Votre question

Securite master av

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Février 2011 20:17:29

bonjours atous


j'ai ce maudit virus,je vous envoie rapport de OTL,please help me:

OTL logfile created on: 19/02/2011 20:08:26 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\LILA\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 66,69 Gb Free Space | 22,37% Space Free | Partition Type: NTFS
Drive D: | 2,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PC-DE-LILA | User Name: LILA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\LILA\Downloads\OTL.exe (OldTimer Tools)
PRC - c:\program files\mozilla firefox\plugin-container.exe (Mozilla Corporation)
PRC - c:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
PRC - C:\Program Files\EoRezo\eorezo.exe (EoRezo)
PRC - C:\Program Files\HBLite\bin\11.0.264.0\HBLiteSA.exe (Pinball Corporation.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\ProgramData\2dde76d\SM2dde.exe (Live PC.)
PRC - C:\Users\LILA\LILA.exe ()
PRC - C:\Program Files\lime wire\Ares.exe (Ares Development Group)
PRC - C:\Program Files\SFR\Kit\9props.exe (SFR)
PRC - C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Tenda\W311U\UI.exe (Tenda)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SFR\Media Center\MediaCenter.exe (SFR)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\LILA\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (PCAMp50) -- C:\Windows\System32\drivers\PCAMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (rt2870) -- C:\Windows\System32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (athrusb6) -- C:\Windows\System32\drivers\athru6.sys (Atheros Communications, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT146098...{searchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {27E679CC-6AAB-4B2A-BB87-096FE4178464}:1.0
FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.497.0
FF - prefs.js..extensions.enabledItems: HBLite@HBLite.com:11.0.0.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {34EFA911-B536-4C08-BECE-CD5E55C875B0}:1.0
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions [2010/11/03 21:12:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files\HBLite\bin\11.0.264.0\firefox\extensions [2010/10/16 10:48:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 18:43:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/14 18:43:18 | 000,000,000 | ---D | M]

