webstartaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12450"

[HKEY_CLASSES_ROOT\urn:content-classes:wizard/addcontentclass\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-13100"

[HKEY_CLASSES_ROOT\urn:content-classes:wizard/addsearchcontentlocation\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12461"

[HKEY_CLASSES_ROOT\urn:content-classes:workspace-settings\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12472"

[HKEY_CLASSES_ROOT\urn:content-classes:workspaceconfiguration\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12476"

[HKEY_CLASSES_ROOT\urn:content-classes:workspacestartaddress\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,-12454"

[HKEY_CLASSES_ROOT\WBEMComConnection]
@="WBEM Connection"

[HKEY_CLASSES_ROOT\WBEMComConnection\CLSID]
@="SOFTWARE\\CLASSES\\WBEMComConnection"

[HKEY_CLASSES_ROOT\WBEMComLocator]
@="WBEM Locator"

[HKEY_CLASSES_ROOT\WBEMComLocator\CLSID]
@="SOFTWARE\\CLASSES\\WBEMComLocator"

[HKEY_CLASSES_ROOT\wcsfile\DefaultIcon]
@="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Web Folders\\pkmres.dll,9"

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}]
@="Proyecto2.DownloadFile"

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}\Control]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}\InprocServer32]
@="C:\\Archivos de programa\\ARDig\\DownloadFile.ocx"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}\MiscStatus\1]
@="132497"

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}\ProgID]
@="Proyecto2.DownloadFile"

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}\ToolboxBitmap32]
@="C:\\Archivos de programa\\ARDig\\DownloadFile.ocx, 30000"

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}\TypeLib]
@="{F49E397D-8E78-4997-AE4E-6A83B46EB754}"

[HKEY_CLASSES_ROOT\CLSID\{0A4CBE5A-DFD5-4652-95AF-7695AE437DAB}\VERSION]
@="2.0"

[HKEY_CLASSES_ROOT\CLSID\{111C85E9-BB62-4528-A806-F0BE908E02F0}]

[HKEY_CLASSES_ROOT\CLSID\{111C85E9-BB62-4528-A806-F0BE908E02F0}\InprocServer32]
@="\"C:\\PROGRA~1\\MSNMES~1\\msgsc.dll\""
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{111C85E9-BB62-4528-A806-F0BE908E02F0}\LocalServer32]
@="\"C:\\PROGRA~1\\MSNMES~1\\msnmsgr.exe\""
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{111C85E9-BB62-4528-A806-F0BE908E02F0}\ProgID]
@="MSNMessenger.ContactsPicker"

[HKEY_CLASSES_ROOT\CLSID\{111C85E9-BB62-4528-A806-F0BE908E02F0}\Programmable]
@=""

[HKEY_CLASSES_ROOT\CLSID\{111C85E9-BB62-4528-A806-F0BE908E02F0}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{111C85E9-BB62-4528-A806-F0BE908E02F0}\VersionIndependentProgID]
@="MSNMessenger.ContactsPicker.1"

[HKEY_CLASSES_ROOT\CLSID\{1745EDC4-CDCE-4e20-B91E-312F0C2AD16B}]

[HKEY_CLASSES_ROOT\CLSID\{1745EDC4-CDCE-4e20-B91E-312F0C2AD16B}\InprocServer32]
@="C:\\Program Files\\MSN\\MSNCoreFiles\\msnmetal.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{5C4C8078-24CF-4c71-B05E-8B1D935DB5AC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5C4C8078-24CF-4c71-B05E-8B1D935DB5AC}\LocalServer32]
@="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\""

[HKEY_CLASSES_ROOT\CLSID\{5E05D214-DD15-47cd-B5BC-65FAC825D3D0}]

[HKEY_CLASSES_ROOT\CLSID\{5E05D214-DD15-47cd-B5BC-65FAC825D3D0}\InprocServer32]
@="C:\\Program Files\\MSN\\MSNCoreFiles\\msnmetal.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}]
@="SysTrayCtl.cSysTray"

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}\Control]
@=""

