Recherche et suppression de virus de mon PC

Question

Bonjour,

Suivant les méthodes préliminaires de désinfection de virus expliquées sur la page CCM du lien suivant virus methode preliminaire de desinfection version fr

Il est demandé de poster le résultat des scan dans l'ordre.

Veuillez les trouver ci dessous:

==================================== CCleaner

========    Rapport 1

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\WINDOWS\system32\DIMM.DLL"=dword:80000000

[HKEY_CLASSES_ROOT\.mdi]
@="MSPaper.Document"

[HKEY_CLASSES_ROOT\OISemffile]
@=""

[HKEY_CLASSES_ROOT\OIStiffile]
@=""

[HKEY_CLASSES_ROOT\OISwmffile]
@=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.obd]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.obd\OpenWithProgids]
"Office.Binder.9"=hex(0):

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.obt]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.obt\OpenWithProgids]
"Office.Binder.Template.9"=hex(0):

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\OpenWithList]

[HKEY_CLASSES_ROOT\4DFormula\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-133"

[HKEY_CLASSES_ROOT\AccessPath\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-162"

[HKEY_CLASSES_ROOT\AsciiFilters\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-136"

[HKEY_CLASSES_ROOT\bwpfile\shell\open]

[HKEY_CLASSES_ROOT\bwpfile\shell\open\command]
@="C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\PrvCnt.exe \"%1\""

[HKEY_CLASSES_ROOT\CompiledDB\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-140"

[HKEY_CLASSES_ROOT\CompiledDB\shell\open]

[HKEY_CLASSES_ROOT\CompiledDB\shell\open\command]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE %1"

[HKEY_CLASSES_ROOT\CompiledDB\shell\open\ddeexec]
@="[open(%1)]"

[HKEY_CLASSES_ROOT\CompiledDB\shell\open\ddeexec\application]
@="4D"

[HKEY_CLASSES_ROOT\Datafile\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-130"

[HKEY_CLASSES_ROOT\DataRSR\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-169"

[HKEY_CLASSES_ROOT\DataSegment\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-139"

[HKEY_CLASSES_ROOT\InfoPath.TemplatePart.2]

[HKEY_CLASSES_ROOT\InfoPath.TemplatePart.2\shell]
@="open"

[HKEY_CLASSES_ROOT\Labels\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-142"

[HKEY_CLASSES_ROOT\LogFile\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-145"

[HKEY_CLASSES_ROOT\MailFileAtt]

[HKEY_CLASSES_ROOT\MailFileAtt\CLSID]
@="{00020D05-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\mapifvbx.object]
@="MAPIForm object"

[HKEY_CLASSES_ROOT\mapifvbx.object\Clsid]
@="{41116C00-8B90-101B-96CD-00AA003B14FC}"

[HKEY_CLASSES_ROOT\mapifvbx.object.1]
@="MAPIForm object (V 1.0)"

[HKEY_CLASSES_ROOT\mapifvbx.object.1\Clsid]
@="{41116C00-8B90-101B-96CD-00AA003B14FC}"

[HKEY_CLASSES_ROOT\OISbmpfile\DefaultIcon]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\",3"

[HKEY_CLASSES_ROOT\OISbmpfile\shell\Edit]

[HKEY_CLASSES_ROOT\OISbmpfile\shell\Edit\command]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\" /shellEdit \"%1\""

[HKEY_CLASSES_ROOT\OISbmpfile\shell\Open]

[HKEY_CLASSES_ROOT\OISbmpfile\shell\Open\command]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\" /shellOpen \"%1\""

[HKEY_CLASSES_ROOT\OISbmpfile\shell\Preview]
"MuiVerb"="@shimgvw.dll,-550"

[HKEY_CLASSES_ROOT\OISbmpfile\shell\Preview\command]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\" /shellPreview \"%1\""

[HKEY_CLASSES_ROOT\OISgiffile\DefaultIcon]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\",2"

[HKEY_CLASSES_ROOT\OISgiffile\shell\Edit]

[HKEY_CLASSES_ROOT\OISgiffile\shell\Edit\command]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\" /shellEdit \"%1\""

[HKEY_CLASSES_ROOT\OISgiffile\shell\Open]

[HKEY_CLASSES_ROOT\OISgiffile\shell\Open\command]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\" /shellOpen \"%1\""

[HKEY_CLASSES_ROOT\OISgiffile\shell\Preview]
"MuiVerb"="@shimgvw.dll,-550"

[HKEY_CLASSES_ROOT\OISgiffile\shell\Preview\command]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\" /shellPreview \"%1\""

[HKEY_CLASSES_ROOT\OISjpegfile\DefaultIcon]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\",1"

[HKEY_CLASSES_ROOT\OISjpegfile\shell\Edit]