[2010/11/01 12:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LILA\AppData\Roaming\mozilla\Extensions
[2009/11/15 21:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LILA\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/02/19 19:53:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LILA\AppData\Roaming\mozilla\Firefox\Profiles\gxck6m73.default\extensions
[2010/12/24 19:09:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LILA\AppData\Roaming\mozilla\Firefox\Profiles\gxck6m73.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/24 19:09:51 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\LILA\AppData\Roaming\mozilla\Firefox\Profiles\gxck6m73.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010/11/01 12:42:06 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\LILA\AppData\Roaming\mozilla\Firefox\Profiles\gxck6m73.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2010/04/12 15:24:34 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\LILA\AppData\Roaming\mozilla\Firefox\Profiles\gxck6m73.default\extensions\illimitux@illimitux.net
[2010/09/14 13:41:12 | 000,002,506 | ---- | M] () -- C:\Users\LILA\AppData\Roaming\Mozilla\Firefox\Profiles\gxck6m73.default\searchplugins\BearShareWebSearch.xml
[2010/09/06 15:16:30 | 000,000,879 | ---- | M] () -- C:\Users\LILA\AppData\Roaming\Mozilla\Firefox\Profiles\gxck6m73.default\searchplugins\conduit.xml
[2010/11/03 21:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/10/16 10:48:48 | 000,000,000 | ---D | M] (QueryExplorer) -- C:\Program Files\mozilla firefox\extensions\{27E679CC-6AAB-4B2A-BB87-096FE4178464}
[2010/11/03 21:13:08 | 000,000,000 | ---D | M] (ResultBar) -- C:\Program Files\mozilla firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}
[2010/07/30 21:14:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 12:42:05 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2010/10/16 10:48:00 | 000,000,000 | ---D | M] (Hotbar Component) -- C:\PROGRAM FILES\HBLITE\BIN\11.0.264.0\FIREFOX\EXTENSIONS
[2010/11/03 21:12:24 | 000,000,000 | ---D | M] (ShopperReports) -- C:\PROGRAM FILES\SHOPPERREPORTS3\BIN\3.0.517.0\FIREFOX\FIREFOXTOOLBAR\EXTENSIONS
[2010/08/12 00:52:02 | 000,083,248 | ---- | M] (Pinball Corporation.) -- C:\Program Files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/16 09:19:34 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/02/19 17:43:49 | 000,002,191 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/09/14 13:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2010/10/16 09:19:34 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/10/16 09:19:34 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/10/16 09:19:34 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/10/16 09:19:34 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/06/01 22:07:25 | 000,002,194 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 98.142.243.182 google.com
O1 - Hosts: 98.142.243.182 google.com.au
O1 - Hosts: 98.142.243.182 www.google.com.au
O1 - Hosts: 98.142.243.182 google.be
O1 - Hosts: 98.142.243.182 www.google.be
O1 - Hosts: 98.142.243.182 google.com.br
O1 - Hosts: 98.142.243.182 www.google.com.br
O1 - Hosts: 98.142.243.182 google.ca
O1 - Hosts: 98.142.243.182 www.google.ca
O1 - Hosts: 98.142.243.182 google.ch
O1 - Hosts: 98.142.243.182 www.google.ch
O1 - Hosts: 98.142.243.182 google.de
O1 - Hosts: 98.142.243.182 www.google.de
O1 - Hosts: 98.142.243.182 google.dk
O1 - Hosts: 98.142.243.182 www.google.dk
O1 - Hosts: 98.142.243.182 google.fr
O1 - Hosts: 98.142.243.182 www.google.fr
O1 - Hosts: 98.142.243.182 google.ie
O1 - Hosts: 98.142.243.182 www.google.ie
O1 - Hosts: 98.142.243.182 google.it
O1 - Hosts: 26 more lines...
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (ShopperReports) - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (EOBHO Class) - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - C:\Program Files\EoRezo\EoRezoBHO.dll (EoRezo)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE (MusicLab, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eorezo] C:\Program Files\EoRezo\eorezo.exe (EoRezo)
O4 - HKLM..\Run: [HBLiteSA] C:\Program Files\HBLite\bin\11.0.264.0\HBLiteSA.exe (Pinball Corporation.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ares] C:\Program Files\lime wire\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [Connexion SFR 9props.exe] C:\Program Files\SFR\Kit\9props.exe (SFR)
O4 - HKCU..\Run: [LILA] C:\Users\LILA\LILA.exe ()
O4 - HKCU..\Run: [Neuf Media Center] C:\Program Files\SFR\Media Center\MediaCenter.exe (SFR)
O4 - HKCU..\Run: [Security Master AV] File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SoftwareHelper] C:\Users\LILA\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (EoRezo)
O4 - Startup: C:\Users\LILA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\LILA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-wind... (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-wind... (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-wind... (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.0.66.20 109.0.66.10
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\LILA\Pictures\liyana.jpg
O24 - Desktop BackupWallPaper: C:\Users\LILA\Pictures\liyana.jpg
O27 - HKLM IFEO\_avp32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\_avpcc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\_avpm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\~1.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\~2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\a.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aAvgApi.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AAWTray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\About.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ackwin32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\adaware.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Ad-Aware.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\advxdwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AdwarePrj.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agentsvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\agentw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alertsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alevir.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\alogserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AlphaAV: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AlphaAV.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AluSchedulerSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\amon9x.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntispywarXP2009.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\anti-trojan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Anti-Virus Professional.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\antivirus.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntiVirus_Pro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPlus: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPlus.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusPro_2010.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusXP: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AntivirusXP.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\antivirusxppro2009.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ants.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\apimonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aplica32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\apvxdwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\arr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Arrakis3.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashAvast.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashBug.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashChest.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashCnsnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashLogV.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashMaiSv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashPopWz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashQuick.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSimp2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSimpl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSkPcc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashSkPck.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashWebSv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswChLic.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswRegSvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswRunDll.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atcon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atguard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atro55en.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atupdater.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\atwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\au.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\aupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autodown.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\auto-protect.nav80try.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autotrace.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\autoupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\av360.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVCare.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avciman.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ave32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVENGINE.EXE: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgchk.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgcsrvx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgdumpx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgemc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgiproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnsx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgrsx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgscanx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgserv9.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgsrmax.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgtray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgwdsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkpop.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkservice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avkwctl9.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avltmain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avmailc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avmcdlg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnotify.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avp32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpcc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpdos32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avptc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avpupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avsched32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avsynmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avupgsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVWEBGRD.EXE: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwin95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwinnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwsc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avwupsrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxmonitor9x.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxmonitornt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avxquar.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\b.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\backweb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bargains.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bd_professional.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdfvcl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdfvwiz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDInProcPatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdmcon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDMsnScan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdreinit.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdsubwiz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\BDSurvey.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdtkexec.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdwizreg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\beagle.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\belt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bidef.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bidserver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bipcp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bipcpevalsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bisp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blackd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blackice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blink.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\blss.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bootconf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bootwarn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\borg2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brasil.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\brw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bs120.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bspatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundle.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\bvt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\c.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cavscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccevtmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccpxysvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccSvcHst.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cdp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfgwiz.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfiadmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfiaudit.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfinet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfinet32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfpconfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfplogvw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Cl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\claw95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\claw95cf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\clean.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleaner.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleaner3.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleanIELow.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cleanpc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\click.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmesys.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmgrdian.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmon016.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\connectionmonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\control: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpf9x206.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cpfnt206.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\crashrep.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\csc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssconfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssupdat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cssurf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cwnb181.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\cwntdwmo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\d.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\datemanager.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dcomx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defalert.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defscangui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\defwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\deloeminfs.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\deputy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\divx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dllcache.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dllreg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\doors.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dop.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpfsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dpps2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\driverctrl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwatson.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drweb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dssagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dvp95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\dvp95_0.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ecengine.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\efpeadm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\emsw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\esafe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\escanhnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\escanv95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\espwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ethereal.