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}\InprocServer32]
@="C:\\Archivos de programa\\ARDig\\SysTray.ocx"

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}\MiscStatus\1]
@="148881"

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}\ProgID]
@="SysTrayCtl.cSysTray"

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}\ToolboxBitmap32]
@="C:\\Archivos de programa\\ARDig\\SysTray.ocx, 30000"

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}\TypeLib]
@="{60CC5D62-2D08-11D0-BDBE-00AA00575603}"

[HKEY_CLASSES_ROOT\CLSID\{60CC5D60-2D08-11D0-BDBE-00AA00575603}\Version]
@="1.1"

[HKEY_CLASSES_ROOT\CLSID\{762DAFB9-15BD-4b41-B919-F3D5023D1E78}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{762DAFB9-15BD-4b41-B919-F3D5023D1E78}\LocalServer32]
@="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\""

[HKEY_CLASSES_ROOT\CLSID\{A06B0DBC-8272-4D72-A366-B8090BBE1871}]
@="RealSearch"

[HKEY_CLASSES_ROOT\CLSID\{A06B0DBC-8272-4D72-A366-B8090BBE1871}\InProcServer32]
@="C:\\Program Files\\Real Alternative\\rpshellsearch.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{A3E84F97-4A68-4e42-9976-DA8DF946B571}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{A3E84F97-4A68-4e42-9976-DA8DF946B571}\LocalServer32]
@="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\""

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}]
@="LVbuttons.LaVolpeButton"

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}\Control]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}\InprocServer32]
@="C:\\Archivos de programa\\ARDig\\LVbuttons.ocx"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}\MiscStatus\1]
@="135569"

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}\ProgID]
@="LVbuttons.LaVolpeButton"

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}\ToolboxBitmap32]
@="C:\\Archivos de programa\\ARDig\\LVbuttons.ocx, 30000"

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}\TypeLib]
@="{7888C00A-4808-4D27-9AAE-BD36EC13D16F}"

[HKEY_CLASSES_ROOT\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}\VERSION]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{CD79C623-E1B7-47CF-A685-2E8A882BA3F8}]
@="IIDCRLWrapper Class"
"AppID"="{536BF835-F397-46D3-AD11-92642F8CABD9}"

[HKEY_CLASSES_ROOT\CLSID\{CD79C623-E1B7-47CF-A685-2E8A882BA3F8}\LocalServer32]
@="\"C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Windows Live\\WLLoginProxy.exe\""

[HKEY_CLASSES_ROOT\CLSID\{CD79C623-E1B7-47CF-A685-2E8A882BA3F8}\ProgID]
@="ComProxy.IIDCRLWrapper.1"

[HKEY_CLASSES_ROOT\CLSID\{CD79C623-E1B7-47CF-A685-2E8A882BA3F8}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{CD79C623-E1B7-47CF-A685-2E8A882BA3F8}\TypeLib]
@="{0DFECA53-79EE-4FDC-8D99-CEFC4DEBE61B}"

[HKEY_CLASSES_ROOT\CLSID\{CD79C623-E1B7-47CF-A685-2E8A882BA3F8}\VersionIndependentProgID]
@="ComProxy.IIDCRLWrapper"

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}]
@="XPFrame.FrameXp"

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\Control]
@=""

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\InprocServer32]
@="C:\\Archivos de programa\\ARDig\\Frame-Xp.ocx"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\MiscStatus\1]
@="205201"

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\ProgID]
@="XPFrame.FrameXp"

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\Required Categories]

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\Required Categories\{D40C2700-FFA1-11CF-8234-00AA00C1AB85}]

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\ToolboxBitmap32]
@="C:\\Archivos de programa\\ARDig\\Frame-Xp.ocx, 30000"

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\TypeLib]
@="{ADBBAED6-B16F-40DC-80DF-B44910CBA76C}"

[HKEY_CLASSES_ROOT\CLSID\{EE2E1D19-B903-4D24-99A4-E16162923C98}\VERSION]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}]
@="HookMenu.XpMenu"