[HKEY_CLASSES_ROOT\OISjpegfile\shell\Edit\command]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\" /shellEdit \"%1\""

[HKEY_CLASSES_ROOT\OISjpegfile\shell\Open]

[HKEY_CLASSES_ROOT\OISjpegfile\shell\Open\command]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\" /shellOpen \"%1\""

[HKEY_CLASSES_ROOT\OISjpegfile\shell\Preview]
"MuiVerb"="@shimgvw.dll,-550"

[HKEY_CLASSES_ROOT\OISjpegfile\shell\Preview\command]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\" /shellPreview \"%1\""

[HKEY_CLASSES_ROOT\OISpngfile\DefaultIcon]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\",4"

[HKEY_CLASSES_ROOT\OISpngfile\shell\Edit]

[HKEY_CLASSES_ROOT\OISpngfile\shell\Edit\command]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\" /shellEdit \"%1\""

[HKEY_CLASSES_ROOT\OISpngfile\shell\Open]

[HKEY_CLASSES_ROOT\OISpngfile\shell\Open\command]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\" /shellOpen \"%1\""

[HKEY_CLASSES_ROOT\OISpngfile\shell\Preview]
"MuiVerb"="@shimgvw.dll,-550"

[HKEY_CLASSES_ROOT\OISpngfile\shell\Preview\command]
@="\"C:\PROGRA~1\MICROS~2\OFFICE11\ois.exe\" /shellPreview \"%1\""

[HKEY_CLASSES_ROOT\Packages\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-167"

[HKEY_CLASSES_ROOT\pdtfile\shell\Open]

[HKEY_CLASSES_ROOT\pdtfile\shell\Open\command]
@="\"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE\" /n /dde \"%1\""

[HKEY_CLASSES_ROOT\PSWFile\shell\Open]

[HKEY_CLASSES_ROOT\PSWFile\shell\Open\command]
@="\"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE\" /n /dde \"%1\""

[HKEY_CLASSES_ROOT\pwdfile\shell\Open]

[HKEY_CLASSES_ROOT\pwdfile\shell\Open\command]
@="\"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE\" /n /dde \"%1\""

[HKEY_CLASSES_ROOT\pwifile\shell\Open]

[HKEY_CLASSES_ROOT\pwifile\shell\Open\command]
@="\"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE\" /n /dde \"%1\""

[HKEY_CLASSES_ROOT\pwtfile\shell\Open]

[HKEY_CLASSES_ROOT\pwtfile\shell\Open\command]
@="\"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE\" /n /dde \"%1\""

[HKEY_CLASSES_ROOT\Report\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-135"

[HKEY_CLASSES_ROOT\SearchFile\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-134"

[HKEY_CLASSES_ROOT\Sets\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-138"

[HKEY_CLASSES_ROOT\SortFormula\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-134"

[HKEY_CLASSES_ROOT\StructFile\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-129"

[HKEY_CLASSES_ROOT\StructFile\shell\open]

[HKEY_CLASSES_ROOT\StructFile\shell\open\command]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE %1"

[HKEY_CLASSES_ROOT\StructFile\shell\open\ddeexec]
@="[open(%1)]"

[HKEY_CLASSES_ROOT\StructFile\shell\open\ddeexec\application]
@="4D"

[HKEY_CLASSES_ROOT\StructRSR\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-168"

[HKEY_CLASSES_ROOT\Users&Groups\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-143"

[HKEY_CLASSES_ROOT\Variables\DefaultIcon]
@="C:\Program Files\TamTam_Organiseur\TAMTAM.5.0.EXE,-137"

[HKEY_CLASSES_ROOT\VSTA.config.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.config.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.config.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.config.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.config.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.cs.8.0\DefaultIcon]
@="C:\Program Files\Microsoft Visual Studio 8\VC#\VCSPackages\csproj.dll,1"

[HKEY_CLASSES_ROOT\VSTA.cs.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.cs.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.cs.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.cs.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.cs.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.csproj.8.0\DefaultIcon]
@="C:\Program Files\Microsoft Visual Studio 8\VC#\VCSPackages\csproj.dll,0"

[HKEY_CLASSES_ROOT\VSTA.csproj.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.csproj.8.0\shell\Open\Command]
@="\"C:\Program Files\Fichiers communs\Microsoft Shared\MSEnv\VSLauncher.exe\" \"%1\""

[HKEY_CLASSES_ROOT\VSTA.datasource.8.0\DefaultIcon]
@="\"C:\Program Files\Fichiers communs\Microsoft Shared\MSEnv\msenvico.dll\",-215"