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\etrustcipe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\evpn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\exantivirus-cnet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\exe.avxw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\expert.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\explore.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fact.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-agnt95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fameh32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fast.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fch32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fih32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\findviru.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\firewall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fixcfg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fixfp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fnrb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fprot.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-prot.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-prot95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fp-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fp-win_trial.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\frmwrk32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\frw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsaa.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav530stbyb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav530wtbyb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsm32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsma32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsmb32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\f-stopw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gator.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbmenu.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbn976rl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gbpoll.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\generics.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\gmt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guarddog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hacktracersetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hbinst.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hbsrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\History.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\homeav2010.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hotactio.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hotpatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\htlog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\htpatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hwpe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hxdl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\hxiul.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iamstats.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ibmasn.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ibmavsp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icload95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icloadnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icsupp95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\icsuppnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Identity.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\idle.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iedll.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iedriver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\IEShow.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iface.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ifw2000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\inetlnfo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\infus.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\infwin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\init.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\init32.exe : Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[1].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[2].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[3].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[4].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\install[5].exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\intdel.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\intren.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\iomon98.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\istsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jammer.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jdbgmrg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\jedi.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\JsRcGen.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavlite40eng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavpers40eng.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kavpf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kazza.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\keenvalue.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-pf-213-en-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-wrl-421-en-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\kerio-wrp-421-en-win.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\killprocesssetup161.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\launcher.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldnetmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldpro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldpromenu.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\licmgr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\livesrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lnetinfo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\loader.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\localnet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lockdown.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lockdown2000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lookout.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lordpe.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luau.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lucomserver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luinit.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\luspt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MalwareRemoval.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mapisvc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcmnhdlr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcmscsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcnasvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\McSACore.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcshell.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcshield.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcsysmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mctool.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcvsrte.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcvsshld.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\md.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfin32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfw2en.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mfweng3.02d30.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrtcl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrte.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mghtml.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\minilog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mmod.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\monitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\moolive.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mostat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpfagent.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpfservice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MPFSrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mpftray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mrflux.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mrt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msa.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\MSASCui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msbb.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msblast.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mscache.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msccn32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mscman.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msconfig: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msdm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msdos.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msiexec16.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mslaugh.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmgt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msmsgri32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msseces.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mssmmc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mssys.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\msvxd.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mu0311ad.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mwatch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\n32scanw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navap.navapsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navapsvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navapw32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navdx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navlu32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navstub.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navw32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\navwnt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nc2000.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ncinst4.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ndd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\neomonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\neowatchlog.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netarmor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netd32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netinfo.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netmon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netscanpro.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netspyhunter-1.2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\netutils.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nisserv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nisum.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nmain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\normist.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\norton_internet_secu_3.0_407.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\notstart.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npf40_tw_98_nt_me_2k.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npfmessenger.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nprotect.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npscheck.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\npssvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nsched32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nssys32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nstask32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nsupdate.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntrtscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntvdm.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ntxconfig.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nupgrade.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvarch16.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvc95.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nvsvc32.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwinst4.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwservice.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\nwtool16.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAcat.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAhlp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OAReg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oasrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oaui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\oaview.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ODSW.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ollydbg.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\onsrvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\optimize.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ostronet.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\otfix.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpostinstall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpostproinstall.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ozn695m5.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\padmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\panixk.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\patch.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pav.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavcl.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PavFnSvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavprsrv.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavsched.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavsrv51.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pavw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PC_Antispyware2010.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pccwin98.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcfwallicon.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcip10117_0.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pcscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsAuxs.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsGui.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pctsTray.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pdfndr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pdsetup.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PerAvir.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\periscope.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\persfw.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\personalguard: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\personalguard.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\perswf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pf2.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pfwadmin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pgmonitr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pingscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\platin.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pop3trap.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\poproxy.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\popscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\portdetective.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\portmonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\powerscan.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ppinupdt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pptbc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ppvstop.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prizesurfer.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prmt.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\prmvr.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\procdump.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\processmonitor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\procexplorerv1.0.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\programauditor.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\proport.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\protector.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectx.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANCU.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANHost.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSANToManager.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PsCtrls.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PsImSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PskSvc.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pspf.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\PSUNMain.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\purge.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qconsole.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qh.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\qserver.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Quick Heal.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\QuickHealCleaner.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rapapp.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav7.exe: Debugger - svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\rav7win.exe: Debugger - svchost.exe (Microsoft Corporation)
O

