Hijack [Résolu]

Bonjour,

Ton PC est infecté.

Télécharge Ad-Remover (de C_XX) sur ton Bureau.

Déconnecte-toi et ferme toutes applications en cours.

Double-clique sur AD-R situé sur ton Bureau pour le lancer.

Choisis Nettoyer puis valide.

Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Merci pour ta réponse voici le rapport du scan:



Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://search.live.com
Show_ToolBar: yes
Start Page: hxxp://mystart.hiyo.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\DOCUME~1\per\LOCALS~1\Temp: 19 Fichier(s), 4 Dossier(s)
C:\WINDOWS\temp: 5 Fichier(s), 0 Dossier(s)
Temporary Internet Files: 7 Fichier(s), 5 Dossier(s)
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 1 Fichier(s)
.
C:\Ad-Report-SCAN[1].txt - 3733 Octet(s)
.
Fin à: 19:10:06, 29/03/2010
.
============== E.O.F - SCAN[1] ==============





Et pour le nettoyage tous va bien jusqu'à ce qu'il arrive a 85% et une erreur ce produit l'en empêchant de terminer son nettoyage!

Désolé voici le rapport complet du scan :


.
======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 28/03/10 à 21:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:07:09 le 29/03/2010 | Mode normal | Option: SCAN
Exécuté de: C:\Ad-Remover\ADR.exe
SE: Microsoft® Windows XP™ Service Pack 2 - X86
Nom du PC: MASSYL | Utilisateur actuel: per (Administrateur)
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
C:\Documents and Settings\per\Application Data\Mozilla\FireFox\Profiles\m3t1atd4.default\searchplugins\ask.xml
.
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{C94E154B-1459-4A47-966B-4B843BEFC7DB}
.
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.8 (fr) *
.
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.download.dir: C:\\Documents and Settings\\per\\Bureau
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\per\\Mes documents
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.search.defaultenginename: MyStart Rechercher
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.search.defaulturl: hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.search.selectedEngine: Yahoo
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.startup.homepage: hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr fficial
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - keyword.URL: hxxp://mystart.hiyo.com/?loc=ff_address&search=
.
TROUVÉ: C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1");
.
* Internet Explorer Version 6.0.2900.2180 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://search.live.com
Show_ToolBar: yes
Start Page: hxxp://mystart.hiyo.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\DOCUME~1\per\LOCALS~1\Temp: 19 Fichier(s), 4 Dossier(s)
C:\WINDOWS\temp: 5 Fichier(s), 0 Dossier(s)
Temporary Internet Files: 7 Fichier(s), 5 Dossier(s)
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 1 Fichier(s)
.
C:\Ad-Report-SCAN[1].txt - 3733 Octet(s)
.
Fin à: 19:10:06, 29/03/2010
.
============== E.O.F - SCAN[1] ==============

Ok.

Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.

Double-clique sur le fichier téléchargé pour lancer le processus d'installation.

Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.

Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.

Sélectionne Exécuter un examen rapide.

Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

Ferme tes navigateurs.

Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3929
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

29-03-2010 21:49:27
mbam-log-2010-03-29 (21-49-26).txt

Type de recherche: Examen rapide
Eléments examinés: 132283
Temps écoulé: 19 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 764
Valeur(s) du Registre infectée(s): 17
Elément(s) de données du Registre infecté(s): 9
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 53

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ff_vfw32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\6.tmp (Worm.P2P) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112a2a8c-6199-415e-92df-ad46482d1314} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{112a2a8c-6199-415e-92df-ad46482d1314} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\18ab705b861 (Trojan.Tracur) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{112a2a8c-6199-415e-92df-ad46482d1314} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aavgapi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aawtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\about.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ad-aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adwareprj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aluschedulersvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus_pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashavast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashbug.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashchest.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashcnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashdisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashlogv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashmaisv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashpopwz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashquick.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashsimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashsimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashwebsv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswchlic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswregsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswrundll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswupdsv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinprocpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmsnscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanielow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savedefense.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\history.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\identity.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieshow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jsrcgen.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alphaav (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alphaav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antispywarxp2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-virus professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiviruspro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quickhealcleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safetykeeper.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savearmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secure veteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securityfighter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softsafeness.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trustwarrior.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows police pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\malwareremoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsacore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

Relance MBAM, va dans Quarantaine et supprime tout.

Réessaie la manip' avec Ad-Remover.

Désole de te le dire mais kif kif , il y a une erreur avant que AD-Remover ne finissent le nettoyage.

Que dit l'erreur ?

Line-1:

Error:Error in expression.


Voilà mots par mots ce que indique le message d'erreur.

Ok merci  

Télécharge OTL (de OldTimer) sur ton Bureau.

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche Minimal Output.

Coche également les cases à côté de LOP Check et Purity Check.

Enfin, clique sur le bouton Run Scan. Le scan ne prendra pas beaucoup de temps.

Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

Pour me transmettre les rapports :

Clique sur ce lien : http://www.cijoint.fr/

Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.

Clique sur Ouvrir.

Clique sur Cliquez ici pour déposer le fichier.

Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.

Copie-colle ce lien dans ta réponse.

C'est bon pour Ad-Remover j'ai pu le faire fonctionner normalement voici le rapport:



(!) -- Fichiers temporaires supprimés.
.
.
(Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
.
============== SCAN ADDITIONNEL ==============
.
* Mozilla FireFox Version 3.5.8 (fr) *
.
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.download.dir: C:\\Documents and Settings\\per\\Bureau
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\per\\Mes documents
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.search.defaultenginename: MyStart Rechercher
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.search.defaulturl: hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.search.selectedEngine: Yahoo
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.startup.homepage: hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr fficial
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8
C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - keyword.URL: hxxp://mystart.hiyo.com/?loc=ff_address&search=
.
EFFACÉ: C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1");
.
* Internet Explorer Version 6.0.2900.2180 *
.
[HKCU\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
.
[HKLM\Software\Microsoft\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
.
========================================
.
C:\DOCUME~1\per\LOCALS~1\Temp: 2 Fichier(s), 3 Dossier(s)
C:\WINDOWS\temp: 2 Fichier(s), 0 Dossier(s)
Temporary Internet Files: 2 Fichier(s), 2 Dossier(s)
.
C:\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Ad-Remover\Backup: 0 Fichier(s)
.
C:\Ad-Report-CLEAN[6].txt - 2787 Octet(s)
.
Fin à: 19:54:37, 30/03/2010
.
============== E.O.F - CLEAN[6] ==============




Et pour les rapports OTL les voici:


http://www.cijoint.fr/cjlink.php?file=cj201003/cijNQ39Z...
http://www.cijoint.fr/cjlink.php?file=cj201003/cijIeFoI...

1/

Relance Ad-Remover et choisis Désinstaller.

Télécharge HostsXpert sur ton Bureau.

Décompresse-le (Clic droit >> Extraire ici).

Double-clique sur HostsXpert pour le lancer.

Clique sur le bouton Restore MS Hosts File puis ferme le programme.

PS : avant de cliquer sur le bouton Restore MS Hosts File, vérifie que le cadenas en haut à gauche soit ouvert sinon tu vas avoir un message d'erreur.


2/

Télécharge UsbFix (par El Desaparecido & C_XX) sur ton Bureau.

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Double-clique sur UsbFix pour l'exécuter.

Choisis l'option 1 (Recherche).

Laisse travailler l'outil.

Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Comment faire pour qu'il soit ouvert?? (le cadenas)

En cliquant dessus.

c'est ce que j'ai mais rien ne se produit!