[HKEY_CLASSES_ROOT\VSTA.datasource.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.datasource.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.datasource.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.datasource.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.datasource.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.disco.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.disco.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.disco.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.disco.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.disco.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.dtd.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.dtd.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.dtd.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.dtd.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.dtd.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.resx.8.0\DefaultIcon]
@="\"C:\Program Files\Fichiers communs\Microsoft Shared\MSEnv\msenvico.dll\",-210"

[HKEY_CLASSES_ROOT\VSTA.sdl.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.sdl.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.sdl.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.sdl.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.sdl.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.settings.8.0\DefaultIcon]
@="\"C:\Program Files\Fichiers communs\Microsoft Shared\MSEnv\msenvico.dll\",-211"

[HKEY_CLASSES_ROOT\VSTA.snippet.8.0\DefaultIcon]
@="\"C:\Program Files\Fichiers communs\Microsoft Shared\MSEnv\msenvico.dll\",-214"

[HKEY_CLASSES_ROOT\VSTA.snippet.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.snippet.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.snippet.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.snippet.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.snippet.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.snk.8.0\DefaultIcon]
@="\"C:\Program Files\Fichiers communs\Microsoft Shared\MSEnv\msenvico.dll\",-217"

[HKEY_CLASSES_ROOT\VSTA.user.8.0\DefaultIcon]
@="C:\Program Files\Microsoft Visual Studio 8\Common7\Packages\dirprj.dll,-317"

[HKEY_CLASSES_ROOT\VSTA.vb.8.0\DefaultIcon]
@="C:\Program Files\Microsoft Visual Studio 8\VB\Bin\msvbprj.dll,1"

[HKEY_CLASSES_ROOT\VSTA.vb.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.vb.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.vb.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.vb.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.vb.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.vbproj.8.0\DefaultIcon]
@="C:\Program Files\Microsoft Visual Studio 8\VB\Bin\msvbprj.dll,0"

[HKEY_CLASSES_ROOT\VSTA.vbproj.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.vbproj.8.0\shell\Open\Command]
@="\"C:\Program Files\Fichiers communs\Microsoft Shared\MSEnv\VSLauncher.exe\" \"%1\""

[HKEY_CLASSES_ROOT\VSTA.vssettings.8.0\DefaultIcon]
@="\"C:\Program Files\Fichiers communs\Microsoft Shared\MSEnv\msenvico.dll\",-212"

[HKEY_CLASSES_ROOT\VSTA.vstemplate.8.0\DefaultIcon]
@="\"C:\Program Files\Fichiers communs\Microsoft Shared\MSEnv\msenvico.dll\",-213"

[HKEY_CLASSES_ROOT\VSTA.vstemplate.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.vstemplate.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.vstemplate.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.vstemplate.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.vstemplate.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.wsdl.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.wsdl.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.wsdl.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.wsdl.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.wsdl.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.xdr.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.xdr.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.xdr.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.xdr.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.xdr.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.xml.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.xml.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.xml.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.xml.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.xml.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.xsc.8.0\DefaultIcon]
@="\"C:\Program Files\Fichiers communs\Microsoft Shared\MSEnv\msenvico.dll\",-219"

[HKEY_CLASSES_ROOT\VSTA.xsl.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.xsl.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.xsl.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.xsl.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.xsl.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.xslt.8.0\shell\Open]

[HKEY_CLASSES_ROOT\VSTA.xslt.8.0\shell\Open\Command]
@="\"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\vsta.exe\" /dde"

[HKEY_CLASSES_ROOT\VSTA.xslt.8.0\shell\Open\ddeexec]
@="Open(\"%1\")"

[HKEY_CLASSES_ROOT\VSTA.xslt.8.0\shell\Open\ddeexec\Application]
@="VSTA.8.0"

[HKEY_CLASSES_ROOT\VSTA.xslt.8.0\shell\Open\ddeexec\Topic]
@="system"

[HKEY_CLASSES_ROOT\VSTA.xss.8.0\DefaultIcon]
@="\"C:\Program Files\Fichiers communs\Microsoft Shared\MSEnv\msenvico.dll\",-218"

[HKEY_CLASSES_ROOT\CLSID\{1D3BCE37-7834-4579-8169-E67681420A98}]
@="ADM25 Class"

[HKEY_CLASSES_ROOT\CLSID\{1D3BCE37-7834-4579-8169-E67681420A98}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{1D3BCE37-7834-4579-8169-E67681420A98}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{1D3BCE37-7834-4579-8169-E67681420A98}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{1D3BCE37-7834-4579-8169-E67681420A98}\InprocServer32]
@="C:\Program Files\Altnet\Download Manager\adm25.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{1D3BCE37-7834-4579-8169-E67681420A98}\ProgID]
@="ADM25.ADM25.1"

[HKEY_CLASSES_ROOT\CLSID\{1D3BCE37-7834-4579-8169-E67681420A98}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{1D3BCE37-7834-4579-8169-E67681420A98}\VersionIndependentProgID]
@="ADM25.ADM25"