Autres pages sur : securite master

19 Février 2011 20:32:42

je rajoute le rapport extra



OTL Extras logfile created on: 19/02/2011 20:08:26 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\LILA\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 66,69 Gb Free Space | 22,37% Space Free | Partition Type: NTFS
Drive D: | 2,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PC-DE-LILA | User Name: LILA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AB8BA7D-7B23-48C0-82AB-F42E75F2540B}" = rport=139 | protocol=6 | dir=out | app=system |
"{2BABC59D-8570-47C2-812D-F5B45DA33FF0}" = lport=445 | protocol=6 | dir=in | app=system |
"{45140EBB-AC2B-4617-BD4A-743B461023B6}" = lport=137 | protocol=17 | dir=in | app=system |
"{528B880B-C113-45E6-83D1-FE05E28068EE}" = lport=138 | protocol=17 | dir=in | app=system |
"{58B18DB2-F705-4C06-B755-3F8E8F0076CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5927A1DC-94D6-47D0-8D5A-933D47DF0A0F}" = rport=138 | protocol=17 | dir=out | app=system |
"{81A5B575-7DE0-4244-BA39-2BD2FD2B6D5E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8B6C05A8-BA8F-41B3-B5FF-AE2DC7716FD2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B47901E6-F6F5-4BF9-B5C1-3C860E1ADAAD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DE8C0E03-864A-4018-A8BC-975D621B7BEA}" = lport=139 | protocol=6 | dir=in | app=system |
"{F01C2607-0A2D-4ECC-9DDD-73ED0D622084}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD8639B5-D4C2-4017-80FA-13E60A345B86}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06DE14D1-4E5A-461C-9C84-F7F3181FD84E}" = protocol=17 | dir=in | app=c:\program files\sfr\media center\httpd\httpd.exe |
"{0C5F4002-CD4E-4262-A27F-19556D7D03E2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1B6E0D51-3BE8-47CE-AECA-19B8CA7A9A53}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{30755D09-042B-4097-8BF8-64E925964260}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{388537E1-CFBD-4BCE-9661-6FAB1879D144}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44E171BF-92EF-466E-9FF4-AC8F47DF4EE6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4D504FAB-549C-4B45-B8D1-380D415D92FD}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{52F562F2-15FA-4E1F-BA58-DB1FE10B49C5}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{657CB478-D902-476D-8161-1D9E99B55D12}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{74EB0038-7660-412C-8868-645F888952C4}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{8659AA47-0D72-4EE0-B0C9-E8A93BE51FD8}" = protocol=6 | dir=in | app=c:\program files\sfr\media center\httpd\httpd.exe |
"{8CB25ED7-97D8-4D0F-8792-7E6A8E293546}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A747C7D1-F827-4188-8555-756216794A67}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BA12856A-7FC6-4A20-BD4A-557869C6B6A5}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{BCE756B4-B810-4AB0-954E-69F34B8DBA0C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C7E97154-20F2-4476-960A-8C9B6AD6334B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C81D91E3-CDB2-46C3-815C-3A23E19A900C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3E060F0-11A5-4C7E-9C3A-46DDDA404FFE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"TCP Query User{29768866-9920-4726-ABD8-599E8DFF1065}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{398887D6-C6EB-480C-845E-676CDAAA795A}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{5DA1AE59-8321-4B23-BD7C-1B6A6A3B1047}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{6F402947-D673-4677-BFF9-20DF2D9FA6AC}C:\programdata\2dde76d\sm2dde.exe" = protocol=6 | dir=in | app=c:\programdata\2dde76d\sm2dde.exe |
"TCP Query User{B22073C1-40AC-48DB-B56E-8051309C2220}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{E371A623-5D42-4F58-AE13-85CAB3D38ABF}C:\program files\lime wire\ares.exe" = protocol=6 | dir=in | app=c:\program files\lime wire\ares.exe |
"TCP Query User{E4CCD5BB-FFCD-4D9C-9A63-F710527D45A7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0BC34B42-72FB-462B-85EC-671609405984}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{5942FEEE-9D16-47C4-B290-1591095DCC42}C:\programdata\2dde76d\sm2dde.exe" = protocol=17 | dir=in | app=c:\programdata\2dde76d\sm2dde.exe |
"UDP Query User{5F257895-A774-42D3-901C-7E4F2205AF91}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{A526FEDC-92EE-4569-85F4-F40E5B700DFE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{AF5E3FEE-4F04-4736-9AF9-0D6FCD167FCD}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{B6E6B3E0-499E-4C30-B6D9-E85308FA376B}C:\program files\lime wire\ares.exe" = protocol=17 | dir=in | app=c:\program files\lime wire\ares.exe |
"UDP Query User{E04A6A35-F780-4966-BDF2-04BFBFFD481A}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1036-7B44-A92000000001}" = Adobe Reader 9.2 - Français
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}" = USB PC Camera (SN9C103)
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F30C2271-5D81-42DB-81C2-DD7853118F1E}" = W311U
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ares" = Ares 2.1.2
"BearShare" = BearShare
"BearShare MediaBar" = MediaBar
"CCleaner" = CCleaner
"DivX Setup.divx.com" = Configuration DivX
"eMule" = eMule
"EoRezo_is1" = EoRezo 10.3
"Free Video Converter_is1" = Free Video Converter V 2.5
"Google Chrome" = Google Chrome
"HBLiteSA" = Hotbar
"LimeWire" = LimeWire 5.3.6
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PC SECURITY TEST 2010_is1" = PC SECURITY TEST 2010
"ResultBar" = ResultBar 1.0 build 113
"SFR_Kit" = SFR - Kit de connexion
"SFR_Media Center" = SFR - Media Center
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"ShopperReportsSA" = ShopperReports
"SoftwareUpdate_is1" = SoftwareUpdate 1.0
"VLC media player" = VLC media player 1.0.2
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Logiciel d'archivage WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/02/2011 03:43:00 | Computer Name = PC-de-LILA | Source = Software Licensing Service | ID = 8198
Description = L'activation des licences (SLUI.exe) a échoué avec le code d'erreur
suivant : 0x80070057

Error - 14/02/2011 04:10:04 | Computer Name = PC-de-LILA | Source = Application Error | ID = 1000
Description = Application défaillante DivXUpdate.exe, version 1.0.1.10, horodatage
0x4c06fc6d, module défaillant MSVCP80.dll, version 8.0.50727.4053, horodatage 0x4a594cd0,
code d’exception 0xc0000005, décalage d’erreur 0x000100b5, ID du processus 0xcd4,
heure de début de l’application 0x01cbcc1a614aecea.

Error - 15/02/2011 07:19:35 | Computer Name = PC-de-LILA | Source = Software Licensing Service | ID = 8198
Description = L'activation des licences (SLUI.exe) a échoué avec le code d'erreur
suivant : 0x80070057

Error - 15/02/2011 12:44:55 | Computer Name = PC-de-LILA | Source = Application Error | ID = 1000
Description = Application défaillante eorezo.exe, version 1.0.0.1, horodatage 0x4cb846fd,
module défaillant eorezo.exe, version 1.0.0.1, horodatage 0x4cb846fd, code d’exception
0x40000015, décalage d’erreur 0x00060d8b, ID du processus 0xc8c, heure de début
de l’application 0x01cbcd01c380663c.