Passe à la suite.

############################## | UsbFix V6.100 |

User : per (Administrateurs) # MASSYL
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 13:27:57 | 02-04-2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : Kaspersky Internet Security 7.0.1.325 [ Enabled | Updated ]
AV : CleanUp Antivirus [ Enabled | Updated ]
FW : Kaspersky Internet Security[ Enabled ]7.0.1.325
FW : CleanUp Antivirus[ Enabled ]

C:\ -> Disque fixe local # 39.06 Go (8.8 Go free) # NTFS
D:\ -> Disque fixe local # 39.06 Go (38.7 Go free) # NTFS
E:\ -> Disque fixe local # 39.06 Go (25.92 Go free) # NTFS
F:\ -> Disque fixe local # 36.2 Go (36.13 Go free) # NTFS
G:\ -> Disque CD-ROM
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible

################## | Elements infectieux |


################## | Registre |

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{286ebf07-5985-11de-b2e5-001fe2047f24}
Shell\Auto\command =auto.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
Shell\explore\Command =b3b9u.com
Shell\open\Command =b3b9u.com

HKCU\..\..\Explorer\MountPoints2\{2fb2465a-8450-11de-b35d-001fe2047f24}
Shell\Auto\command =KM.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KM.exe

HKCU\..\..\Explorer\MountPoints2\{2fb2465b-8450-11de-b35d-001fe2047f24}
Shell\Auto\command =KM.exe
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KM.exe

HKCU\..\..\Explorer\MountPoints2\{ca9827f6-d2a9-11de-8be4-001fe2047f24}
Shell\AutoRun\command =O:\MediaManager.exe

HKCU\..\..\Explorer\MountPoints2\{ca9827f7-d2a9-11de-8be4-001fe2047f24}
Shell\AutoRun\command =qcwpung.exe
Shell\explore\Command =qcwpung.exe
Shell\open\Command =qcwpung.exe

HKCU\..\..\Explorer\MountPoints2\{dab0d2e6-5035-11de-b2c2-001fe2047f24}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL yoAyo.Exe

################## | Vaccin |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | ! Fin du rapport # UsbFix V6.100 ! |

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Double-clique sur UsbFix présent sur ton Bureau pour le lancer.

Choisis l'option 2 (Suppression).

Ton Bureau disparaîtra et le PC redémarrera.

Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

############################## | UsbFix V6.100 |

User : per (Administrateurs) # MASSYL
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 13:48:42 | 04-04-2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : Kaspersky Internet Security 7.0.1.325 [ Enabled | Updated ]
AV : CleanUp Antivirus [ Enabled | Updated ]
FW : Kaspersky Internet Security[ Enabled ]7.0.1.325
FW : CleanUp Antivirus[ Enabled ]

C:\ -> Disque fixe local # 39.06 Go (8.8 Go free) # NTFS
D:\ -> Disque fixe local # 39.06 Go (38.69 Go free) # NTFS
E:\ -> Disque fixe local # 39.06 Go (25.92 Go free) # NTFS
F:\ -> Disque fixe local # 36.2 Go (36.13 Go free) # NTFS
G:\ -> Disque CD-ROM
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
K:\ -> Disque amovible
L:\ -> Disque amovible # 1005.99 Mo (306.75 Mo free) # FAT32
M:\ -> Disque amovible # 0.98 Mo (0.89 Mo free) # FAT
N:\ -> Disque amovible # 1007.2 Mo (345.19 Mo free) # FAT
O:\ -> Disque amovible # 0.98 Mo (0.89 Mo free) # FAT

################## | Elements infectieux |

Supprimé ! C:\Recycler\S-1-5-21-1708537768-220523388-839522115-1003
Supprimé ! D:\Recycler\S-1-5-21-1708537768-220523388-839522115-1003
Supprimé ! E:\Recycler\S-1-5-21-1708537768-220523388-839522115-1003
Supprimé ! F:\Recycler\S-1-5-21-1708537768-220523388-839522115-1003

################## | Registre |

Supprimé ! [HKLM\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"

################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{286ebf07-5985-11de-b2e5-001fe2047f24}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2fb2465a-8450-11de-b35d-001fe2047f24}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2fb2465b-8450-11de-b35d-001fe2047f24}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{ca9827f6-d2a9-11de-8be4-001fe2047f24}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{ca9827f7-d2a9-11de-8be4-001fe2047f24}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{dab0d2e6-5035-11de-b2c2-001fe2047f24}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[03/30/2010 07:54 PM|--a------|2913] C:\Ad-Report-CLEAN[6].txt
[06/03/2009 08:51 AM|--a------|0] C:\AUTOEXEC.BAT
[06/23/2009 03:29 PM|---hs----|212] C:\boot.ini
[09/07/2002 01:00 AM|-rahs----|4952] C:\Bootfont.bin
[06/03/2009 08:51 AM|--a------|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[03/21/2010 05:18 PM|--a------|18842] C:\hpfr3320.log
[06/03/2009 08:51 AM|-rahs----|0] C:\IO.SYS
[06/03/2009 08:51 AM|-rahs----|0] C:\MSDOS.SYS
[08/04/2004 03:38 AM|-rahs----|47564] C:\NTDETECT.COM
[08/04/2004 03:59 AM|-rahs----|251712] C:\ntldr
[?|?|?] C:\pagefile.sys
[04/04/2010 01:55 PM|--a------|3487] C:\UsbFix.txt
[11/26/2009 02:27 AM|--a------|733204480] L:\Twilight.2.New.Moon.TRUEFRENCH.TS.MD.XviD-BOWSER.avi
[12/12/2008 10:06 AM|--a------|94208] M:\MLC REL 07-08 A.doc
[09/07/2009 06:31 PM|--a------|23757] N:\NEMESIS.rar
[09/03/2009 09:30 AM|--a------|31920464] N:\kis7.0.1.325fr.exe
[10/02/2009 09:33 PM|--a------|1015392] N:\SetupNokiaMusic.exe
[06/09/2009 03:06 PM|--a------|1878888] N:\install_flash_player.exe
[08/31/2009 10:12 AM|--a------|24519152] N:\NokiaSoftwareUpdaterSetup_fr.exe
[04/04/2010 01:47 PM|--a------|1610] N:\BOOTEX.LOG
[12/12/2008 10:06 AM|--a------|94208] O:\MLC REL 07-08 A.doc

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# L:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# N:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_MASSYL.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.100 ! |

Relance UsbFix et choisis l'option 6 pour le désinstaller.

Refais un scan OTL et poste le rapport OTL.

http://www.cijoint.fr/cjlink.php?file=cj201004/cijHG4pz...

1/

Supprime HostsXpert.

Télécharge R-Hosts (de S!ri) sur ton Bureau.

Double-clique sur R-Hosts puis clique sur Restaurer, puis OK.


2/

Télécharge SystemLook sur ton Bureau.

Double-clique sur SystemLook.exe pour le lancer.

Copie-colle le contenu du cadre ci-dessous dans la zone texte de SystemLook :

:dir
C:\WINDOWS\System32\714676028

Clique sur le bouton Look pour démarrer l'examen.

A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.
Note : Le rapport peut aussi être trouvé sur ton Bureau sous le nom SystemLook.txt

Peut tu me passer un autre lien pour R-HOSTS merci.

Le lien fonctionne très bien.

il n'arrive pas a ce connecter d'après firefox .