[HKEY_CLASSES_ROOT\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}]
@="SigningModule Class"
"AppID"="{8B0FEF15-54DC-49F5-8377-8172DE975F75}"

[HKEY_CLASSES_ROOT\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}\LocalServer32]
@="C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe"

[HKEY_CLASSES_ROOT\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}\ProgID]
@="SigningModule.SigningModule.1"

[HKEY_CLASSES_ROOT\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}\TypeLib]
@="{4DB801AD-34BF-4755-A43F-F7FC0F3A0009}"

[HKEY_CLASSES_ROOT\CLSID\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}\VersionIndependentProgID]
@="SigningModule.SigningModule"

[HKEY_CLASSES_ROOT\CLSID\{AF144267-356C-44F5-BB2C-4DF974B3267F}]

[HKEY_CLASSES_ROOT\CLSID\{AF144267-356C-44F5-BB2C-4DF974B3267F}\LocalServer32]
@="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /IMG_WIA"

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}]
@="ADM Class"
"AppID"="{99A8E2B2-3405-4C0D-9110-131C14CAAF62}"

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\Control]

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\Insertable]

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\LocalServer32]
@="C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe"

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\MiscStatus]
@="0"

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\MiscStatus\1]
@="131473"

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\ProgID]
@="ADM.ADM.1"

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\ToolboxBitmap32]
@="C:\PROGRA~1\Altnet\DOWNLO~1\adm4005.exe, 101"

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\TypeLib]
@="{5830698F-7FC0-40CD-A453-9A0CAFDF3A64}"

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}\VersionIndependentProgID]
@="ADM.ADM"

[HKEY_CLASSES_ROOT\CLSID\{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}]
@="ADM4 Class"

[HKEY_CLASSES_ROOT\CLSID\{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]

[HKEY_CLASSES_ROOT\CLSID\{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}\InprocServer32]
@="C:\Program Files\Altnet\Download Manager\adm4.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}\ProgID]
@="ADM4.ADM4.1"

[HKEY_CLASSES_ROOT\CLSID\{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}\VersionIndependentProgID]
@="ADM4.ADM4"

[HKEY_CLASSES_ROOT\CLSID\{E813099D-5529-47F4-9B37-4AFAFCB00A43}]
@="PSFactoryBuffer"