Error - 17/02/2011 11:25:10 | Computer Name = PC-de-LILA | Source = Software Licensing Service | ID = 8198
Description = L'activation des licences (SLUI.exe) a échoué avec le code d'erreur
suivant : 0x80070057

Error - 17/02/2011 12:51:28 | Computer Name = PC-de-LILA | Source = Application Error | ID = 1000
Description = Application défaillante DivXUpdate.exe, version 1.0.1.10, horodatage
0x4c06fc6d, module défaillant MSVCP80.dll, version 8.0.50727.4053, horodatage 0x4a594cd0,
code d’exception 0xc0000005, décalage d’erreur 0x000100b5, ID du processus 0xcdc,
heure de début de l’application 0x01cbcebea9b29c57.

Error - 17/02/2011 16:07:12 | Computer Name = PC-de-LILA | Source = Application Error | ID = 1000
Description = Application défaillante eorezo.exe, version 1.0.0.1, horodatage 0x4cb846fd,
module défaillant eorezo.exe, version 1.0.0.1, horodatage 0x4cb846fd, code d’exception
0x40000015, décalage d’erreur 0x00060d8b, ID du processus 0xd3c, heure de début
de l’application 0x01cbcebea9d612ef.

Error - 18/02/2011 10:03:53 | Computer Name = PC-de-LILA | Source = Software Licensing Service | ID = 8198
Description = L'activation des licences (SLUI.exe) a échoué avec le code d'erreur
suivant : 0x80070057

Error - 19/02/2011 14:37:30 | Computer Name = PC-de-LILA | Source = Software Licensing Service | ID = 8198
Description = L'activation des licences (SLUI.exe) a échoué avec le code d'erreur
suivant : 0x80070057

Error - 19/02/2011 15:02:07 | Computer Name = PC-de-LILA | Source = Application Error | ID = 1000
Description = Application défaillante DivXUpdate.exe, version 1.0.1.10, horodatage
0x4c06fc6d, module défaillant MSVCP80.dll, version 8.0.50727.4053, horodatage 0x4a594cd0,
code d’exception 0xc0000005, décalage d’erreur 0x000100b5, ID du processus 0xc6c,
heure de début de l’application 0x01cbd063a003a2f9.

[ Media Center Events ]
Error - 06/07/2010 07:38:07 | Computer Name = PC-de-LILA | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

Error - 05/08/2010 15:46:20 | Computer Name = PC-de-LILA | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

Error - 24/08/2010 06:14:36 | Computer Name = PC-de-LILA | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

Error - 07/09/2010 11:43:23 | Computer Name = PC-de-LILA | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

Error - 07/09/2010 11:45:08 | Computer Name = PC-de-LILA | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Processus : DefaultDomain Nom de l’objet : Media Center Guide

Error - 07/09/2010 11:47:05 | Computer Name = PC-de-LILA | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Processus : DefaultDomain Nom de l’objet : Media Center Guide

Error - 07/09/2010 12:03:04 | Computer Name = PC-de-LILA | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

Error - 01/10/2010 15:21:03 | Computer Name = PC-de-LILA | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

Error - 09/01/2011 12:00:09 | Computer Name = PC-de-LILA | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

Error - 19/02/2011 14:36:35 | Computer Name = PC-de-LILA | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

[ System Events ]
Error - 12/02/2011 06:59:50 | Computer Name = PC-de-LILA | Source = HTTP | ID = 15016
Description =

Error - 12/02/2011 07:23:25 | Computer Name = PC-de-LILA | Source = HTTP | ID = 15016
Description =

Error - 13/02/2011 15:58:24 | Computer Name = PC-de-LILA | Source = HTTP | ID = 15016
Description =

Error - 14/02/2011 03:39:09 | Computer Name = PC-de-LILA | Source = HTTP | ID = 15016
Description =

Error - 15/02/2011 07:15:50 | Computer Name = PC-de-LILA | Source = HTTP | ID = 15016
Description =

Error - 17/02/2011 11:22:19 | Computer Name = PC-de-LILA | Source = HTTP | ID = 15016
Description =

Error - 17/02/2011 12:20:16 | Computer Name = PC-de-LILA | Source = HTTP | ID = 15016
Description =

Error - 18/02/2011 10:00:56 | Computer Name = PC-de-LILA | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 21:08:59 le 17/02/2011 n'était pas prévu.

Error - 18/02/2011 10:00:58 | Computer Name = PC-de-LILA | Source = HTTP | ID = 15016
Description =

Error - 19/02/2011 14:33:57 | Computer Name = PC-de-LILA | Source = HTTP | ID = 15016
Description =


< End of report >
a c 620 8 Sécurité
20 Février 2011 14:55:55

Bonjour,

Le rapport OTL.txt n'est pas complet, merci d'utiliser un service de rapport en ligne pour le remettre :
http://www.cijoint.fr/

Vista pas à jour ... c'est une version légale ?
Contenus similaires
a c 620 8 Sécurité
21 Février 2011 20:15:51

Re,

J'ai quand même un doute sur la version de Vista, sache que mon intervention pourrait engendrer des soucis si ce n'est pas une version légale ...

Citation :
oui vista est legale mais ordi utilise par une bille(ma belle mere) qui n'y connait rien


Elle n'y connais rien, mais à une pléthore de logiciel de p2p, des toolbar publicitaire à foison ... bref, super pourri le pc ... pas à jour en plus ... faut pas s'étonner ...
Bien sûr, pas d'antivirus avec tout çà ...