Lien provisoire :
http://destrio5.free.fr/Telechargement_CCM/RHosts.exe

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:29 on 06/04/2010 by per (Administrator - Elevation successful)

No Context: C:\WINDOWS\System32\714676028

-=End Of File=-

Tu n'as pas oublié le "dir" ?

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 11:07 on 07/04/2010 by per (Administrator - Elevation successful)

========== dir ==========

C:\WINDOWS\System32\714676028 - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-=End Of File=-





Désolé!!

Ton PC va bien ?

Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Sous l'onglet Custom Scans/Fixes en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-wind... (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-wind... (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-wind... (Java Plug-in 1.6.0_11)
[2010-03-31 09:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\per\Bureau\HostsXpert
[2010-03-27 15:58:50 | 000,002,855 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
2010-03-25 23:38:39 | 000,000,800 | -HS- | C] () -- C:\WINDOWS\System32\1224417291
[2010-03-25 23:38:36 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\413888603
[2010-03-25 23:31:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\714676028
[2010-03-27 15:25:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\CUKLLA
[2010-03-27 15:17:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\0d3c8ee

:commands
[emptytemp]
[reboot]

Puis clique sur le bouton Run Fix en haut de la fenêtre.

Laisse le programme travailler, redémarre une fois le fix terminé.

Poste le rapport qui s'affichera après redémarrage.

Bonjour,


All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Folder C:\Documents and Settings\per\Bureau\HostsXpert\ not found.
C:\WINDOWS\system32\drivers\etc\hosts.msn moved successfully.
C:\WINDOWS\system32\413888603 moved successfully.
C:\WINDOWS\System32\714676028 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\CUKLLA folder moved successfully.
C:\Documents and Settings\All Users\Application Data\0d3c8ee folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes

User: Administrateur.MASSYL
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: per
->Temp folder emptied: 8958985 bytes
->Temporary Internet Files folder emptied: 186194 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67583253 bytes
->Flash cache emptied: 5109 bytes

User: PRZT

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114937 bytes
%systemroot%\System32 .tmp files removed: 3590656 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 114688 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13062324 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 15325900 bytes

Total Files Cleaned = 106.00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 04092010_100122

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Comment va le PC ?

Refais un scan OTL et poste le rapport OTL.

OTL logfile created on: 09-04-2010 10:11:50 - Run 3
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\per\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001401 | Country: Algérie | Language: ARG | Date Format: dd-MM-yyyy

895.00 Mb Total Physical Memory | 300.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 8.88 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 38.70 Gb Free Space | 99.09% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 25.92 Gb Free Space | 66.37% Space Free | Partition Type: NTFS
Drive F: | 36.20 Gb Total Space | 36.13 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MASSYL
Current User Name: per
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\per\Bureau\SetupOviPlayer.exe (Nokia)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\per\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\per\Local Settings\Temp\7zS2.tmp\NokiaInstaller.exe (Nokia)
PRC - C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\per\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll (Kaspersky Lab)
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll (Kaspersky Lab)
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)
DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\WINDOWS\system32\drivers\se44unic.sys (MCCI)
DRV - (se44obex) -- C:\WINDOWS\system32\drivers\se44obex.sys (MCCI)
DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\WINDOWS\system32\drivers\se44nd5.sys (MCCI)
DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\se44mgmt.sys (MCCI)
DRV - (se44mdm) -- C:\WINDOWS\system32\drivers\se44mdm.sys (MCCI)
DRV - (se44mdfl) -- C:\WINDOWS\system32\drivers\se44mdfl.sys (MCCI)
DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\WINDOWS\system32\drivers\se44bus.sys (MCCI)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8C 2A 2A 11 99 61 5E 41 92 DF AD 46 48 2D 13 14 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {579fdf7f-4ec5-438c-9cc6-685c9f83fa3e}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-04-07 16:09:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-04 09:13:38 | 000,000,000 | ---D | M]

[2009-06-04 08:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Mozilla\Extensions
[2009-06-04 08:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010-04-09 08:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions
[2010-02-05 22:51:09 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009-10-04 17:34:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-03-29 21:47:55 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{579fdf7f-4ec5-438c-9cc6-685c9f83fa3e}
[2009-10-17 10:13:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009-06-04 13:18:20 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\searchplugins\live-search.xml
[2009-10-13 12:46:04 | 000,002,123 | ---- | M] () -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\searchplugins\MyStart Search.xml
[2010-03-29 21:49:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010-03-27 15:58:50 | 000,002,855 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.212.177.251 www.google.com
O1 - Hosts: 67.212.177.251 google.com
O1 - Hosts: 67.212.177.251 google.com.au
O1 - Hosts: 67.212.177.251 www.google.com.au
O1 - Hosts: 67.212.177.251 google.be
O1 - Hosts: 67.212.177.251 www.google.be
O1 - Hosts: 67.212.177.251 google.com.br
O1 - Hosts: 67.212.177.251 www.google.com.br
O1 - Hosts: 67.212.177.251 google.ca
O1 - Hosts: 38 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] E:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm ()
O9 - Extra Button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (Kaspersky Lab)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\per\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\per\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\mrt.exe: Debugger - svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-03 08:51:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-04-09 10:01:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-04-09 09:56:40 | 001,102,624 | ---- | C] (Nokia) -- C:\Documents and Settings\per\Bureau\SetupOviPlayer.exe
[2010-04-08 14:20:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\per\Recent
[2010-04-02 13:26:44 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010-03-31 18:55:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010-03-30 19:39:45 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\per\Bureau\OTL.exe
[2010-03-29 20:16:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-29 20:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-03-29 20:16:06 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-03-29 20:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-03-29 20:02:13 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\per\Mes documents\malwarebytes-anti-malware_malwarebytes_anti-malware_1.44_francais_215092.exe
[2010-03-29 19:07:01 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2010-03-25 23:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010-03-25 01:29:24 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010-03-25 01:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010-01-30 21:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009-08-27 08:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009-06-03 08:59:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009-06-03 08:54:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010-04-09 10:16:11 | 000,969,504 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010-04-09 10:15:07 | 001,082,912 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010-04-09 10:14:33 | 000,511,954 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010-04-09 10:14:33 | 000,443,722 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-04-09 10:14:33 | 000,085,018 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010-04-09 10:14:33 | 000,071,684 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-04-09 10:13:06 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010-04-09 10:12:32 | 001,128,466 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-09 10:02:53 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010-04-09 10:02:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-04-09 10:02:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-04-09 10:02:48 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2010-04-09 10:02:16 | 000,105,416 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010-04-09 10:01:52 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\per\NTUSER.DAT
[2010-04-09 10:01:52 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\per\ntuser.ini
[2010-04-09 09:57:22 | 001,102,624 | ---- | M] (Nokia) -- C:\Documents and Settings\per\Bureau\SetupOviPlayer.exe
[2010-04-09 09:02:13 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010-04-09 07:56:39 | 000,000,035 | ---- | M] () -- C:\WINDOWS\System32\package.lst
[2010-04-08 17:45:44 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\per\Bureau\Skype.lnk
[2010-04-07 19:10:52 | 000,285,152 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\dossier_organisateurs.pdf
[2010-04-05 21:01:05 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\gastrite biliaire post ctc.doc
[2010-04-05 20:59:27 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\IPP a long terme.doc
[2010-04-05 20:57:23 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\Kc du rectum.doc
[2010-04-05 20:55:42 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\GEA.doc
[2010-04-05 20:54:23 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\per\Bureau\Microsoft Office Word 2003.lnk
[2010-04-04 13:55:45 | 000,001,907 | ---- | M] () -- C:\UsbFix_Upload_Me_MASSYL.zip
[2010-04-04 13:47:20 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-04 08:41:22 | 000,033,776 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\ti83p112.sav
[2010-03-31 19:45:42 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\per\Bureau\WordBiz.lnk
[2010-03-31 10:31:06 | 003,370,880 | -H-- | M] () -- C:\Documents and Settings\per\Local Settings\Application Data\IconCache.db
[2010-03-30 19:41:17 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\per\Bureau\OTL.exe
[2010-03-29 21:54:39 | 000,003,616 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861P.manifest
[2010-03-29 20:16:14 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010-03-29 20:15:46 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\per\Mes documents\malwarebytes-anti-malware_malwarebytes_anti-malware_1.44_francais_215092.exe
[2010-03-29 19:16:37 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861C.manifest
[2010-03-29 19:16:37 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861S.manifest
[2010-03-29 19:16:37 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861O.manifest
[2010-03-29 13:43:01 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\CURRICULUM VITAE wassila.doc
[2010-03-28 15:53:37 | 000,255,714 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\sdf.pdf
[2010-03-28 15:07:02 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\per\intlname.ols
[2010-03-27 17:34:19 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\per\Bureau\Counter-Strike 1.6.lnk
[2010-03-27 15:58:50 | 000,002,855 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-03-25 23:38:39 | 000,000,800 | -HS- | M] () -- C:\WINDOWS\System32\1224417291
[2010-03-25 23:31:30 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2010-03-25 20:32:51 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\per\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-25 01:28:14 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Nokia Software Updater.lnk
[2010-03-24 15:30:21 | 000,042,952 | ---- | M] () -- C:\Documents and Settings\per\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-03-22 21:04:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-03-19 15:09:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-03-19 10:38:24 | 000,123,283 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\fighting_spirit.zip
[2010-03-13 12:53:07 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\Lycée El.doc