[HKEY_CLASSES_ROOT\CLSID\{E813099D-5529-47F4-9B37-4AFAFCB00A43}\InProcServer32]
@="C:\Program Files\Altnet\Download Manager\asmps.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe]
@="C:\Program Files\Hijackthis Version Française\hijackthis.exe"
"Path"="C:\Program Files\Hijackthis Version Française"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]
"nwindcs9.cnt"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]
"nwind9.cnt"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]
"nwind9.hlp"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help]
"nwindcs9.hlp"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis]
"DisplayName"="HijackThis 1.99.1"
"UninstallString"="C:\Program Files\Hijackthis Version Française\HijackThis.exe /uninstall"
"DisplayIcon"="C:\Program Files\Hijackthis Version Française\HijackThis.exe"
"DisplayVersion"="1.99.1"
"Publisher"="Soeperman Enterprises Ltd."
"URLInfoAbout"="http://ww11.spywareinfo.com/~merijn/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ad-aware 6 Professional]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,e0,23,00,00,00,00,00,34,d4,3d,\
  82,38,77,c7,01,06,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
  61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,4c,00,61,00,76,00,61,\
  00,73,00,6f,00,66,00,74,00,5c,00,41,00,64,00,2d,00,61,00,77,00,61,00,72,00,\
  65,00,20,00,36,00,5c,00,41,00,64,00,2d,00,77,00,61,00,74,00,63,00,68,00,2e,\
  00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AltnetDM]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,60,81,00,00,00,00,00,8a,a4,92,\
  43,38,77,c7,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
  61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,41,00,6c,00,74,00,6e,\
  00,65,00,74,00,5c,00,44,00,6f,00,77,00,6e,00,6c,00,6f,00,61,00,64,00,20,00,\
  4d,00,61,00,6e,00,61,00,67,00,65,00,72,00,5c,00,61,00,64,00,6d,00,34,00,30,\
  00,30,00,35,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TamTam_Organiseur]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,c0,a1,04,00,00,00,00,26,80,56,\
  62,b7,e8,c7,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
  61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,54,00,61,00,6d,00,54,\
  00,61,00,6d,00,5f,00,4f,00,72,00,67,00,61,00,6e,00,69,00,73,00,65,00,75,00,\
  72,00,5c,00,54,00,41,00,4d,00,54,00,41,00,4d,00,2e,00,35,00,2e,00,30,00,2e,\
  00,45,00,58,00,45,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9011040C-6000-11D3-8CFE-0150048383C9}]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,50,5c,2a,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,02,00,00,00,43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,\
  57,00,53,00,5c,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,5c,\
  00,7b,00,39,00,30,00,31,00,31,00,30,00,34,00,30,00,43,00,2d,00,36,00,30,00,\
  30,00,30,00,2d,00,31,00,31,00,44,00,33,00,2d,00,38,00,43,00,46,00,45,00,2d,\
  00,30,00,31,00,35,00,30,00,30,00,34,00,38,00,33,00,38,00,33,00,43,00,39,00,\
  7d,00,5c,00,6f,00,70,00,77,00,69,00,63,00,6f,00,6e,00,2e,00,65,00,78,00,65,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B6F867E8-F092-4C5E-ACA0-F30547DC3874}]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,\
  00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00
"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\VST]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\TamTam_Organiseur]
"Order"=hex:08,00,00,00,02,00,00,00,26,01,00,00,01,00,00,00,02,00,00,00,a6,\
  00,00,00,00,00,00,00,98,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,86,00,\
  32,00,f5,02,00,00,e3,36,31,9e,20,00,44,53,49,4e,53,54,7e,31,2e,4c,4e,4b,00,\
  00,5c,00,03,00,04,00,ef,be,e3,36,31,9e,24,37,6d,ae,14,00,00,00,44,00,e9,00,\
  73,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,00,72,00,20,00,54,00,61,\
  00,6d,00,54,00,61,00,6d,00,5f,00,4f,00,72,00,67,00,61,00,6e,00,69,00,73,00,\
  65,00,75,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
  be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,74,00,00,00,01,00,00,00,66,00,\
  00,00,41,75,67,4d,02,00,00,00,01,00,00,00,54,00,32,00,ff,02,00,00,e3,36,31,\
  9e,20,00,54,61,6d,54,61,6d,2e,6c,6e,6b,00,00,2c,00,03,00,04,00,ef,be,e3,36,\
  31,9e,24,37,6d,ae,14,00,00,00,54,00,61,00,6d,00,54,00,61,00,6d,00,2e,00,6c,\
  00,6e,00,6b,00,00,00,1a,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1a,00,00,00,\
  00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"="Ad-watch Monitor"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\WINDOWS\system32\SVCH0ST.EXE"="SVCH0ST"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe"="Ad-aware 6 core application"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\DOCUMENTS AND SETTINGS\GÉNIA\BUREAU\ccsetup200.exe"="CCleaner Installer"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Lavasoft\Ad-aware 6\Unwise.exe"="Unwise"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\PROGRA~1\Lavasoft\AD-AWA~1\unregaaw.exe"="unregaaw"








========    Rapport 2

Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\CompiledDB]
@="Base 4D compilée"

[HKEY_CLASSES_ROOT\CompiledDB\shell]

[HKEY_CLASSES_ROOT\OISbmpfile]
@=""

[HKEY_CLASSES_ROOT\OISbmpfile\shell]

[HKEY_CLASSES_ROOT\OISgiffile]
@=""

[HKEY_CLASSES_ROOT\OISgiffile\shell]

[HKEY_CLASSES_ROOT\OISjpegfile]
@=""

[HKEY_CLASSES_ROOT\OISjpegfile\shell]

[HKEY_CLASSES_ROOT\OISpngfile]
@=""

[HKEY_CLASSES_ROOT\OISpngfile\shell]

[HKEY_CLASSES_ROOT\StructFile]
@="Fichier de structure"

[HKEY_CLASSES_ROOT\StructFile\shell]

[HKEY_CLASSES_ROOT\VSTA.csproj.8.0]
@="Visual C# Project file"

[HKEY_CLASSES_ROOT\VSTA.csproj.8.0\shell]

[HKEY_CLASSES_ROOT\VSTA.datasource.8.0]
@="Visual Studio Data Source File"

[HKEY_CLASSES_ROOT\VSTA.datasource.8.0\shell]

[HKEY_CLASSES_ROOT\VSTA.snippet.8.0]
@="Visual Studio Code Snippet File"

[HKEY_CLASSES_ROOT\VSTA.snippet.8.0\shell]

[HKEY_CLASSES_ROOT\VSTA.vbproj.8.0]
@="Visual Basic Project file"

[HKEY_CLASSES_ROOT\VSTA.vbproj.8.0\shell]

[HKEY_CLASSES_ROOT\VSTA.vstemplate.8.0]
@="Visual Studio Project/Item Template File"

[HKEY_CLASSES_ROOT\VSTA.vstemplate.8.0\shell]








========    Rapport 3

Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\.4DB]
@="StructFile"

[HKEY_CLASSES_ROOT\.4DC]
@="CompiledDB"