Préambule à toute désinfection :

La désinfection demande l'utilisation d'outils et de procédures plus ou moins complexes, sensibles et potentiellement dangereux.
Nous nous efforçons donc de traduire cela le plus clairement possible, néanmoins, il convient de respecter quelques conseils pour son bon déroulement :

  • Le PC infecté doit être utilisé le moins possible, mis à part pour les procédures et communiquer sur le forum.
  • Lis toujours l'intégralité des procédures avant de les entamer, ou sauvegarde-les (impression/ fichier texte).
    (En effet certaines circonstances pourraient t'empêcher de poursuivre la lecture, redémarrage de pc par exemple)
  • Réalise entièrement, précisément et dans l'ordre donné, les procédures demandées, sans cela tu risques de créer plus de problèmes que tu n'en résoudrais. Ne tente rien par toi-même sans nous en faire part avant !
  • N'hésite pas à poser toute question avant d'entamer les procédures, et rapporte immédiatement les problèmes rencontrés lors de celles-ci.


    Enfin, sache que la désinfection n'est terminée que lorsque la personne qui t'a pris en main te le dit.
    La disparition des symptômes ne signifie pas obligatoirement la disparition de l'infection !

    De plus, malgré nos précautions, un plantage du PC est toujours possible, pense à sauvegarder le maximum possible tes documents auparavant !


    1) Désinstalle ces programmes (si présents) :

    - BearShare MediaBar / MediaBar
    - EoRezo 10.3
    - Hotbar
    - PC SECURITY TEST 2010
    - ResultBar 1.0 build 113
    - ShopperReports
    - SoftwareUpdate 1.0
    - Norton Security Scan (pas un antivirus çà, un scanner ponctuel juste ...)


    Relance OTL.exe
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Copie/colle ce qui suit dans le cadre Personnalisation en bas à gauche.
    :OTL
    PRC - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
    PRC - C:\Program Files\EoRezo\eorezo.exe (EoRezo)
    PRC - C:\Program Files\HBLite\bin\11.0.264.0\HBLiteSA.exe (Pinball Corporation.)
    PRC - C:\ProgramData\2dde76d\SM2dde.exe (Live PC.)
    PRC - C:\Users\LILA\LILA.exe ()
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
    FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "BearShare Web Search"
    FF - prefs.js..extensions.enabledItems: HBLite@HBLite.com:11.0.0.0
    FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q="
    FF - HKLM\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files\HBLite\bin\11.0.264.0\firefox\extensions [2010/10/16 10:48:00 | 000,000,000 | ---D | M]
    [2010/11/01 12:42:06 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\LILA\AppData\Roaming\mozilla\Firefox\Profiles\gxck6m73.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
    [2010/09/14 13:41:12 | 000,002,506 | ---- | M] () -- C:\Users\LILA\AppData\Roaming\Mozilla\Firefox\Profiles\gxck6m73.default\searchplugins\BearShareWebSearch.xml
    [2010/09/06 15:16:30 | 000,000,879 | ---- | M] () -- C:\Users\LILA\AppData\Roaming\Mozilla\Firefox\Profiles\gxck6m73.default\searchplugins\conduit.xml
    [2010/11/03 21:13:08 | 000,000,000 | ---D | M] (ResultBar) -- C:\Program Files\mozilla firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}
    [2010/11/01 12:42:05 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
    [2010/10/16 10:48:00 | 000,000,000 | ---D | M] (Hotbar Component) -- C:\PROGRAM FILES\HBLITE\BIN\11.0.264.0\FIREFOX\EXTENSIONS
    [2010/11/03 21:12:24 | 000,000,000 | ---D | M] (ShopperReports) -- C:\PROGRAM FILES\SHOPPERREPORTS3\BIN\3.0.517.0\FIREFOX\FIREFOXTOOLBAR\EXTENSIONS
    [2010/08/12 00:52:02 | 000,083,248 | ---- | M] (Pinball Corporation.) -- C:\Program Files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
    [2010/09/14 13:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
    O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll ()
    O2 - BHO: (ShopperReports) - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
    O2 - BHO: (EOBHO Class) - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - C:\Program Files\EoRezo\EoRezoBHO.dll (EoRezo)
    O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE (MusicLab, LLC)
    O4 - HKLM..\Run: [eorezo] C:\Program Files\EoRezo\eorezo.exe (EoRezo)
    O4 - HKLM..\Run: [HBLiteSA] C:\Program Files\HBLite\bin\11.0.264.0\HBLiteSA.exe (Pinball Corporation.)
    O4 - HKCU..\Run: [LILA] C:\Users\LILA\LILA.exe ()
    O4 - HKCU..\Run: [Security Master AV] File not found
    O4 - HKLM..\RunOnce: [SoftwareHelper] C:\Users\LILA\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (EoRezo)
    O9 - Extra Button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
    O9 - Extra Button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll (SmartShopper Inc.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
    O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
    33 - MountPoints2\{873b9f29-7bb6-11df-a338-c83a35c022a8}\Shell\AutopLay\COmmanD - "" = E:\iisslq.cmd
    O33 - MountPoints2\{873b9f29-7bb6-11df-a338-c83a35c022a8}\Shell\AutoRun\command - "" = E:\iisslq.cmd
    O33 - MountPoints2\{873b9f29-7bb6-11df-a338-c83a35c022a8}\Shell\eXplorE\coMMANd - "" = E:\iisslq.cmd
    O33 - MountPoints2\{873b9f29-7bb6-11df-a338-c83a35c022a8}\Shell\OPEn\cOmmaNd - "" = E:\iisslq.cmd
    [2011/02/11 12:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\1C7
    [2011/02/19 19:35:33 | 000,001,515 | ---- | M] () -- C:\Users\LILA\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
    [2011/02/19 19:35:33 | 000,001,491 | ---- | M] () -- C:\Users\LILA\Desktop\Security Master AV.lnk
    [2011/02/17 17:52:05 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for LILA.job
    [2010/02/23 20:00:57 | 000,009,592 | -HS- | C] () -- C:\Users\LILA\AppData\Local\J50l1AiqIvJy
    [2010/10/18 12:43:38 | 000,000,000 | ---D | M] -- C:\Users\LILA\AppData\Roaming\EoRezo
    [2010/10/16 10:48:00 | 000,000,000 | ---D | M] -- C:\Users\LILA\AppData\Roaming\HBLite
    [2010/05/30 15:11:15 | 000,000,000 | -HSD | M] -- C:\Users\LILA\AppData\Roaming\Security Master AV
    [2010/10/16 10:47:49 | 000,000,000 | ---D | M] -- C:\Users\LILA\AppData\Roaming\ShopperReports3