========== Files Created - No Company Name ==========

[2010-04-07 19:10:52 | 000,285,152 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\dossier_organisateurs.pdf
[2010-04-05 21:01:05 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\gastrite biliaire post ctc.doc
[2010-04-05 20:59:27 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\IPP a long terme.doc
[2010-04-05 20:57:22 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\Kc du rectum.doc
[2010-04-05 20:55:42 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\GEA.doc
[2010-04-04 13:55:45 | 000,001,907 | ---- | C] () -- C:\UsbFix_Upload_Me_MASSYL.zip
[2010-03-31 19:45:42 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\per\Bureau\WordBiz.lnk
[2010-03-29 20:16:14 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010-03-29 13:40:12 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\CURRICULUM VITAE wassila.doc
[2010-03-28 15:53:37 | 000,255,714 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\sdf.pdf
[2010-03-27 17:34:19 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\per\Bureau\Counter-Strike 1.6.lnk
[2010-03-27 16:14:49 | 939,053,056 | -HS- | C] () -- C:\hiberfil.sys
[2010-03-25 23:38:39 | 000,000,800 | -HS- | C] () -- C:\WINDOWS\System32\1224417291
[2010-03-25 23:31:30 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010-03-25 23:12:37 | 000,003,616 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861P.manifest
[2010-03-25 23:12:37 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861C.manifest
[2010-03-25 23:12:37 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861S.manifest
[2010-03-25 23:12:37 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861O.manifest
[2010-03-25 01:28:14 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Nokia Software Updater.lnk
[2010-03-22 21:04:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-03-21 19:59:50 | 055,925,993 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\A.flv
[2010-03-19 10:37:51 | 000,123,283 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\fighting_spirit.zip
[2010-03-13 12:43:26 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\Lycée El.doc
[2010-03-13 11:11:36 | 000,002,573 | ---- | C] () -- C:\Documents and Settings\per\Bureau\Microsoft Office Word 2003.lnk
[2009-10-05 23:36:07 | 001,525,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-06-15 09:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009-06-06 21:33:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-06-05 21:24:32 | 000,000,453 | ---- | C] () -- C:\WINDOWS\QViewer.ini
[2009-06-05 21:24:03 | 000,000,101 | ---- | C] () -- C:\WINDOWS\DivineIslam.ini
[2009-06-03 12:59:39 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\per\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-03 10:39:46 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-06-03 10:39:45 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-06-03 10:39:45 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-06-03 10:39:45 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-06-03 10:39:44 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-06-03 10:39:43 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-06-03 10:15:43 | 000,092,195 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2009-06-03 10:14:50 | 000,126,895 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2009-06-03 09:14:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-06-03 09:06:55 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003-04-01 09:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010-03-25 01:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009-08-31 10:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009-10-03 02:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009-12-29 11:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2009-08-26 17:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009-06-15 09:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009-09-10 10:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009-11-06 16:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\BitTorrent
[2010-04-07 10:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\LimeWire
[2010-01-08 10:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Nokia
[2009-12-29 12:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Nokia Ovi Suite
[2010-01-03 11:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Nseries
[2010-01-02 11:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\PC Suite
[2009-06-15 09:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Teleca
[2010-03-27 15:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\uTorrent
[2010-04-09 10:02:53 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========


< End of report >

Je n'arrive pas à te faire restaurer le fichier Hosts.

Et pour ma question ?

Pour l'ordi il va mieux merci plus de bug ,il n'est plus du tout lent,j'avais même un virus qui me disais que j'étais infecté et qui me disais d'installer un anti-virus,il ni y est plus.
Mais qu'est qu'un fichier Host??

J'ai une idée.

Télécharge Lop S&D (par Eric_71) sur ton Bureau.

Puis double-clique sur Lop S&D présent sur ton Bureau.
(Sous Vista/Win7, il faut cliquer droit sur Lop S&D et choisir Exécuter en tant qu'administrateur)

Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).

Patiente jusqu'à la fin du scan.

Poste le rapport généré (C:\lopR.txt).

Ok et pour ma question??

http://fr.wikipedia.org/wiki/Hosts

ok merci voici le rapport :



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : per ( Administrator )
BOOT : Normal boot
Antivirus : CleanUp Antivirus (Activated)
Firewall : CleanUp Antivirus (Activated)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:8 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:38 Go)
E:\ (Local Disk) - NTFS - Total:39 Go (Free:25 Go)
F:\ (Local Disk) - NTFS - Total:36 Go (Free:36 Go)
G:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Fri 04/09/2010|17:42 )

--------------------\\ Listing des dossiers dans APPLIC~1


[06/03/2009|08:51] C:\DOCUME~1\ADMINI~1.MAS\APPLIC~1\<REP> Microsoft

[02/20/2010|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Adobe
[03/25/2010|01:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Installations
[04/09/2010|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Kaspersky Lab
[09/03/2009|09:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Kaspersky Lab Setup Files
[03/29/2010|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Malwarebytes
[08/26/2009|05:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Microsoft
[08/31/2009|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Nokia
[10/03/2009|02:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> NokiaMusic
[10/17/2009|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> NOS
[10/05/2009|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Office Genuine Advantage
[12/29/2009|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> OviInstallerCache
[08/26/2009|05:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> PC Suite
[06/08/2009|05:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Skype
[06/15/2009|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Sony Ericsson
[06/15/2009|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Teleca
[07/07/2009|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Windows Genuine Advantage
[09/10/2009|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> WinZip

[06/03/2009|08:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<REP> Microsoft

[06/03/2009|08:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\<REP> Microsoft

[06/03/2009|08:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\<REP> Microsoft