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}\Control]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}]

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}]

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}\InprocServer32]
@="C:\\Archivos de programa\\ARDig\\HookMenu.ocx"

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}\MiscStatus\1]
@="132497"

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}\ProgID]
@="HookMenu.XpMenu"

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}\ToolboxBitmap32]
@="C:\\Archivos de programa\\ARDig\\HookMenu.ocx, 30000"

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}\TypeLib]
@="{F5E116E1-0563-11D8-AA80-000B6A0D10CB}"

[HKEY_CLASSES_ROOT\CLSID\{F5E116F3-0563-11D8-AA80-000B6A0D10CB}\VERSION]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{F5E116F6-0563-11D8-AA80-000B6A0D10CB}]
@="HookMenu.pagBitmaps"

[HKEY_CLASSES_ROOT\CLSID\{F5E116F6-0563-11D8-AA80-000B6A0D10CB}\InprocServer32]
@="C:\\Archivos de programa\\ARDig\\HookMenu.ocx"

[HKEY_CLASSES_ROOT\Applications\moviemk.exe]

[HKEY_CLASSES_ROOT\Applications\moviemk.exe\shell]
"FriendlyCache"="Movie Maker"

[HKEY_CLASSES_ROOT\Applications\winzip32.exe\shell\open]
@="Ouvrir avec &WinZip"

[HKEY_CLASSES_ROOT\Applications\winzip32.exe\shell\open\command]
@="C:\\PROGRA~1\\WINZIP\\winzip32.exe \"%1\""

[HKEY_CLASSES_ROOT\Applications\winzip32.exe\shell\print]

[HKEY_CLASSES_ROOT\Applications\winzip32.exe\shell\print\command]
@="C:\\PROGRA~1\\WINZIP\\winzip32.exe /print /ni \"%1\""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe]
@="C:\\WINDOWS\\System32\\cmmgr32.exe"
"Path"="C:\\WINDOWS\\System32"
"CmstpExtensionDll"="C:\\WINDOWS\\System32\\cmcfg32.dll"
"CMInternalVersion"="1.2"
"CmNative"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\MSN6.EXE]
@="C:\\Program Files\\MSN\\MSNCoreFiles\\MSN6.exe"
"Path"="C:\\Program Files\\MSN\\MSNCoreFiles"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]
"nwindcs9.cnt"="C:\\Program Files\\Microsoft Office\\OFFICE11\\SAMPLES\\"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]
"nwind9.hlp"="C:\\Program Files\\Microsoft Office\\OFFICE11\\SAMPLES\\"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]
"nwind9.cnt"="C:\\Program Files\\Microsoft Office\\OFFICE11\\SAMPLES\\"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]
"nwindcs9.hlp"="C:\\Program Files\\Microsoft Office\\OFFICE11\\SAMPLES\\"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]
"scanpst.hlp"="C:\\Program Files\\Fichiers communs\\SYSTEM\\MSMAPI\\1036\\"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\WINDOWS\\winsxs\\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\WINDOWS\\winsxs\\Policies\\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4AED0FF6-03EB-11DA-BFBD-00065BBDC0B5}]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,38,fb,00,00,00,00,00,a8,05,a0,\
be,69,11,c7,01,02,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,\
57,00,53,00,5c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,5c,\
00,7b,00,34,00,41,00,45,00,44,00,30,00,46,00,46,00,36,00,2d,00,30,00,33,00,\
45,00,42,00,2d,00,31,00,31,00,44,00,41,00,2d,00,42,00,46,00,42,00,44,00,2d,\
00,30,00,30,00,30,00,36,00,35,00,42,00,42,00,44,00,43,00,30,00,42,00,35,00,\
7d,00,5c,00,4d,00,73,00,62,00,6c,00,49,00,63,00,6f,00,2e,00,45,00,78,00,65,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,54,f8,00,00,00,00,00,52,3c,d1,\
8b,92,59,c7,01,00,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,\
57,00,53,00,5c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,5c,\
00,7b,00,43,00,45,00,42,00,33,00,41,00,31,00,31,00,41,00,2d,00,30,00,33,00,\
45,00,41,00,2d,00,31,00,31,00,44,00,41,00,2d,00,42,00,46,00,42,00,44,00,2d,\
00,30,00,30,00,30,00,36,00,35,00,42,00,42,00,44,00,43,00,30,00,42,00,35,00,\
7d,00,5c,00,4d,00,73,00,62,00,6c,00,49,00,63,00,6f,00,2e,00,45,00,78,00,65,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_CURRENT_USER\Software\Licenses]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ARDig]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Free Internet TV]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Series 60 Developer Tools]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Series 60 Developer Tools\ Series 60 Theme Studio 2.0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Series 60 Developer Tools\ Series 60 Theme Studio 2.0\Documents]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Series 60 Developer Tools\ Series 60 Theme Studio 2.0]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Series 60 Developer Tools\ Series 60 Theme Studio 2.0\Documents]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Total Video Converter]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Yahoo!]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ãÕÍÝ äæÝ 2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"="Messenger"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Archivos de programa\\ARDig\\ARDig.exe"="ARDig"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ELJAAD~1\\LOCALS~1\\Temp\\Del6.tmp"="Del6"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ELJAAD~1\\LOCALS~1\\Temp\\uninst1.exe"="uninst1"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ELJAAD~1\\LOCALS~1\\Temp\\Del7.tmp"="Del7"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\ELJAAD~1\\LOCALS~1\\Temp\\A~NSISu_.exe"="A~NSISu_"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Windows Live Toolbar\\UnInstall.exe"="Programme de désinstallation de Windows Live Toolbar"

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 21:21:24 02/04/2007

+ Résultat de l'analyse:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignoré.
C:\Documents and Settings\eljaadaoui\Cookies\eljaadaoui@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré.

Fin du rapport

BitDefender Online Scanner

Scan report generated at: Mon, Apr 02, 2007 - 22:08:58

Scan path: C:\;D:\;I:\;J:\;

Statistics

Time
00:40:01

Files
166358

Folders
2490

Boot Sectors
3

Archives
1384

Packed Files
21842

Results

Identified Viruses
1

Infected Files
1

Suspect Files
2

Warnings
0

Disinfected
0

Deleted Files
3

Engines Info

Virus Definitions
416906

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Program Files\Menara\ICW.exe
Suspected of: BehavesLike:Trojan.HangUp

C:\Program Files\Menara\ICW.exe
Disinfection failed

C:\Program Files\Menara\ICW.exe
Deleted

C:\System Volume Information\_restore{1B0223A7-332A-4748-82BE-C2B09A7445C9}\RP127\A0101302.exe
Infected with: Backdoor.Rbot.DJ

C:\System Volume Information\_restore{1B0223A7-332A-4748-82BE-C2B09A7445C9}\RP127\A0101302.exe
Disinfection failed

C:\System Volume Information\_restore{1B0223A7-332A-4748-82BE-C2B09A7445C9}\RP127\A0101302.exe
Deleted

C:\System Volume Information\_restore{1B0223A7-332A-4748-82BE-C2B09A7445C9}\RP127\A0104660.exe
Suspected of: BehavesLike:Trojan.HangUp

C:\System Volume Information\_restore{1B0223A7-332A-4748-82BE-C2B09A7445C9}\RP127\A0104660.exe
Disinfection failed

C:\System Volume Information\_restore{1B0223A7-332A-4748-82BE-C2B09A7445C9}\RP127\A0104660.exe
Deleted

Logfile of HijackThis v1.99.1
Scan saved at 22:12:44, on 02/04/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\implus\implus.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ELJAAD~1\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.ma/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.menara.ma/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Intel Driver] csrs.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe
O4 - HKCU\..\Run: [implus] C:\Program Files\implus\implus.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD15A4D5-1B93-4421-8628-4421A295DB0F}: NameServer = 212.217.0.13 212.217.1.4
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
a quoi sert softonic ?
durup1928 -
jacklyn -

25 réponses