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{6F402947-D673-4677-BFF9-20DF2D9FA6AC}C:\programdata\2dde76d\sm2dde.exe"=-
    "UDP Query User{5942FEEE-9D16-47C4-B290-1591095DCC42}C:\programdata\2dde76d\sm2dde.exe"=-

    :Files
    C:\Program Files\BearShare Applications\MediaBar
    C:\Program Files\EoRezo
    C:\Program Files\HBLite
    C:\ProgramData\2dde76d
    C:\PROGRAM FILES\SHOPPERREPORTS3

    :Commands
    [emptytemp]
    [emptyflash]
    [resethosts]


  • Puis clique sur le bouton Correction en haut à gauche
  • Si le pc demande à redémarrer accepte.
  • Poste le rapport de suppression.


    Télécharge MalwareByte's Anti-Malware :

  • Installe le programme (aide ici)
  • Lance-le et met à jour la base de définition.

  • Choisi ensuite "Exécuter un examen complet" puis "Rechercher"
  • Sélectionne les disques dur et clique sur "Lancer l'examen"
  • Laisse l'analyse se faire (cela peut durer longtemps).
  • A la fin, vérifie que les éléments trouvés soient coché (dans "Résultat de l'examen).
  • Puis clique sur "Supprimer la sélection" en bas.
  • Un redémarrage peut être nécessaire.

  • Un rapport va s'afficher, enregistre-le sur ton bureau.
  • ou sinon, après le démarrage, il se trouvera dans "Rapports/logs"

    [:_tom_:7]
    21 Février 2011 20:56:20

    bonsoir ,pour le vista je peux pas t'en dire plus elle a acheter l'ordi et la licence vista dans une boutique qui assemble les pc
    En tous cas je retourne chez elle demain et j'essaye ce que tu m'as dit
    je te tiens au courant,merci beaucoup
    25 Février 2011 20:20:44