==================================== BitDefender

BitDefender Online Scanner
 
Scan report generated at: Thu, Sep 13, 2007 - 02:27:27
 
Scan path: A:\;C:\;E:\;F:\;G:\;H:\;
 
Statistics
 
Time
 01:52:05
 
Files
 620763
 
Folders
 10916
 
Boot Sectors
 3
 
Archives
 5806
 
Packed Files
 47095
 
  
  
 
Results
 
Identified Viruses 
 7
 
Infected Files 
 7
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 6
 
  
  
 
Engines Info
 
Virus Definitions
 803636
 
Engine build
 AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)
 
Scan plugins
 14
 
Archive plugins
 38
 
Unpack plugins
 7
 
E-mail plugins
 6
 
System plugins
 1
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\Documents and Settings\Génia\Local Settings\Temporary Internet Files\Content.IE5\A8HBCRMG\ffa_dn[1]
 Infected with: MemScan:Trojan.Dropper.Agent.BON
 
C:\Documents and Settings\Génia\Local Settings\Temporary Internet Files\Content.IE5\A8HBCRMG\ffa_dn[1]
 Disinfection failed
 
C:\Documents and Settings\Génia\Local Settings\Temporary Internet Files\Content.IE5\A8HBCRMG\ffa_dn[1]
 Deleted
 
C:\Documents and Settings\Génia\Local Settings\Temporary Internet Files\Content.IE5\EQ4V3ZZ0\barsik[1]
 Infected with: MemScan:Trojan.Fotomoto.A
 
C:\Documents and Settings\Génia\Local Settings\Temporary Internet Files\Content.IE5\EQ4V3ZZ0\barsik[1]
 Disinfection failed
 
C:\Documents and Settings\Génia\Local Settings\Temporary Internet Files\Content.IE5\EQ4V3ZZ0\barsik[1]
 Deleted
 
C:\Documents and Settings\Génia\Mes documents\Mes programmes\Mailskinner_setup\Mailskinner_setup.exe
 Detected with: Adware.Navipromo.BYD
 
C:\Documents and Settings\Génia\Mes documents\Mes programmes\Mailskinner_setup\Mailskinner_setup.exe
 Disinfection failed
 
C:\Documents and Settings\Génia\Mes documents\Mes programmes\Mailskinner_setup\Mailskinner_setup.exe
 Deleted
 
C:\Documents and Settings\Génia\Mes documents\Mes programmes\MON_DISQUE (D)\deblocage tel\SIEMENS\a50-c55_tools_by_s_yazdanfar_199.zip=>A50-C55-ALL/Siemens_Unlock.exe
 Infected with: Backdoor.Prorat.IT
 
C:\Documents and Settings\Génia\Mes documents\Mes programmes\MON_DISQUE (D)\deblocage tel\SIEMENS\a50-c55_tools_by_s_yazdanfar_199.zip=>A50-C55-ALL/Siemens_Unlock.exe
 Disinfection failed
 
C:\Documents and Settings\Génia\Mes documents\Mes programmes\MON_DISQUE (D)\deblocage tel\SIEMENS\a50-c55_tools_by_s_yazdanfar_199.zip=>A50-C55-ALL/Siemens_Unlock.exe
 Deleted
 
C:\Documents and Settings\Génia\Mes documents\Mes programmes\MON_DISQUE (D)\deblocage tel\SIEMENS\a50-c55_tools_by_s_yazdanfar_199.zip
 Updated
 
C:\WINDOWS\system32\cdfdv2.dll
 Infected with: Trojan.Downloader.ConHook.AI
 
C:\WINDOWS\system32\cdfdv2.dll
 Disinfection failed
 
C:\WINDOWS\system32\cdfdv2.dll
 Delete failed
 
C:\WINDOWS\system32	mp68A.tmp.dll
 Infected with: MemScan:Trojan.BHO.BX
 
C:\WINDOWS\system32	mp68A.tmp.dll
 Disinfection failed
 
C:\WINDOWS\system32	mp68A.tmp.dll
 Deleted
 
C:\WINDOWS\system32	mp8A.tmp.dll
 Infected with: MemScan:Trojan.Agent.AADI
 
C:\WINDOWS\system32	mp8A.tmp.dll
 Disinfection failed
 
C:\WINDOWS\system32	mp8A.tmp.dll
 Deleted
 
 






==================================== Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 13:28:32, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\OMP\Banque30\BIN\BQ30TNA.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Netscape\Netscape Browser
etscape.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\OMP\Banque30\BIN\BQ30TNA.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row-rel&channel=fr&ibd=5061206
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {80071c5d-8e7a-4d55-b117-d7976fc27849} - C:\WINDOWS\system32\cdfdv2.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32	mp6EF.tmp.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vPhone] C:\Program Files\Cell Wireless\vPhone\vPhone.exe -autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Gestionnaire Banque 3.0] C:\Program Files\OMP\Banque30\BIN\BQ30TNA.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\mligdc.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [E06FXLRD_30749578] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: cdfdv2 - C:\WINDOWS\SYSTEM32\cdfdv2.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\DOCUME~1\GNIA~1\LOCALS~1\Temp	mp71D.tmp.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MicrosoftHelp - Unknown owner - C:\WINDOWS\system32\SVCH0ST.EXE (file missing)
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe








Voilà, c'est fait.

Toutefois, malgré le nettoyage de ces applications, mon ordinateur est toujours aussi lent.
Mon ordianteurs est neuf, je l'ai achété en février de cette année (2007)

Aussi, une remarque.
Il ne le faisait pas avant, mais à présent au démarrage (LENT - TRES LENT) je reconnais qu'il est totalement lancé, lorsque l'écran s'éteind et se rallume ensuite.

Est ce normal?
Et que faire pour palier à ce cela?

Cordialement,
Génia

hakim_103@yattoo.com

Nunuxnewby · Answer

Mort de rire!
Tu m'étonnes qu'il soit lent quand on voit le nombre de processus en cours et le nombre de chose qui se lance inutilement au démarrage de l'ordi!

Relance Hijackthis et coche tout les O4 sauf:
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
qui semble être ton antivirus (McAfee???)

Ensuite tu peux supprimer tout les O2 avec hijackthis!

De plus essaye de désactiver les services inutiles ( https://www.pcastuces.com/pratique/windows/services/page1.htm

nardino · Answer

Bonsoir.

Il y a du travail !!!

Cette procédure sera effectuée en mode sans échec pour la majeure partie.
Je te conseille :
-Ou de l'imprimer et de cocher les actions effectuées au fur et à mesure.
-Ou de l'enregistrer sur le bureau avec le blocnote sous [i]Procédure.txt[/i] par exemple. 
-Ou Enregistrer sous : [i]Procédure.html[/i] 
-Ou Enregistrer sous : [i]Procédure.mht[/i] si tu utilises Internet Explorer.

Prends le temps de bien lire, d'appliquer ce qui est préconisé et si tu rencontres des difficultés, n'hésite pas à poser des questions.
Chaque phrase a son importance et il faut bien respecter cette procédure dans l'ordre pour agir efficacement.
[b]Cependant, si tu rencontres un problème, saute une étape et informe-nous sur cette difficulté[/b].

1°-[u]Désinfection Vundo-Virtumonde[/u]

Télécharge :
[b]VundoFix[/b] de Atribune: http://www.atribune.org/ccount/click.php?id=4
[b]VirtumondoBegone[/b] : http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clic sur Vundofix.exe.
Coche la case [b]Run VundoFix as a task[/b]
Répond OK au popup qui s'ouvre.
Il va se refermer et réouvrir au bout d'une minute environ.
Quand il est rouvert, clique sur [b]Scan for Vundo[/b]
Quand le scan est terminé, clique sur [b]Remove Vundo[/b]
Réponds [b]Yes[/b] à la demande de suppression des fichiers.
Il te sera demandé de redémarrer ton ordinateur, accepte bien sûr.
[b]Copie/colle le rapport (c:\vundofix.txt) dans ta réponse[/b]

Si cela n'a pas fonctionné, redémarre en mode sans échec et lance VirtumundoBeGone.exe.
Et donne des nouvelles suite à l'exécution du ou des deux fix.

2°-[u]A télécharger et installer[/u]

-[b]Code Stuff Starter[/b] : https://www.clubic.com/telecharger-fiche12492-starter.html
Décompresse-le et installe-le.
-[b]ATF-Cleaner[/b] : http://www.atribune.org/content/view/25/1/
Crée un dossier ATF-Cleaner pour mettre le fichier exe, ce programme ne nécessite pas d'installation.
-[b]OTMoveIt [/b] : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
Sur ton bureau. TRES IMPORTANT

3°-[u]Démarrage en mode sans échec[/u].

Après la fermeture de la première fenêtre, au tout début de la phase de démarrage du PC (boot), appuyer sur F8.
Une fenêtre de type DOS s'ouvre, sélectionner Mode sans échec à l'aide des flèches du clavier et cliquer sur Entrée (Enter) une fois surligné.
Ne t'inquiète pas de l'aspect, Windows démarre avec le minimum nécessaire.
[b]Il faut choisir la même session que celle qui est infectée et non pas la sesssion Administrateur qui n'apparaît que sous ce mode.[/b]

4°-[u]Nettoyage des fichiers temporaires [/u].

Ouvre ATF-Cleaner 
Clique sur [b]Select All[/b] et sur le bouton [b]Empty selected[/b], puis [b]OK[/b] dans le popup [b]Done[/b] qui s'ouvrira quelques secondes plus tard.
Si tu utilises [b]Firefox[/b] et/ou [b]Opéra[/b], clique en haut et renouvelle le nettoyage en refusant d'effacer les mots de passe quand cela te sera demandé.
Puis [b]Quit[/b].

5°-[u]Hijackthis[/u].

Tu lances Hijackthis par le bouton [i][b]Scanner seulement/Scan only[/b][/i], selon la version et tu coches:

[b]R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local 
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll 
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll 
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll 
O2 - BHO: (no name) - {80071c5d-8e7a-4d55-b117-d7976fc27849} - C:\WINDOWS\system32\cdfdv2.dll 
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll 
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32	mp6EF.tmp.dll 
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll 
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL 
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\mligdc.dll",forkonce 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll 
O18 - Filter: text/html - (no CLSID) - (no file) 
O20 - Winlogon Notify: cdfdv2 - C:\WINDOWS\SYSTEM32\cdfdv2.dll[/b]

Tu cliques sur [i][b]Fixer objet/Fix checked[/b][/i] et tu refermes Hijackthis.

6°-[u]Arrêt, Suppression services inutiles ou intrus[/u].

Dans Démarrer/Exécuter, tape [b]services.msc[/b] et recherche ce(s) service(s) :
 
O23 - Service: DomainService - Unknown owner - C:\DOCUME~1\GNIA~1\LOCALS~1\Temp	mp71D.tmp.exe (file missing) 
O23 - Service: MicrosoftHelp - Unknown owner - C:\WINDOWS\system32\SVCH0ST.EXE (file missing)

Tu le(s) arrêtes et tu les désactives en cliquant dessus , dans Type de démarrage.

7°-[u]Nettoyage[/u].

Utilise OTMoveIt.
Pour cela ouvre-le:
Copie et colle la liste ci-dessous  dans le volet de gauche et clique sur [b]MoveIt![/b] pour lancer la suppression.

[b]C:\WINDOWS\system32\SVCH0ST.EXE
C:\Program Files\PandoBar
C:\WINDOWS\mligdc.dll
C:\WINDOWS\SYSTEM32\cdfdv2.dll
C:\Documents and Settings\Genial\Local Settings\Temp	mp71D.tmp.exe[/b]

le résultat apparaitra dans le cadre Results à droite.
Clique sur Exit pour fermer.
Un rapport sera enreggistré dans C:\_OTMoveIt\MovedFiles.

Il te sera peut-être demander de redémarrer le pc pour achever la suppression.
Si c'est le cas attends la fin de la procédure pour redémarrer.

8°-[u]Conseil - Nettoyage du démarrage[/u]

Tu ouvres Starter et tu cliques sur [b]AllSection[/b] dans la colonne de gauche.

Tu décoches toutes les lignes qui sont en rapport avec les suivantes et qui correspondent à des applications inutiles au lancement du système :
Elles consomment de la mémoire inutilement.

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" 
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay 
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE 
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup 
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized ***valable un mois après installation
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"  ***inutile si tu ne programmes pas de backups avec Néro
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe 
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe 

Si à l'usage tu veux réactiver l'une d'elles, il te suffira de la recocher.

9°-[u]Redémarrage en mode normal[/u]

[b]Poste les rapports OTMoveIt, VundoFix et un nouveau log Hijackthis établi en mode normal.
Donne des infos sur l'évolution de la situation et les problèmes éventuellement rencontrés lors de la procédure.[/b]

10°-[u]Conseil et mises à jours[/u]

Par Ajout/suppression des programmes, désinstalle :
Yahoo! Toolbar
PandoBar  ***Si elle existe encore.
jre1.6.0_01
Acrobat 6.0

Mets à jour les programmes suivants:

-Java Runtime Environment (JRE)6u2 :
https://www.oracle.com/java/technologies/javase-downloads.html
Clique sur Download Java Runtime Environment (JRE) 6u2
Dans la page suivante coche [b]Iaccept[/b] et télécharge [b] Windows Offline Installation, Multi-language //jre-6u2-windows-i586-p.exe //13.89 MB[/b]
Tu l'installeras navigateur fermé.
Dans Ajout/Suppression des programmes tu supprimes toutes les autres versions.

-Acrobat Reader 8.1.:
https://get2.adobe.com/reader/otherversions/
Décocher Téléchargez également :Adobe Photoshop® Album Édition

Bon courage et @plus

KANDOF · Answer

mON ANTI VIRUS NE PARVIENT PAS A SUPRIMERLE VIRUS DETECTE.

Recherche et suppression de virus de mon PC

3 réponses

Votre réponse

Newsletters