[06/06/2009|02:19] C:\DOCUME~1\per\APPLIC~1\<REP> Adobe
[11/06/2009|04:22] C:\DOCUME~1\per\APPLIC~1\<REP> BitTorrent
[03/21/2010|06:50] C:\DOCUME~1\per\APPLIC~1\<REP> dvdcss
[06/14/2009|04:21] C:\DOCUME~1\per\APPLIC~1\<REP> Google
[06/03/2009|06:36] C:\DOCUME~1\per\APPLIC~1\<REP> Help
[06/03/2009|09:00] C:\DOCUME~1\per\APPLIC~1\<REP> Identities
[04/07/2010|10:49] C:\DOCUME~1\per\APPLIC~1\<REP> LimeWire
[06/03/2009|04:53] C:\DOCUME~1\per\APPLIC~1\<REP> Macromedia
[06/14/2009|04:47] C:\DOCUME~1\per\APPLIC~1\<REP> Malwarebytes
[06/06/2009|09:37] C:\DOCUME~1\per\APPLIC~1\<REP> Media Player Classic
[10/23/2009|09:38] C:\DOCUME~1\per\APPLIC~1\<REP> Microsoft
[06/03/2009|01:14] C:\DOCUME~1\per\APPLIC~1\<REP> Mozilla
[01/08/2010|10:16] C:\DOCUME~1\per\APPLIC~1\<REP> Nokia
[12/29/2009|12:04] C:\DOCUME~1\per\APPLIC~1\<REP> Nokia Ovi Suite
[01/03/2010|11:46] C:\DOCUME~1\per\APPLIC~1\<REP> Nseries
[10/05/2009|04:33] C:\DOCUME~1\per\APPLIC~1\<REP> Office Genuine Advantage
[01/02/2010|11:05] C:\DOCUME~1\per\APPLIC~1\<REP> PC Suite
[04/08/2010|09:45] C:\DOCUME~1\per\APPLIC~1\<REP> Skype
[04/08/2010|05:46] C:\DOCUME~1\per\APPLIC~1\<REP> skypePM
[06/15/2009|09:17] C:\DOCUME~1\per\APPLIC~1\<REP> Sony Ericsson
[06/03/2009|01:06] C:\DOCUME~1\per\APPLIC~1\<REP> Sun
[06/15/2009|09:21] C:\DOCUME~1\per\APPLIC~1\<REP> Teleca
[03/27/2010|03:40] C:\DOCUME~1\per\APPLIC~1\<REP> uTorrent
[06/30/2009|08:23] C:\DOCUME~1\per\APPLIC~1\<REP> vlc
[06/04/2009|11:22] C:\DOCUME~1\per\APPLIC~1\<REP> WinRAR


--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[04/09/2010 10:02 AM][--a------] C:\WINDOWS\tasks\OGALogon.job
[04/09/2010 10:02 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[09/07/2002 01:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[06/03/2009|10:10] C:\Program Files\<REP> Adobe
[09/09/2009|09:13] C:\Program Files\<REP> Ahead
[06/03/2009|08:48] C:\Program Files\<REP> ComPlus Applications
[08/26/2009|04:10] C:\Program Files\<REP> DIFX
[01/09/2010|09:12] C:\Program Files\<REP> Fichiers communs
[06/20/2009|05:50] C:\Program Files\<REP> Hewlett-Packard
[06/20/2009|05:52] C:\Program Files\<REP> hp deskjet 3320 series
[09/22/2009|01:52] C:\Program Files\<REP> InstallShield Installation Information
[06/03/2009|09:15] C:\Program Files\<REP> Intel
[03/31/2010|09:03] C:\Program Files\<REP> Internet Explorer
[06/03/2009|01:28] C:\Program Files\<REP> Java
[09/25/2009|03:48] C:\Program Files\<REP> Kaspersky Lab
[06/03/2009|10:39] C:\Program Files\<REP> K-Lite Codec Pack
[09/09/2009|02:47] C:\Program Files\<REP> LimeWire
[03/29/2010|08:16] C:\Program Files\<REP> Malwarebytes' Anti-Malware
[06/05/2009|09:46] C:\Program Files\<REP> Messenger
[11/01/2009|03:31] C:\Program Files\<REP> Microsoft
[06/03/2009|08:51] C:\Program Files\<REP> microsoft frontpage
[06/08/2009|02:29] C:\Program Files\<REP> Microsoft Office
[01/31/2010|11:40] C:\Program Files\<REP> Microsoft Silverlight
[03/19/2010|06:39] C:\Program Files\<REP> Movie Maker
[03/25/2010|11:31] C:\Program Files\<REP> Mozilla Firefox
[10/03/2009|02:00] C:\Program Files\<REP> MSBuild
[06/08/2009|02:29] C:\Program Files\<REP> MSECache
[06/03/2009|08:48] C:\Program Files\<REP> MSN Gaming Zone
[08/31/2009|10:12] C:\Program Files\<REP> MSXML 6.0
[06/03/2009|08:49] C:\Program Files\<REP> NetMeeting
[03/25/2010|01:28] C:\Program Files\<REP> Nokia
[06/03/2009|08:48] C:\Program Files\<REP> Online Services
[08/22/2009|09:11] C:\Program Files\<REP> Outlook Express
[03/25/2010|01:29] C:\Program Files\<REP> PC Connectivity Solution
[06/03/2009|09:13] C:\Program Files\<REP> Realtek
[10/03/2009|02:00] C:\Program Files\<REP> Reference Assemblies
[06/03/2009|08:50] C:\Program Files\<REP> Services en ligne
[06/03/2009|10:15] C:\Program Files\<REP> SiS VGA Utilities V3.79
[06/03/2009|10:15] C:\Program Files\<REP> sisagp
[06/08/2009|05:30] C:\Program Files\<REP> Skype
[06/15/2009|09:14] C:\Program Files\<REP> Sony Ericsson
[02/16/2010|03:34] C:\Program Files\<REP> Traducteur
[06/03/2009|09:00] C:\Program Files\<REP> Uninstall Information
[06/04/2009|12:33] C:\Program Files\<REP> Windows Live
[11/01/2009|03:30] C:\Program Files\<REP> Windows Live SkyDrive
[08/26/2009|05:09] C:\Program Files\<REP> Windows Media Player
[06/03/2009|08:48] C:\Program Files\<REP> Windows NT
[06/03/2009|08:50] C:\Program Files\<REP> WindowsUpdate
[06/04/2009|07:30] C:\Program Files\<REP> WinRAR
[06/03/2009|08:51] C:\Program Files\<REP> xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[02/20/2010|03:45] C:\Program Files\Fichiers communs\<REP> Adobe
[06/03/2009|09:06] C:\Program Files\Fichiers communs\<REP> DESIGNER
[08/31/2009|10:15] C:\Program Files\Fichiers communs\<REP> InstallShield
[08/26/2009|05:10] C:\Program Files\Fichiers communs\<REP> Microsoft Shared
[06/03/2009|08:49] C:\Program Files\Fichiers communs\<REP> MSSoap
[04/09/2010|10:31] C:\Program Files\Fichiers communs\<REP> Nokia
[06/03/2009|10:41] C:\Program Files\Fichiers communs\<REP> ODBC
[06/03/2009|08:49] C:\Program Files\Fichiers communs\<REP> Services
[06/08/2009|05:30] C:\Program Files\Fichiers communs\<REP> Skype
[06/15/2009|09:15] C:\Program Files\Fichiers communs\<REP> Sony Ericsson Shared
[06/03/2009|10:41] C:\Program Files\Fichiers communs\<REP> SpeechEngines
[06/05/2009|09:45] C:\Program Files\Fichiers communs\<REP> System
[06/15/2009|09:15] C:\Program Files\Fichiers communs\<REP> Teleca Shared
[06/04/2009|11:18] C:\Program Files\Fichiers communs\<REP> Windows Live

--------------------\\ Process

( 29 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 17:45:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:13][D:5]-> C:\DOCUME~1\per\LOCALS~1\Temp
[F:12][D:0]-> C:\DOCUME~1\per\Cookies
[F:49][D:4]-> C:\DOCUME~1\per\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 04/09/2010|17:47 - Option : [1]

--------------------\\ Fin du rapport a 17:47:25

Relance Lop S&D.
(Sous Vista/Win7, il faut cliquer droit sur Lop S&D et choisir Exécuter en tant qu'administrateur)

Choisis cette fois-ci l'option 2 (Suppression).

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré (C:\lopR.txt).

(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : per ( Administrator )
BOOT : Normal boot
Antivirus : CleanUp Antivirus (Activated)
Firewall : CleanUp Antivirus (Activated)
C:\ (Local Disk) - NTFS - Total:39 Go (Free:8 Go)
D:\ (Local Disk) - NTFS - Total:39 Go (Free:38 Go)
E:\ (Local Disk) - NTFS - Total:39 Go (Free:25 Go)
F:\ (Local Disk) - NTFS - Total:36 Go (Free:36 Go)
G:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Fri 04/09/2010|17:58 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1


[06/03/2009|08:51] C:\DOCUME~1\ADMINI~1.MAS\APPLIC~1\<REP> Microsoft

[02/20/2010|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Adobe
[03/25/2010|01:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Installations
[04/09/2010|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Kaspersky Lab
[09/03/2009|09:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Kaspersky Lab Setup Files
[03/29/2010|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Malwarebytes
[08/26/2009|05:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Microsoft
[08/31/2009|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Nokia
[10/03/2009|02:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> NokiaMusic
[10/17/2009|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> NOS
[10/05/2009|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Office Genuine Advantage
[12/29/2009|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> OviInstallerCache
[08/26/2009|05:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> PC Suite
[06/08/2009|05:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Skype
[06/15/2009|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Sony Ericsson
[06/15/2009|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Teleca
[07/07/2009|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Windows Genuine Advantage
[09/10/2009|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> WinZip

[06/03/2009|08:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<REP> Microsoft

[06/03/2009|08:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\<REP> Microsoft

[06/03/2009|08:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\<REP> Microsoft

[06/06/2009|02:19] C:\DOCUME~1\per\APPLIC~1\<REP> Adobe
[11/06/2009|04:22] C:\DOCUME~1\per\APPLIC~1\<REP> BitTorrent
[03/21/2010|06:50] C:\DOCUME~1\per\APPLIC~1\<REP> dvdcss
[06/14/2009|04:21] C:\DOCUME~1\per\APPLIC~1\<REP> Google
[06/03/2009|06:36] C:\DOCUME~1\per\APPLIC~1\<REP> Help
[06/03/2009|09:00] C:\DOCUME~1\per\APPLIC~1\<REP> Identities
[04/07/2010|10:49] C:\DOCUME~1\per\APPLIC~1\<REP> LimeWire
[06/03/2009|04:53] C:\DOCUME~1\per\APPLIC~1\<REP> Macromedia
[06/14/2009|04:47] C:\DOCUME~1\per\APPLIC~1\<REP> Malwarebytes
[06/06/2009|09:37] C:\DOCUME~1\per\APPLIC~1\<REP> Media Player Classic
[10/23/2009|09:38] C:\DOCUME~1\per\APPLIC~1\<REP> Microsoft
[06/03/2009|01:14] C:\DOCUME~1\per\APPLIC~1\<REP> Mozilla
[01/08/2010|10:16] C:\DOCUME~1\per\APPLIC~1\<REP> Nokia
[12/29/2009|12:04] C:\DOCUME~1\per\APPLIC~1\<REP> Nokia Ovi Suite
[01/03/2010|11:46] C:\DOCUME~1\per\APPLIC~1\<REP> Nseries
[10/05/2009|04:33] C:\DOCUME~1\per\APPLIC~1\<REP> Office Genuine Advantage
[01/02/2010|11:05] C:\DOCUME~1\per\APPLIC~1\<REP> PC Suite
[04/08/2010|09:45] C:\DOCUME~1\per\APPLIC~1\<REP> Skype
[04/08/2010|05:46] C:\DOCUME~1\per\APPLIC~1\<REP> skypePM
[06/15/2009|09:17] C:\DOCUME~1\per\APPLIC~1\<REP> Sony Ericsson
[06/03/2009|01:06] C:\DOCUME~1\per\APPLIC~1\<REP> Sun
[06/15/2009|09:21] C:\DOCUME~1\per\APPLIC~1\<REP> Teleca
[03/27/2010|03:40] C:\DOCUME~1\per\APPLIC~1\<REP> uTorrent
[06/30/2009|08:23] C:\DOCUME~1\per\APPLIC~1\<REP> vlc
[06/04/2009|11:22] C:\DOCUME~1\per\APPLIC~1\<REP> WinRAR


--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[04/09/2010 10:02 AM][--a------] C:\WINDOWS\tasks\OGALogon.job
[04/09/2010 10:02 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[09/07/2002 01:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[06/03/2009|10:10] C:\Program Files\<REP> Adobe
[09/09/2009|09:13] C:\Program Files\<REP> Ahead
[06/03/2009|08:48] C:\Program Files\<REP> ComPlus Applications
[08/26/2009|04:10] C:\Program Files\<REP> DIFX
[01/09/2010|09:12] C:\Program Files\<REP> Fichiers communs
[06/20/2009|05:50] C:\Program Files\<REP> Hewlett-Packard
[06/20/2009|05:52] C:\Program Files\<REP> hp deskjet 3320 series
[09/22/2009|01:52] C:\Program Files\<REP> InstallShield Installation Information
[06/03/2009|09:15] C:\Program Files\<REP> Intel
[03/31/2010|09:03] C:\Program Files\<REP> Internet Explorer
[06/03/2009|01:28] C:\Program Files\<REP> Java
[09/25/2009|03:48] C:\Program Files\<REP> Kaspersky Lab
[06/03/2009|10:39] C:\Program Files\<REP> K-Lite Codec Pack
[09/09/2009|02:47] C:\Program Files\<REP> LimeWire
[03/29/2010|08:16] C:\Program Files\<REP> Malwarebytes' Anti-Malware
[06/05/2009|09:46] C:\Program Files\<REP> Messenger
[11/01/2009|03:31] C:\Program Files\<REP> Microsoft
[06/03/2009|08:51] C:\Program Files\<REP> microsoft frontpage
[06/08/2009|02:29] C:\Program Files\<REP> Microsoft Office
[01/31/2010|11:40] C:\Program Files\<REP> Microsoft Silverlight
[03/19/2010|06:39] C:\Program Files\<REP> Movie Maker
[03/25/2010|11:31] C:\Program Files\<REP> Mozilla Firefox
[10/03/2009|02:00] C:\Program Files\<REP> MSBuild
[06/08/2009|02:29] C:\Program Files\<REP> MSECache
[06/03/2009|08:48] C:\Program Files\<REP> MSN Gaming Zone
[08/31/2009|10:12] C:\Program Files\<REP> MSXML 6.0
[06/03/2009|08:49] C:\Program Files\<REP> NetMeeting
[03/25/2010|01:28] C:\Program Files\<REP> Nokia
[06/03/2009|08:48] C:\Program Files\<REP> Online Services
[08/22/2009|09:11] C:\Program Files\<REP> Outlook Express
[03/25/2010|01:29] C:\Program Files\<REP> PC Connectivity Solution
[06/03/2009|09:13] C:\Program Files\<REP> Realtek
[10/03/2009|02:00] C:\Program Files\<REP> Reference Assemblies
[06/03/2009|08:50] C:\Program Files\<REP> Services en ligne
[06/03/2009|10:15] C:\Program Files\<REP> SiS VGA Utilities V3.79
[06/03/2009|10:15] C:\Program Files\<REP> sisagp
[06/08/2009|05:30] C:\Program Files\<REP> Skype
[06/15/2009|09:14] C:\Program Files\<REP> Sony Ericsson
[02/16/2010|03:34] C:\Program Files\<REP> Traducteur
[06/03/2009|09:00] C:\Program Files\<REP> Uninstall Information
[06/04/2009|12:33] C:\Program Files\<REP> Windows Live
[11/01/2009|03:30] C:\Program Files\<REP> Windows Live SkyDrive
[08/26/2009|05:09] C:\Program Files\<REP> Windows Media Player
[06/03/2009|08:48] C:\Program Files\<REP> Windows NT
[06/03/2009|08:50] C:\Program Files\<REP> WindowsUpdate
[06/04/2009|07:30] C:\Program Files\<REP> WinRAR
[06/03/2009|08:51] C:\Program Files\<REP> xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[02/20/2010|03:45] C:\Program Files\Fichiers communs\<REP> Adobe
[06/03/2009|09:06] C:\Program Files\Fichiers communs\<REP> DESIGNER
[08/31/2009|10:15] C:\Program Files\Fichiers communs\<REP> InstallShield
[08/26/2009|05:10] C:\Program Files\Fichiers communs\<REP> Microsoft Shared
[06/03/2009|08:49] C:\Program Files\Fichiers communs\<REP> MSSoap
[04/09/2010|10:31] C:\Program Files\Fichiers communs\<REP> Nokia
[06/03/2009|10:41] C:\Program Files\Fichiers communs\<REP> ODBC
[06/03/2009|08:49] C:\Program Files\Fichiers communs\<REP> Services
[06/08/2009|05:30] C:\Program Files\Fichiers communs\<REP> Skype
[06/15/2009|09:15] C:\Program Files\Fichiers communs\<REP> Sony Ericsson Shared
[06/03/2009|10:41] C:\Program Files\Fichiers communs\<REP> SpeechEngines
[06/05/2009|09:45] C:\Program Files\Fichiers communs\<REP> System
[06/15/2009|09:15] C:\Program Files\Fichiers communs\<REP> Teleca Shared
[06/04/2009|11:18] C:\Program Files\Fichiers communs\<REP> Windows Live

--------------------\\ Process

( 28 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-09 18:04:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:13][D:5]-> C:\DOCUME~1\per\LOCALS~1\Temp
[F:12][D:0]-> C:\DOCUME~1\per\Cookies
[F:49][D:4]-> C:\DOCUME~1\per\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Fri 04/09/2010|17:47 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Fri 04/09/2010|18:07 - Option : [2]

--------------------\\ Fin du rapport a 18:07:07

Salut,pour mon problème c'est réglé??

Refais un scan OTL et poste le rapport OTL.

OTL logfile created on: 10-04-2010 14:42:43 - Run 4
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\per\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001401 | Country: Algérie | Language: ARG | Date Format: dd-MM-yyyy

895.00 Mb Total Physical Memory | 291.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 8.92 Gb Free Space | 22.84% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 38.70 Gb Free Space | 99.08% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 25.94 Gb Free Space | 66.41% Space Free | Partition Type: NTFS
Drive F: | 36.20 Gb Total Space | 36.13 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MASSYL
Current User Name: per
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\per\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\per\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll (Kaspersky Lab)
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll (Kaspersky Lab)
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)
DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\WINDOWS\system32\drivers\se44unic.sys (MCCI)
DRV - (se44obex) -- C:\WINDOWS\system32\drivers\se44obex.sys (MCCI)
DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\WINDOWS\system32\drivers\se44nd5.sys (MCCI)
DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\se44mgmt.sys (MCCI)
DRV - (se44mdm) -- C:\WINDOWS\system32\drivers\se44mdm.sys (MCCI)
DRV - (se44mdfl) -- C:\WINDOWS\system32\drivers\se44mdfl.sys (MCCI)
DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\WINDOWS\system32\drivers\se44bus.sys (MCCI)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8C 2A 2A 11 99 61 5E 41 92 DF AD 46 48 2D 13 14 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {579fdf7f-4ec5-438c-9cc6-685c9f83fa3e}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-04-07 16:09:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-04 09:13:38 | 000,000,000 | ---D | M]

[2009-06-04 08:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Mozilla\Extensions
[2009-06-04 08:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010-04-10 09:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions
[2010-02-05 22:51:09 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009-10-04 17:34:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-03-29 21:47:55 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{579fdf7f-4ec5-438c-9cc6-685c9f83fa3e}
[2009-10-17 10:13:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009-06-04 13:18:20 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\searchplugins\live-search.xml
[2009-10-13 12:46:04 | 000,002,123 | ---- | M] () -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\searchplugins\MyStart Search.xml
[2010-03-29 21:49:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010-03-27 15:58:50 | 000,002,855 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.212.177.251 www.google.com
O1 - Hosts: 67.212.177.251 google.com
O1 - Hosts: 67.212.177.251 google.com.au
O1 - Hosts: 67.212.177.251 www.google.com.au
O1 - Hosts: 67.212.177.251 google.be
O1 - Hosts: 67.212.177.251 www.google.be
O1 - Hosts: 67.212.177.251 google.com.br
O1 - Hosts: 67.212.177.251 www.google.com.br
O1 - Hosts: 67.212.177.251 google.ca
O1 - Hosts: 38 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm ()
O9 - Extra Button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (Kaspersky Lab)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\per\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\per\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\mrt.exe: Debugger - svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-03 08:51:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-04-10 13:42:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\per\Recent
[2010-04-09 17:41:44 | 000,000,000 | ---D | C] -- C:\Lop SD
[2010-04-09 10:01:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-04-02 13:26:44 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010-03-31 18:55:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010-03-30 19:39:45 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\per\Bureau\OTL.exe
[2010-03-29 20:16:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-29 20:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-03-29 20:16:06 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-03-29 20:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-03-29 20:02:13 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\per\Mes documents\malwarebytes-anti-malware_malwarebytes_anti-malware_1.44_francais_215092.exe
[2010-03-29 19:07:01 | 000,000,000 | ---D | C] -- C:\Ad-Remover
[2010-03-25 23:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010-03-25 01:29:24 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010-03-25 01:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010-01-30 21:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009-08-27 08:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009-06-03 08:59:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009-06-03 08:54:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010-04-10 14:47:05 | 000,017,952 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010-04-10 14:46:38 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010-04-10 13:42:18 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010-04-10 13:42:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-04-10 13:42:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-04-10 13:42:14 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2010-04-10 11:32:14 | 001,093,664 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010-04-10 09:33:29 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-09 21:50:29 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\per\NTUSER.DAT
[2010-04-09 21:50:29 | 000,106,400 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010-04-09 21:50:06 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\per\ntuser.ini
[2010-04-09 21:18:58 | 000,042,952 | ---- | M] () -- C:\Documents and Settings\per\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-04-09 21:13:26 | 000,052,970 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\attestation_points_snfge.pdf
[2010-04-09 21:12:15 | 000,044,455 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\attestation_points_fmc.pdf
[2010-04-09 17:41:22 | 000,501,736 | ---- | M] () -- C:\Documents and Settings\per\Bureau\LopSD.exe
[2010-04-09 12:01:57 | 000,000,035 | ---- | M] () -- C:\WINDOWS\System32\package.lst
[2010-04-09 10:49:30 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\per\Bureau\CCleaner.lnk
[2010-04-09 10:31:37 | 000,511,954 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010-04-09 10:31:37 | 000,443,722 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-04-09 10:31:37 | 000,085,018 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010-04-09 10:31:37 | 000,071,684 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-04-09 10:30:56 | 001,128,466 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-04-09 09:02:13 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010-04-08 17:45:44 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\per\Bureau\Skype.lnk
[2010-04-07 19:10:52 | 000,285,152 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\dossier_organisateurs.pdf
[2010-04-05 21:01:05 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\gastrite biliaire post ctc.doc
[2010-04-05 20:59:27 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\IPP a long terme.doc
[2010-04-05 20:57:23 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\Kc du rectum.doc
[2010-04-05 20:55:42 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\GEA.doc
[2010-04-05 20:54:23 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\per\Bureau\Microsoft Office Word 2003.lnk
[2010-04-04 13:55:45 | 000,001,907 | ---- | M] () -- C:\UsbFix_Upload_Me_MASSYL.zip
[2010-04-04 08:41:22 | 000,033,776 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\ti83p112.sav
[2010-03-31 19:45:42 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\per\Bureau\WordBiz.lnk
[2010-03-31 10:31:06 | 003,370,880 | -H-- | M] () -- C:\Documents and Settings\per\Local Settings\Application Data\IconCache.db
[2010-03-30 19:41:17 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\per\Bureau\OTL.exe
[2010-03-29 21:54:39 | 000,003,616 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861P.manifest
[2010-03-29 20:16:14 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010-03-29 20:15:46 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\per\Mes documents\malwarebytes-anti-malware_malwarebytes_anti-malware_1.44_francais_215092.exe
[2010-03-29 19:16:37 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861C.manifest
[2010-03-29 19:16:37 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861S.manifest
[2010-03-29 19:16:37 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861O.manifest
[2010-03-29 13:43:01 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\CURRICULUM VITAE wassila.doc
[2010-03-28 15:53:37 | 000,255,714 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\sdf.pdf
[2010-03-28 15:07:02 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\per\intlname.ols
[2010-03-27 17:34:19 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\per\Bureau\Counter-Strike 1.6.lnk
[2010-03-27 15:58:50 | 000,002,855 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-03-25 23:38:39 | 000,000,800 | -HS- | M] () -- C:\WINDOWS\System32\1224417291
[2010-03-25 23:31:30 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2010-03-25 20:32:51 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\per\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-03-25 01:28:14 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Nokia Software Updater.lnk
[2010-03-22 21:04:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-03-19 15:09:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-03-19 10:38:24 | 000,123,283 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\fighting_spirit.zip
[2010-03-13 12:53:07 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\Lycée El.doc

========== Files Created - No Company Name ==========

[2010-04-09 21:14:32 | 000,044,455 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\attestation_points_fmc.pdf
[2010-04-09 21:14:03 | 000,052,970 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\attestation_points_snfge.pdf
[2010-04-09 17:39:36 | 000,501,736 | ---- | C] () -- C:\Documents and Settings\per\Bureau\LopSD.exe
[2010-04-07 19:10:52 | 000,285,152 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\dossier_organisateurs.pdf
[2010-04-05 21:01:05 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\gastrite biliaire post ctc.doc
[2010-04-05 20:59:27 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\IPP a long terme.doc
[2010-04-05 20:57:22 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\Kc du rectum.doc
[2010-04-05 20:55:42 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\GEA.doc
[2010-04-04 13:55:45 | 000,001,907 | ---- | C] () -- C:\UsbFix_Upload_Me_MASSYL.zip
[2010-03-31 19:45:42 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\per\Bureau\WordBiz.lnk
[2010-03-29 20:16:14 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010-03-29 13:40:12 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\CURRICULUM VITAE wassila.doc
[2010-03-28 15:53:37 | 000,255,714 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\sdf.pdf
[2010-03-27 17:34:19 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\per\Bureau\Counter-Strike 1.6.lnk
[2010-03-27 16:14:49 | 939,053,056 | -HS- | C] () -- C:\hiberfil.sys
[2010-03-25 23:38:39 | 000,000,800 | -HS- | C] () -- C:\WINDOWS\System32\1224417291
[2010-03-25 23:31:30 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010-03-25 23:12:37 | 000,003,616 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861P.manifest
[2010-03-25 23:12:37 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861C.manifest
[2010-03-25 23:12:37 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861S.manifest
[2010-03-25 23:12:37 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861O.manifest
[2010-03-25 01:28:14 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Nokia Software Updater.lnk
[2010-03-22 21:04:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-03-21 19:59:50 | 055,925,993 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\A.flv
[2010-03-19 10:37:51 | 000,123,283 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\fighting_spirit.zip
[2010-03-13 12:43:26 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\Lycée El.doc
[2010-03-13 11:11:36 | 000,002,573 | ---- | C] () -- C:\Documents and Settings\per\Bureau\Microsoft Office Word 2003.lnk
[2009-10-05 23:36:07 | 001,632,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-06-15 09:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2009-06-06 21:33:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009-06-05 21:24:32 | 000,000,453 | ---- | C] () -- C:\WINDOWS\QViewer.ini
[2009-06-05 21:24:03 | 000,000,101 | ---- | C] () -- C:\WINDOWS\DivineIslam.ini
[2009-06-03 12:59:39 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\per\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-06-03 10:39:46 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-06-03 10:39:45 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-06-03 10:39:45 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-06-03 10:39:45 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-06-03 10:39:44 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-06-03 10:39:43 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-06-03 10:15:43 | 000,092,195 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2009-06-03 10:14:50 | 000,126,895 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2009-06-03 09:14:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-06-03 09:06:55 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003-04-01 09:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010-03-25 01:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009-08-31 10:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009-10-03 02:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009-12-29 11:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2009-08-26 17:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009-06-15 09:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2009-09-10 10:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009-11-06 16:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\BitTorrent
[2010-04-10 14:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\LimeWire
[2010-01-08 10:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Nokia
[2009-12-29 12:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Nokia Ovi Suite
[2010-01-03 11:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Nseries
[2010-01-02 11:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\PC Suite
[2009-06-15 09:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Teleca
[2010-03-27 15:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\uTorrent
[2010-04-10 13:42:18 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========


< End of report >

1/

Télécharge ToolsCleaner2 sur ton Bureau.

Double-clique sur ToolsCleaner2.exe pour le lancer.

Clique sur Recherche et laisse le scan agir.

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options Facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

Télécharge et installe CCleaner (N'installe pas la Yahoo! Toolbar).

Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....

Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


3/

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


==Prévention==

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


==Problème résolu ?==

--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :

Clique, dans ton premier message, sur le bouton Editer .

Ajoute la mention [Résolu] devant le titre.

Clique ensuite sur Valider votre message.


Sois plus vigilant(e) sur Internet