    bonjour je vous poste le rapport otl

    All processes killed
    ========== OTL ==========
    No active process named datamngrUI.exe was found!
    No active process named eorezo.exe was found!
    No active process named HBLiteSA.exe was found!
    No active process named SM2dde.exe was found!
    No active process named LILA.exe was found!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\First Home Page| /E : value set successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Prefs.js: "BearShare Web Search" removed from browser.search.defaultenginename
    Prefs.js: "Web Search" removed from browser.search.defaultthis.engineName
    Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT146098...{searchTerms}" removed from browser.search.defaulturl
    Prefs.js: "BearShare Web Search" removed from browser.search.order.1
    Prefs.js: HBLite@HBLite.com:11.0.0.0 removed from extensions.enabledItems
    Prefs.js: "http://search.bearshare.com/web?src=ffb&systemid=2&q=" removed from keyword.URL
    Registry key HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions not found.
    File C:\Program Files\HBLite\bin\11.0.264.0\firefox\extensions not found.
    Folder C:\Users\LILA\AppData\Roaming\mozilla\Firefox\Profiles\gxck6m73.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\ not found.
    C:\Users\LILA\AppData\Roaming\Mozilla\Firefox\Profiles\gxck6m73.default\searchplugins\BearShareWebSearch.xml moved successfully.
    C:\Users\LILA\AppData\Roaming\Mozilla\Firefox\Profiles\gxck6m73.default\searchplugins\conduit.xml moved successfully.
    C:\Program Files\mozilla firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}\defaults\preferences folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}\defaults folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0}\chrome folder moved successfully.
    C:\Program Files\mozilla firefox\extensions\{34EFA911-B536-4C08-BECE-CD5E55C875B0} folder moved successfully.
    C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully.
    C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION folder moved successfully.
    Folder C:\PROGRAM FILES\HBLITE\BIN\11.0.264.0\FIREFOX\EXTENSIONS\ not found.
    Folder C:\PROGRAM FILES\SHOPPERREPORTS3\BIN\3.0.517.0\FIREFOX\FIREFOXTOOLBAR\EXTENSIONS\ not found.
    File C:\Program Files\mozilla firefox\plugins\npclntax_HBLiteSA.dll not found.
    C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
    File C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47fd-81F3-EE91287F9465}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465}\ not found.
    File C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\ not found.
    File C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}\ deleted successfully.
    C:\Program Files\EoRezo\EoRezoBHO.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found.
    File C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
    File move failed. C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE scheduled to be moved on reboot.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eorezo deleted successfully.
    C:\Program Files\EoRezo\eorezo.exe moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HBLiteSA not found.
    File C:\Program Files\HBLite\bin\11.0.264.0\HBLiteSA.exe not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LILA deleted successfully.
    C:\Users\LILA\LILA.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Security Master AV deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SoftwareHelper deleted successfully.
    C:\Users\LILA\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\ not found.
    File C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\ not found.
    File C:\Program Files\ShopperReports3\bin\3.0.517.0\ShopperReports.dll not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll deleted successfully.
    File C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll deleted successfully.
    File C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{873b9f29-7bb6-11df-a338-c83a35c022a8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{873b9f29-7bb6-11df-a338-c83a35c022a8}\ not found.
    File E:\iisslq.cmd not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{873b9f29-7bb6-11df-a338-c83a35c022a8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{873b9f29-7bb6-11df-a338-c83a35c022a8}\ not found.
    File E:\iisslq.cmd not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{873b9f29-7bb6-11df-a338-c83a35c022a8}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{873b9f29-7bb6-11df-a338-c83a35c022a8}\ not found.
    File E:\iisslq.cmd not found.
    C:\ProgramData\1C7 folder moved successfully.
    C:\Users\LILA\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk moved successfully.
    C:\Users\LILA\Desktop\Security Master AV.lnk moved successfully.
    C:\Windows\Tasks\Norton Security Scan for LILA.job moved successfully.
    C:\Users\LILA\AppData\Local\J50l1AiqIvJy moved successfully.
    C:\Users\LILA\AppData\Roaming\EoRezo\SoftwareUpdate\Software folder moved successfully.
    C:\Users\LILA\AppData\Roaming\EoRezo\SoftwareUpdate\Download folder moved successfully.
    C:\Users\LILA\AppData\Roaming\EoRezo\SoftwareUpdate folder moved successfully.
    C:\Users\LILA\AppData\Roaming\EoRezo folder moved successfully.
    Folder C:\Users\LILA\AppData\Roaming\HBLite\ not found.
    C:\Users\LILA\AppData\Roaming\Security Master AV folder moved successfully.
    Folder C:\Users\LILA\AppData\Roaming\ShopperReports3\ not found.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6F402947-D673-4677-BFF9-20DF2D9FA6AC}C:\programdata\2dde76d\sm2dde.exe deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5942FEEE-9D16-47C4-B290-1591095DCC42}C:\programdata\2dde76d\sm2dde.exe deleted successfully.
    ========== FILES ==========
    C:\Program Files\BearShare Applications\MediaBar\Datamngr folder moved successfully.
    C:\Program Files\BearShare Applications\MediaBar folder moved successfully.
    C:\Program Files\EoRezo folder moved successfully.
    File\Folder C:\Program Files\HBLite not found.
    C:\ProgramData\2dde76d\SMAVSys folder moved successfully.
    C:\ProgramData\2dde76d\Quarantine Items folder moved successfully.
    C:\ProgramData\2dde76d\BackUp folder moved successfully.
    C:\ProgramData\2dde76d folder moved successfully.
    File\Folder C:\PROGRAM FILES\SHOPPERREPORTS3 not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: les enfants
    ->Temp folder emptied: 4250458 bytes
    ->Temporary Internet Files folder emptied: 1703048 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 43338884 bytes
    ->Google Chrome cache emptied: 6284803 bytes
    ->Flash cache emptied: 1506 bytes

    User: LILA
    ->Temp folder emptied: 25099794 bytes
    ->Temporary Internet Files folder emptied: 44801362 bytes
    ->Java cache emptied: 50625311 bytes
    ->FireFox cache emptied: 78231209 bytes
    ->Flash cache emptied: 8375 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 857 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 243,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: les enfants
    ->Flash cache emptied: 0 bytes

    User: LILA
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.20.6 log created on 02252011_200430

    Files\Folders moved on Reboot...
    File\Folder C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE not found!

    Registry entries deleted on Reboot...
    25 Février 2011 20:59:42

    le rapport de malware

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 5876

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    25/02/2011 20:54:11
    mbam-log-2011-02-25 (20-54-11).txt

    Type d'examen: Examen complet (C:\|)
    Elément(s) analysé(s): 255086
    Temps écoulé: 28 minute(s), 38 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 764
    Valeur(s) du Registre infectée(s): 18
    Elément(s) de données du Registre infecté(s): 5
    Dossier(s) infecté(s): 6
    Fichier(s) infecté(s): 22

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Exe
    a c 620 8 Sécurité
    26 Février 2011 09:38:43

    Re,

    à peine pourri le pc ...

    Citation :
    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 764
    Valeur(s) du Registre infectée(s): 18
    Elément(s) de données du Registre infecté(s): 5
    Dossier(s) infecté(s): 6
    Fichier(s) infecté(s): 22


    à suivre :

    Télécharge Ad-R (de C_XX) sur ton Bureau.

    /!\ Désactive tes protections résidentes : antivirus, antispyware, déconnecte-toi et ferme toutes les applications en cours /!\

  • Installe le programme (avec les paramètres par défaut).
  • Le programme se lance automatiquement à la fin de l'installation, sinon, lance-le via le raccourci Ad-R situé sur ton Bureau.
    (Utilisateur de Vista/Windows 7, clique-droit sur le raccourci de Ad-R -> Exécuter en tant qu'administrateur)
  • Valide l'avertissement, puis, dans la fenêtre principal, choisis l'option Scanner, et valide avec "Oui"
  • A la fin, appuie sur une touche, un rapport apparaitra (sinon, il est situé ici C:\Ad-report(date).log). Poste-le dans ta prochaine réponse

    /!\ N'oublie pas de réactiver tes protections résidentes /!\
    26 Février 2011 12:09:34

    ok je vais faire ca cet am
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS