Se connecter / S'enregistrer
Votre question

Hijack [Résolu]

Tags :
  • software
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Mars 2010 19:22:18

Bonjour,quelqu'un pourrait m'analyser ce rapport:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:06, on 29-03-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\per\Bureau\hijackthis-2.0.2.75917.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\per\LOCALS~1\Temp\hijackthis-2.0.2.75917.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.hiyo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.212.177.251 www.google.com
O1 - Hosts: 67.212.177.251 google.com
O1 - Hosts: 67.212.177.251 google.com.au
O1 - Hosts: 67.212.177.251 www.google.com.au
O1 - Hosts: 67.212.177.251 google.be
O1 - Hosts: 67.212.177.251 www.google.be
O1 - Hosts: 67.212.177.251 google.com.br
O1 - Hosts: 67.212.177.251 www.google.com.br
O1 - Hosts: 67.212.177.251 google.ca
O1 - Hosts: 67.212.177.251 www.google.ca
O1 - Hosts: 67.212.177.251 google.ch
O1 - Hosts: 67.212.177.251 www.google.ch
O1 - Hosts: 67.212.177.251 google.de
O1 - Hosts: 67.212.177.251 www.google.de
O1 - Hosts: 67.212.177.251 google.dk
O1 - Hosts: 67.212.177.251 www.google.dk
O1 - Hosts: 67.212.177.251 google.fr
O1 - Hosts: 67.212.177.251 www.google.fr
O1 - Hosts: 67.212.177.251 google.ie
O1 - Hosts: 67.212.177.251 www.google.ie
O1 - Hosts: 67.212.177.251 google.it
O1 - Hosts: 67.212.177.251 www.google.it
O1 - Hosts: 67.212.177.251 google.co.jp
O1 - Hosts: 67.212.177.251 www.google.co.jp
O1 - Hosts: 67.212.177.251 google.nl
O1 - Hosts: 67.212.177.251 www.google.nl
O1 - Hosts: 67.212.177.251 google.no
O1 - Hosts: 67.212.177.251 www.google.no
O1 - Hosts: 67.212.177.251 google.co.nz
O1 - Hosts: 67.212.177.251 www.google.co.nz
O1 - Hosts: 67.212.177.251 google.pl
O1 - Hosts: 67.212.177.251 www.google.pl
O1 - Hosts: 67.212.177.251 google.se
O1 - Hosts: 67.212.177.251 www.google.se
O1 - Hosts: 67.212.177.251 google.co.uk
O1 - Hosts: 67.212.177.251 www.google.co.uk
O1 - Hosts: 67.212.177.251 google.co.za
O1 - Hosts: 67.212.177.251 www.google.co.za
O1 - Hosts: 67.212.177.251 www.google-analytics.com
O1 - Hosts: 67.212.177.251 www.bing.com
O1 - Hosts: 67.212.177.251 search.yahoo.com
O1 - Hosts: 67.212.177.251 www.search.yahoo.com
O1 - Hosts: 67.212.177.251 uk.search.yahoo.com
O1 - Hosts: 67.212.177.251 ca.search.yahoo.com
O1 - Hosts: 67.212.177.251 de.search.yahoo.com
O1 - Hosts: 67.212.177.251 fr.search.yahoo.com
O1 - Hosts: 67.212.177.251 au.search.yahoo.com
O2 - BHO: (no name) - {112A2A8C-6199-415E-92DF-AD46482D1314} - C:\WINDOWS\System32\corpol32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\DOCUME~1\per\LOCALS~1\Temp\37.tmp
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2896CB5-8FE1-4294-B3C1-6737F618329F}: NameServer = 208.67.222.222 193.55.10.102
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\WINDOWS\System32\ff_vfw32.dll
O20 - Winlogon Notify: 18ab705b861 - C:\WINDOWS\System32\ff_vfw32.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8282 bytes





MERCI.

Autres pages sur : hijack resolu

a c 302 8 Sécurité
29 Mars 2010 19:34:20

Bonjour,

Ton PC est infecté.

  • Télécharge Ad-Remover (de C_XX) sur ton Bureau.
  • Déconnecte-toi et ferme toutes applications en cours.
  • Double-clique sur AD-R situé sur ton Bureau pour le lancer.
  • Choisis Nettoyer puis valide.
  • Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    29 Mars 2010 20:22:06

    Merci pour ta réponse voici le rapport du scan:



    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://search.live.com
    Show_ToolBar: yes
    Start Page: hxxp://mystart.hiyo.com/
    Use Search Asst: no
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
    Delete_Temp_Files_On_Exit: yes
    Local Page: %SystemRoot%\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ========================================
    .
    C:\DOCUME~1\per\LOCALS~1\Temp: 19 Fichier(s), 4 Dossier(s)
    C:\WINDOWS\temp: 5 Fichier(s), 0 Dossier(s)
    Temporary Internet Files: 7 Fichier(s), 5 Dossier(s)
    .
    C:\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Ad-Remover\Backup: 1 Fichier(s)
    .
    C:\Ad-Report-SCAN[1].txt - 3733 Octet(s)
    .
    Fin à: 19:10:06, 29/03/2010
    .
    ============== E.O.F - SCAN[1] ==============





    Et pour le nettoyage tous va bien jusqu'à ce qu'il arrive a 85% et une erreur ce produit l'en empêchant de terminer son nettoyage!
    Contenus similaires
    29 Mars 2010 20:24:01

    Désolé voici le rapport complet du scan :


    .
    ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 28/03/10 à 21:30
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 19:07:09 le 29/03/2010 | Mode normal | Option: SCAN
    Exécuté de: C:\Ad-Remover\ADR.exe
    SE: Microsoft® Windows XP™ Service Pack 2 - X86
    Nom du PC: MASSYL | Utilisateur actuel: per (Administrateur)
    .
    ============== ÉLÉMENT(S) TROUVÉ(S) ==============
    .
    .
    C:\Documents and Settings\per\Application Data\Mozilla\FireFox\Profiles\m3t1atd4.default\searchplugins\ask.xml
    .
    HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
    HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
    HKLM\Software\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{C94E154B-1459-4A47-966B-4B843BEFC7DB}
    .
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 3.5.8 (fr) *
    .
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.download.dir: C:\\Documents and Settings\\per\\Bureau
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\per\\Mes documents
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.search.defaultenginename: MyStart Rechercher
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.search.defaulturl: hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.search.selectedEngine: Yahoo
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.startup.homepage: hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:o fficial
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - keyword.URL: hxxp://mystart.hiyo.com/?loc=ff_address&search=
    .
    TROUVÉ: C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1");
    .
    * Internet Explorer Version 6.0.2900.2180 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://search.live.com
    Show_ToolBar: yes
    Start Page: hxxp://mystart.hiyo.com/
    Use Search Asst: no
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
    Delete_Temp_Files_On_Exit: yes
    Local Page: %SystemRoot%\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ========================================
    .
    C:\DOCUME~1\per\LOCALS~1\Temp: 19 Fichier(s), 4 Dossier(s)
    C:\WINDOWS\temp: 5 Fichier(s), 0 Dossier(s)
    Temporary Internet Files: 7 Fichier(s), 5 Dossier(s)
    .
    C:\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Ad-Remover\Backup: 1 Fichier(s)
    .
    C:\Ad-Report-SCAN[1].txt - 3733 Octet(s)
    .
    Fin à: 19:10:06, 29/03/2010
    .
    ============== E.O.F - SCAN[1] ==============
    a c 302 8 Sécurité
    29 Mars 2010 20:25:53

    Ok.

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher. L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    29 Mars 2010 22:53:17

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3929
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    29-03-2010 21:49:27
    mbam-log-2010-03-29 (21-49-26).txt

    Type de recherche: Examen rapide
    Eléments examinés: 132283
    Temps écoulé: 19 minute(s), 48 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 764
    Valeur(s) du Registre infectée(s): 17
    Elément(s) de données du Registre infecté(s): 9
    Dossier(s) infecté(s): 6
    Fichier(s) infecté(s): 53

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\ff_vfw32.dll (Trojan.Tracur) -> Delete on reboot.
    C:\WINDOWS\system32\6.tmp (Worm.P2P) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{112a2a8c-6199-415e-92df-ad46482d1314} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{112a2a8c-6199-415e-92df-ad46482d1314} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\18ab705b861 (Trojan.Tracur) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{112a2a8c-6199-415e-92df-ad46482d1314} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aavgapi.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aawtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\about.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ad-aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adwareprj.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aluschedulersvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus_pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxp (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashavast.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashbug.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashchest.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashcnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashdisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashlogv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashmaisv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashpopwz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashquick.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashsimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashsimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpck.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashwebsv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswchlic.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswregsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswrundll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswupdsv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcare.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinprocpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmsnscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanielow.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savedefense.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\history.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\identity.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieshow.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jsrcgen.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alphaav (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alphaav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antispywarxp2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-virus professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiviruspro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quickhealcleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safetykeeper.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savearmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secure veteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securityfighter.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softsafeness.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trustwarrior.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows police pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\malwareremoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsacore.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
    a c 302 8 Sécurité
    29 Mars 2010 22:54:41

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Réessaie la manip' avec Ad-Remover.
    30 Mars 2010 18:02:26

    Désole de te le dire mais kif kif , il y a une erreur avant que AD-Remover ne finissent le nettoyage.
    a c 302 8 Sécurité
    30 Mars 2010 20:26:00

    Que dit l'erreur ?
    30 Mars 2010 20:32:42

    Line-1:

    Error:Error in expression.


    Voilà mots par mots ce que indique le message d'erreur.
    a c 302 8 Sécurité
    30 Mars 2010 20:54:52

    Ok merci ;) 

  • Télécharge OTL (de OldTimer) sur ton Bureau.
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Output en haut de cette fenêtre, coche Minimal Output.
  • Coche également les cases à côté de LOP Check et Purity Check.
  • Enfin, clique sur le bouton Run Scan. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

    Pour me transmettre les rapports :
  • Clique sur ce lien : http://www.cijoint.fr/
  • Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
  • Clique sur Ouvrir.
  • Clique sur Cliquez ici pour déposer le fichier.
  • Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
  • Copie-colle ce lien dans ta réponse.
    30 Mars 2010 21:05:12

    C'est bon pour Ad-Remover j'ai pu le faire fonctionner normalement voici le rapport:



    (!) -- Fichiers temporaires supprimés.
    .
    .
    (Orpheline) BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} (CLSID manquant)
    .
    ============== SCAN ADDITIONNEL ==============
    .
    * Mozilla FireFox Version 3.5.8 (fr) *
    .
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.download.dir: C:\\Documents and Settings\\per\\Bureau
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\per\\Mes documents
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.search.defaultenginename: MyStart Rechercher
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.search.defaulturl: hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.search.selectedEngine: Yahoo
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.startup.homepage: hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:o fficial
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8
    C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - keyword.URL: hxxp://mystart.hiyo.com/?loc=ff_address&search=
    .
    EFFACÉ: C:\Documents and Settings\per\..\m3t1atd4.default\prefs.js - user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q={searchTerms}&crm=1");
    .
    * Internet Explorer Version 6.0.2900.2180 *
    .
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Do404Search: 0x01000000
    Local Page: C:\WINDOWS\system32\blank.htm
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Use Search Asst: no
    .
    [HKLM\Software\Microsoft\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: %SystemRoot%\system32\blank.htm
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/
    .
    [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    Blank: res://mshtml.dll/blank.htm
    .
    ========================================
    .
    C:\DOCUME~1\per\LOCALS~1\Temp: 2 Fichier(s), 3 Dossier(s)
    C:\WINDOWS\temp: 2 Fichier(s), 0 Dossier(s)
    Temporary Internet Files: 2 Fichier(s), 2 Dossier(s)
    .
    C:\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Ad-Remover\Backup: 0 Fichier(s)
    .
    C:\Ad-Report-CLEAN[6].txt - 2787 Octet(s)
    .
    Fin à: 19:54:37, 30/03/2010
    .
    ============== E.O.F - CLEAN[6] ==============




    Et pour les rapports OTL les voici:


    http://www.cijoint.fr/cjlink.php?file=cj201003/cijNQ39Z...
    http://www.cijoint.fr/cjlink.php?file=cj201003/cijIeFoI...




    a c 302 8 Sécurité
    30 Mars 2010 21:20:55

    1/

  • Relance Ad-Remover et choisis Désinstaller.

  • Télécharge HostsXpert sur ton Bureau.
  • Décompresse-le (Clic droit >> Extraire ici).
  • Double-clique sur HostsXpert pour le lancer.
  • Clique sur le bouton Restore MS Hosts File puis ferme le programme.

    PS : avant de cliquer sur le bouton Restore MS Hosts File, vérifie que le cadenas en haut à gauche soit ouvert sinon tu vas avoir un message d'erreur.


    2/

  • Télécharge UsbFix (par El Desaparecido & C_XX) sur ton Bureau.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur UsbFix pour l'exécuter.
  • Choisis l'option 1 (Recherche).
  • Laisse travailler l'outil.
  • Poste le rapport UsbFix.txt.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

    "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    31 Mars 2010 10:56:47

    Comment faire pour qu'il soit ouvert?? (le cadenas)
    a c 302 8 Sécurité
    31 Mars 2010 20:22:05

    En cliquant dessus.
    1 Avril 2010 18:42:58

    c'est ce que j'ai mais rien ne se produit!
    a c 302 8 Sécurité
    1 Avril 2010 19:31:56

    Passe à la suite.
    2 Avril 2010 14:30:32


    ############################## | UsbFix V6.100 |

    User : per (Administrateurs) # MASSYL
    Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 13:27:57 | 02-04-2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180
    Windows Firewall Status : Disabled
    AV : Kaspersky Internet Security 7.0.1.325 [ Enabled | Updated ]
    AV : CleanUp Antivirus [ Enabled | Updated ]
    FW : Kaspersky Internet Security[ Enabled ]7.0.1.325
    FW : CleanUp Antivirus[ Enabled ]

    C:\ -> Disque fixe local # 39.06 Go (8.8 Go free) # NTFS
    D:\ -> Disque fixe local # 39.06 Go (38.7 Go free) # NTFS
    E:\ -> Disque fixe local # 39.06 Go (25.92 Go free) # NTFS
    F:\ -> Disque fixe local # 36.2 Go (36.13 Go free) # NTFS
    G:\ -> Disque CD-ROM
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque amovible
    K:\ -> Disque amovible

    ################## | Elements infectieux |


    ################## | Registre |

    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
    [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"

    ################## | Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{286ebf07-5985-11de-b2e5-001fe2047f24}
    Shell\Auto\command =auto.exe
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
    Shell\explore\Command =b3b9u.com
    Shell\open\Command =b3b9u.com

    HKCU\..\..\Explorer\MountPoints2\{2fb2465a-8450-11de-b35d-001fe2047f24}
    Shell\Auto\command =KM.exe
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KM.exe

    HKCU\..\..\Explorer\MountPoints2\{2fb2465b-8450-11de-b35d-001fe2047f24}
    Shell\Auto\command =KM.exe
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KM.exe

    HKCU\..\..\Explorer\MountPoints2\{ca9827f6-d2a9-11de-8be4-001fe2047f24}
    Shell\AutoRun\command =O:\MediaManager.exe

    HKCU\..\..\Explorer\MountPoints2\{ca9827f7-d2a9-11de-8be4-001fe2047f24}
    Shell\AutoRun\command =qcwpung.exe
    Shell\explore\Command =qcwpung.exe
    Shell\open\Command =qcwpung.exe

    HKCU\..\..\Explorer\MountPoints2\{dab0d2e6-5035-11de-b2c2-001fe2047f24}
    Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL yoAyo.Exe

    ################## | Vaccin |

    # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    # D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    # E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    # F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

    ################## | ! Fin du rapport # UsbFix V6.100 ! |

    a c 302 8 Sécurité
    2 Avril 2010 22:31:56

  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
  • Double-clique sur UsbFix présent sur ton Bureau pour le lancer.
  • Choisis l'option 2 (Suppression).
  • Ton Bureau disparaîtra et le PC redémarrera.
  • Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
  • Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
    4 Avril 2010 14:58:01


    ############################## | UsbFix V6.100 |

    User : per (Administrateurs) # MASSYL
    Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 13:48:42 | 04-04-2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180
    Windows Firewall Status : Disabled
    AV : Kaspersky Internet Security 7.0.1.325 [ Enabled | Updated ]
    AV : CleanUp Antivirus [ Enabled | Updated ]
    FW : Kaspersky Internet Security[ Enabled ]7.0.1.325
    FW : CleanUp Antivirus[ Enabled ]

    C:\ -> Disque fixe local # 39.06 Go (8.8 Go free) # NTFS
    D:\ -> Disque fixe local # 39.06 Go (38.69 Go free) # NTFS
    E:\ -> Disque fixe local # 39.06 Go (25.92 Go free) # NTFS
    F:\ -> Disque fixe local # 36.2 Go (36.13 Go free) # NTFS
    G:\ -> Disque CD-ROM
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque amovible
    K:\ -> Disque amovible
    L:\ -> Disque amovible # 1005.99 Mo (306.75 Mo free) # FAT32
    M:\ -> Disque amovible # 0.98 Mo (0.89 Mo free) # FAT
    N:\ -> Disque amovible # 1007.2 Mo (345.19 Mo free) # FAT
    O:\ -> Disque amovible # 0.98 Mo (0.89 Mo free) # FAT

    ################## | Elements infectieux |

    Supprimé ! C:\Recycler\S-1-5-21-1708537768-220523388-839522115-1003
    Supprimé ! D:\Recycler\S-1-5-21-1708537768-220523388-839522115-1003
    Supprimé ! E:\Recycler\S-1-5-21-1708537768-220523388-839522115-1003
    Supprimé ! F:\Recycler\S-1-5-21-1708537768-220523388-839522115-1003

    ################## | Registre |

    Supprimé ! [HKLM\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
    Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
    Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
    Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"
    Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFolderOptions"
    Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"

    ################## | Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{286ebf07-5985-11de-b2e5-001fe2047f24}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{2fb2465a-8450-11de-b35d-001fe2047f24}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{2fb2465b-8450-11de-b35d-001fe2047f24}\Shell\Auto\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{ca9827f6-d2a9-11de-8be4-001fe2047f24}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{ca9827f7-d2a9-11de-8be4-001fe2047f24}\Shell\AutoRun\Command
    Supprimé ! HKCU\...\Explorer\MountPoints2\{dab0d2e6-5035-11de-b2c2-001fe2047f24}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [03/30/2010 07:54 PM|--a------|2913] C:\Ad-Report-CLEAN[6].txt
    [06/03/2009 08:51 AM|--a------|0] C:\AUTOEXEC.BAT
    [06/23/2009 03:29 PM|---hs----|212] C:\boot.ini
    [09/07/2002 01:00 AM|-rahs----|4952] C:\Bootfont.bin
    [06/03/2009 08:51 AM|--a------|0] C:\CONFIG.SYS
    [?|?|?] C:\hiberfil.sys
    [03/21/2010 05:18 PM|--a------|18842] C:\hpfr3320.log
    [06/03/2009 08:51 AM|-rahs----|0] C:\IO.SYS
    [06/03/2009 08:51 AM|-rahs----|0] C:\MSDOS.SYS
    [08/04/2004 03:38 AM|-rahs----|47564] C:\NTDETECT.COM
    [08/04/2004 03:59 AM|-rahs----|251712] C:\ntldr
    [?|?|?] C:\pagefile.sys
    [04/04/2010 01:55 PM|--a------|3487] C:\UsbFix.txt
    [11/26/2009 02:27 AM|--a------|733204480] L:\Twilight.2.New.Moon.TRUEFRENCH.TS.MD.XviD-BOWSER.avi
    [12/12/2008 10:06 AM|--a------|94208] M:\MLC REL 07-08 A.doc
    [09/07/2009 06:31 PM|--a------|23757] N:\NEMESIS.rar
    [09/03/2009 09:30 AM|--a------|31920464] N:\kis7.0.1.325fr.exe
    [10/02/2009 09:33 PM|--a------|1015392] N:\SetupNokiaMusic.exe
    [06/09/2009 03:06 PM|--a------|1878888] N:\install_flash_player.exe
    [08/31/2009 10:12 AM|--a------|24519152] N:\NokiaSoftwareUpdaterSetup_fr.exe
    [04/04/2010 01:47 PM|--a------|1610] N:\BOOTEX.LOG
    [12/12/2008 10:06 AM|--a------|94208] O:\MLC REL 07-08 A.doc

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    # D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    # E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    # F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    # L:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    # N:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

    ################## | Upload |

    Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_MASSYL.zip : http://chiquitine.changelog.fr/Sample/Upload.php
    Merci pour votre contribution .

    ################## | ! Fin du rapport # UsbFix V6.100 ! |
    a c 302 8 Sécurité
    4 Avril 2010 15:04:02

  • Relance UsbFix et choisis l'option 6 pour le désinstaller.

  • Refais un scan OTL et poste le rapport OTL.
    a c 302 8 Sécurité
    5 Avril 2010 12:47:12

    1/

  • Supprime HostsXpert.

  • Télécharge R-Hosts (de S!ri) sur ton Bureau.
  • Double-clique sur R-Hosts puis clique sur Restaurer, puis OK.


    2/

  • Télécharge SystemLook sur ton Bureau.
  • Double-clique sur SystemLook.exe pour le lancer.
  • Copie-colle le contenu du cadre ci-dessous dans la zone texte de SystemLook :

    :dir
    C:\WINDOWS\System32\714676028

  • Clique sur le bouton Look pour démarrer l'examen.
  • A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.
    Note : Le rapport peut aussi être trouvé sur ton Bureau sous le nom SystemLook.txt
    5 Avril 2010 17:06:43

    Peut tu me passer un autre lien pour R-HOSTS merci.
    a c 302 8 Sécurité
    5 Avril 2010 17:13:23

    Le lien fonctionne très bien.
    5 Avril 2010 17:16:27

    il n'arrive pas a ce connecter d'après firefox .
    6 Avril 2010 09:30:06

    SystemLook v1.0 by jpshortstuff (11.01.10)
    Log created at 08:29 on 06/04/2010 by per (Administrator - Elevation successful)

    No Context: C:\WINDOWS\System32\714676028

    -=End Of File=-
    a c 302 8 Sécurité
    6 Avril 2010 11:58:37

    Tu n'as pas oublié le "dir" ?
    7 Avril 2010 12:08:01

    SystemLook v1.0 by jpshortstuff (11.01.10)
    Log created at 11:07 on 07/04/2010 by per (Administrator - Elevation successful)

    ========== dir ==========

    C:\WINDOWS\System32\714676028 - Parameters: "(none)"

    ---Files---
    None found.

    ---Folders---
    None found.

    -=End Of File=-





    Désolé!!
    a c 302 8 Sécurité
    8 Avril 2010 01:41:56

    Ton PC va bien ?

  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Sous l'onglet Custom Scans/Fixes en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    [2010-03-31 09:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\per\Bureau\HostsXpert
    [2010-03-27 15:58:50 | 000,002,855 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
    2010-03-25 23:38:39 | 000,000,800 | -HS- | C] () -- C:\WINDOWS\System32\1224417291
    [2010-03-25 23:38:36 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\413888603
    [2010-03-25 23:31:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\714676028
    [2010-03-27 15:25:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\CUKLLA
    [2010-03-27 15:17:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\0d3c8ee

    :commands
    [emptytemp]
    [reboot]

  • Puis clique sur le bouton Run Fix en haut de la fenêtre.
  • Laisse le programme travailler, redémarre une fois le fix terminé.
  • Poste le rapport qui s'affichera après redémarrage.
    9 Avril 2010 11:04:35

    Bonjour,


    All processes killed
    ========== OTL ==========
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Folder C:\Documents and Settings\per\Bureau\HostsXpert\ not found.
    C:\WINDOWS\system32\drivers\etc\hosts.msn moved successfully.
    C:\WINDOWS\system32\413888603 moved successfully.
    C:\WINDOWS\System32\714676028 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\CUKLLA folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\0d3c8ee folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes

    User: Administrateur.MASSYL
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: per
    ->Temp folder emptied: 8958985 bytes
    ->Temporary Internet Files folder emptied: 186194 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 67583253 bytes
    ->Flash cache emptied: 5109 bytes

    User: PRZT

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2114937 bytes
    %systemroot%\System32 .tmp files removed: 3590656 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 114688 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13062324 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 15325900 bytes

    Total Files Cleaned = 106.00 mb


    OTL by OldTimer - Version 3.1.37.3 log created on 04092010_100122

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    a c 302 8 Sécurité
    9 Avril 2010 11:08:14

    Comment va le PC ?

  • Refais un scan OTL et poste le rapport OTL.
    9 Avril 2010 11:20:58

    OTL logfile created on: 09-04-2010 10:11:50 - Run 3
    OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\per\Bureau
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00001401 | Country: Algérie | Language: ARG | Date Format: dd-MM-yyyy

    895.00 Mb Total Physical Memory | 300.00 Mb Available Physical Memory | 33.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 39.06 Gb Total Space | 8.88 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
    Drive D: | 39.06 Gb Total Space | 38.70 Gb Free Space | 99.09% Space Free | Partition Type: NTFS
    Drive E: | 39.06 Gb Total Space | 25.92 Gb Free Space | 66.37% Space Free | Partition Type: NTFS
    Drive F: | 36.20 Gb Total Space | 36.13 Gb Free Space | 99.81% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MASSYL
    Current User Name: per
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\per\Bureau\SetupOviPlayer.exe (Nokia)
    PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Documents and Settings\per\Bureau\OTL.exe (OldTimer Tools)
    PRC - C:\Documents and Settings\per\Local Settings\Temp\7zS2.tmp\NokiaInstaller.exe (Nokia)
    PRC - C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe (Nokia)
    PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\per\Bureau\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll (Kaspersky Lab)
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll (Kaspersky Lab)
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
    SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
    DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
    DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
    DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
    DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
    DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
    DRV - (klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
    DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
    DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
    DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
    DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
    DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)
    DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\WINDOWS\system32\drivers\se44unic.sys (MCCI)
    DRV - (se44obex) -- C:\WINDOWS\system32\drivers\se44obex.sys (MCCI)
    DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\WINDOWS\system32\drivers\se44nd5.sys (MCCI)
    DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\se44mgmt.sys (MCCI)
    DRV - (se44mdm) -- C:\WINDOWS\system32\drivers\se44mdm.sys (MCCI)
    DRV - (se44mdfl) -- C:\WINDOWS\system32\drivers\se44mdfl.sys (MCCI)
    DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\WINDOWS\system32\drivers\se44bus.sys (MCCI)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8C 2A 2A 11 99 61 5E 41 92 DF AD 46 48 2D 13 14 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 48
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {579fdf7f-4ec5-438c-9cc6-685c9f83fa3e}:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-04-07 16:09:42 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-04 09:13:38 | 000,000,000 | ---D | M]

    [2009-06-04 08:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Mozilla\Extensions
    [2009-06-04 08:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010-04-09 08:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions
    [2010-02-05 22:51:09 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2009-10-04 17:34:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010-03-29 21:47:55 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{579fdf7f-4ec5-438c-9cc6-685c9f83fa3e}
    [2009-10-17 10:13:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2009-06-04 13:18:20 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\searchplugins\live-search.xml
    [2009-10-13 12:46:04 | 000,002,123 | ---- | M] () -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\searchplugins\MyStart Search.xml
    [2010-03-29 21:49:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010-03-27 15:58:50 | 000,002,855 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getavplusnow.com
    O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
    O1 - Hosts: 74.125.45.100 urs.microsoft.com
    O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
    O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
    O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    O1 - Hosts: 67.212.177.251 www.google.com
    O1 - Hosts: 67.212.177.251 google.com
    O1 - Hosts: 67.212.177.251 google.com.au
    O1 - Hosts: 67.212.177.251 www.google.com.au
    O1 - Hosts: 67.212.177.251 google.be
    O1 - Hosts: 67.212.177.251 www.google.be
    O1 - Hosts: 67.212.177.251 google.com.br
    O1 - Hosts: 67.212.177.251 www.google.com.br
    O1 - Hosts: 67.212.177.251 google.ca
    O1 - Hosts: 38 more lines...
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
    O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe (Nokia)
    O4 - HKLM..\Run: [NokiaMusic FastStart] E:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm ()
    O9 - Extra Button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (Kaspersky Lab)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\per\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\per\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O27 - HKLM IFEO\mrt.exe: Debugger - svchost.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-06-03 08:51:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010-04-09 10:01:22 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010-04-09 09:56:40 | 001,102,624 | ---- | C] (Nokia) -- C:\Documents and Settings\per\Bureau\SetupOviPlayer.exe
    [2010-04-08 14:20:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\per\Recent
    [2010-04-02 13:26:44 | 000,000,000 | ---D | C] -- C:\UsbFix
    [2010-03-31 18:55:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
    [2010-03-30 19:39:45 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\per\Bureau\OTL.exe
    [2010-03-29 20:16:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010-03-29 20:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010-03-29 20:16:06 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010-03-29 20:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010-03-29 20:02:13 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\per\Mes documents\malwarebytes-anti-malware_malwarebytes_anti-malware_1.44_francais_215092.exe
    [2010-03-29 19:07:01 | 000,000,000 | ---D | C] -- C:\Ad-Remover
    [2010-03-25 23:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010-03-25 01:29:24 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
    [2010-03-25 01:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
    [2010-01-30 21:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009-08-27 08:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2009-06-03 08:59:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009-06-03 08:54:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

    ========== Files - Modified Within 30 Days ==========

    [2010-04-09 10:16:11 | 000,969,504 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
    [2010-04-09 10:15:07 | 001,082,912 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
    [2010-04-09 10:14:33 | 000,511,954 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2010-04-09 10:14:33 | 000,443,722 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010-04-09 10:14:33 | 000,085,018 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2010-04-09 10:14:33 | 000,071,684 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010-04-09 10:13:06 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
    [2010-04-09 10:12:32 | 001,128,466 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010-04-09 10:02:53 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2010-04-09 10:02:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010-04-09 10:02:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010-04-09 10:02:48 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
    [2010-04-09 10:02:16 | 000,105,416 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
    [2010-04-09 10:01:52 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\per\NTUSER.DAT
    [2010-04-09 10:01:52 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\per\ntuser.ini
    [2010-04-09 09:57:22 | 001,102,624 | ---- | M] (Nokia) -- C:\Documents and Settings\per\Bureau\SetupOviPlayer.exe
    [2010-04-09 09:02:13 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
    [2010-04-09 07:56:39 | 000,000,035 | ---- | M] () -- C:\WINDOWS\System32\package.lst
    [2010-04-08 17:45:44 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\per\Bureau\Skype.lnk
    [2010-04-07 19:10:52 | 000,285,152 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\dossier_organisateurs.pdf
    [2010-04-05 21:01:05 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\gastrite biliaire post ctc.doc
    [2010-04-05 20:59:27 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\IPP a long terme.doc
    [2010-04-05 20:57:23 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\Kc du rectum.doc
    [2010-04-05 20:55:42 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\GEA.doc
    [2010-04-05 20:54:23 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\per\Bureau\Microsoft Office Word 2003.lnk
    [2010-04-04 13:55:45 | 000,001,907 | ---- | M] () -- C:\UsbFix_Upload_Me_MASSYL.zip
    [2010-04-04 13:47:20 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010-04-04 08:41:22 | 000,033,776 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\ti83p112.sav
    [2010-03-31 19:45:42 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\per\Bureau\WordBiz.lnk
    [2010-03-31 10:31:06 | 003,370,880 | -H-- | M] () -- C:\Documents and Settings\per\Local Settings\Application Data\IconCache.db
    [2010-03-30 19:41:17 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\per\Bureau\OTL.exe
    [2010-03-29 21:54:39 | 000,003,616 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861P.manifest
    [2010-03-29 20:16:14 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010-03-29 20:15:46 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\per\Mes documents\malwarebytes-anti-malware_malwarebytes_anti-malware_1.44_francais_215092.exe
    [2010-03-29 19:16:37 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861C.manifest
    [2010-03-29 19:16:37 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861S.manifest
    [2010-03-29 19:16:37 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861O.manifest
    [2010-03-29 13:43:01 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\CURRICULUM VITAE wassila.doc
    [2010-03-28 15:53:37 | 000,255,714 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\sdf.pdf
    [2010-03-28 15:07:02 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\per\intlname.ols
    [2010-03-27 17:34:19 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\per\Bureau\Counter-Strike 1.6.lnk
    [2010-03-27 15:58:50 | 000,002,855 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010-03-25 23:38:39 | 000,000,800 | -HS- | M] () -- C:\WINDOWS\System32\1224417291
    [2010-03-25 23:31:30 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
    [2010-03-25 20:32:51 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\per\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-03-25 01:28:14 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Nokia Software Updater.lnk
    [2010-03-24 15:30:21 | 000,042,952 | ---- | M] () -- C:\Documents and Settings\per\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010-03-22 21:04:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010-03-19 15:09:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010-03-19 10:38:24 | 000,123,283 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\fighting_spirit.zip
    [2010-03-13 12:53:07 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\Lycée El.doc

    ========== Files Created - No Company Name ==========

    [2010-04-07 19:10:52 | 000,285,152 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\dossier_organisateurs.pdf
    [2010-04-05 21:01:05 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\gastrite biliaire post ctc.doc
    [2010-04-05 20:59:27 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\IPP a long terme.doc
    [2010-04-05 20:57:22 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\Kc du rectum.doc
    [2010-04-05 20:55:42 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\GEA.doc
    [2010-04-04 13:55:45 | 000,001,907 | ---- | C] () -- C:\UsbFix_Upload_Me_MASSYL.zip
    [2010-03-31 19:45:42 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\per\Bureau\WordBiz.lnk
    [2010-03-29 20:16:14 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010-03-29 13:40:12 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\CURRICULUM VITAE wassila.doc
    [2010-03-28 15:53:37 | 000,255,714 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\sdf.pdf
    [2010-03-27 17:34:19 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\per\Bureau\Counter-Strike 1.6.lnk
    [2010-03-27 16:14:49 | 939,053,056 | -HS- | C] () -- C:\hiberfil.sys
    [2010-03-25 23:38:39 | 000,000,800 | -HS- | C] () -- C:\WINDOWS\System32\1224417291
    [2010-03-25 23:31:30 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
    [2010-03-25 23:12:37 | 000,003,616 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861P.manifest
    [2010-03-25 23:12:37 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861C.manifest
    [2010-03-25 23:12:37 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861S.manifest
    [2010-03-25 23:12:37 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861O.manifest
    [2010-03-25 01:28:14 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Nokia Software Updater.lnk
    [2010-03-22 21:04:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010-03-21 19:59:50 | 055,925,993 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\A.flv
    [2010-03-19 10:37:51 | 000,123,283 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\fighting_spirit.zip
    [2010-03-13 12:43:26 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\Lycée El.doc
    [2010-03-13 11:11:36 | 000,002,573 | ---- | C] () -- C:\Documents and Settings\per\Bureau\Microsoft Office Word 2003.lnk
    [2009-10-05 23:36:07 | 001,525,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009-06-15 09:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
    [2009-06-06 21:33:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009-06-05 21:24:32 | 000,000,453 | ---- | C] () -- C:\WINDOWS\QViewer.ini
    [2009-06-05 21:24:03 | 000,000,101 | ---- | C] () -- C:\WINDOWS\DivineIslam.ini
    [2009-06-03 12:59:39 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\per\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009-06-03 10:39:46 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009-06-03 10:39:45 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2009-06-03 10:39:45 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009-06-03 10:39:45 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009-06-03 10:39:44 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2009-06-03 10:39:43 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009-06-03 10:15:43 | 000,092,195 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
    [2009-06-03 10:14:50 | 000,126,895 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
    [2009-06-03 09:14:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2009-06-03 09:06:55 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2003-04-01 09:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2010-03-25 01:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2009-08-31 10:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2009-10-03 02:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
    [2009-12-29 11:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
    [2009-08-26 17:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2009-06-15 09:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
    [2009-09-10 10:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009-11-06 16:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\BitTorrent
    [2010-04-07 10:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\LimeWire
    [2010-01-08 10:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Nokia
    [2009-12-29 12:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Nokia Ovi Suite
    [2010-01-03 11:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Nseries
    [2010-01-02 11:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\PC Suite
    [2009-06-15 09:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Teleca
    [2010-03-27 15:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\uTorrent
    [2010-04-09 10:02:53 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

    ========== Purity Check ==========


    < End of report >
    a c 302 8 Sécurité
    9 Avril 2010 12:02:05

    Je n'arrive pas à te faire restaurer le fichier Hosts.

    Et pour ma question ?
    9 Avril 2010 18:27:15

    Pour l'ordi il va mieux merci plus de bug ,il n'est plus du tout lent,j'avais même un virus qui me disais que j'étais infecté et qui me disais d'installer un anti-virus,il ni y est plus.
    Mais qu'est qu'un fichier Host??
    a c 302 8 Sécurité
    9 Avril 2010 18:30:15

    J'ai une idée.

  • Télécharge Lop S&D (par Eric_71) sur ton Bureau.
  • Puis double-clique sur Lop S&D présent sur ton Bureau.
    (Sous Vista/Win7, il faut cliquer droit sur Lop S&D et choisir Exécuter en tant qu'administrateur)
  • Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
  • Patiente jusqu'à la fin du scan.
  • Poste le rapport généré (C:\lopR.txt).

    9 Avril 2010 18:40:01

    Ok et pour ma question??
    9 Avril 2010 18:48:07

    ok merci voici le rapport :



    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : per ( Administrator )
    BOOT : Normal boot
    Antivirus : CleanUp Antivirus (Activated)
    Firewall : CleanUp Antivirus (Activated)
    C:\ (Local Disk) - NTFS - Total:39 Go (Free:8 Go)
    D:\ (Local Disk) - NTFS - Total:39 Go (Free:38 Go)
    E:\ (Local Disk) - NTFS - Total:39 Go (Free:25 Go)
    F:\ (Local Disk) - NTFS - Total:36 Go (Free:36 Go)
    G:\ (CD or DVD)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)
    K:\ (USB)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( Fri 04/09/2010|17:42 )

    --------------------\\ Listing des dossiers dans APPLIC~1


    [06/03/2009|08:51] C:\DOCUME~1\ADMINI~1.MAS\APPLIC~1\<REP> Microsoft

    [02/20/2010|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Adobe
    [03/25/2010|01:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Installations
    [04/09/2010|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Kaspersky Lab
    [09/03/2009|09:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Kaspersky Lab Setup Files
    [03/29/2010|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Malwarebytes
    [08/26/2009|05:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Microsoft
    [08/31/2009|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Nokia
    [10/03/2009|02:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> NokiaMusic
    [10/17/2009|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> NOS
    [10/05/2009|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Office Genuine Advantage
    [12/29/2009|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> OviInstallerCache
    [08/26/2009|05:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> PC Suite
    [06/08/2009|05:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Skype
    [06/15/2009|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Sony Ericsson
    [06/15/2009|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Teleca
    [07/07/2009|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Windows Genuine Advantage
    [09/10/2009|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> WinZip

    [06/03/2009|08:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<REP> Microsoft

    [06/03/2009|08:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\<REP> Microsoft

    [06/03/2009|08:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\<REP> Microsoft

    [06/06/2009|02:19] C:\DOCUME~1\per\APPLIC~1\<REP> Adobe
    [11/06/2009|04:22] C:\DOCUME~1\per\APPLIC~1\<REP> BitTorrent
    [03/21/2010|06:50] C:\DOCUME~1\per\APPLIC~1\<REP> dvdcss
    [06/14/2009|04:21] C:\DOCUME~1\per\APPLIC~1\<REP> Google
    [06/03/2009|06:36] C:\DOCUME~1\per\APPLIC~1\<REP> Help
    [06/03/2009|09:00] C:\DOCUME~1\per\APPLIC~1\<REP> Identities
    [04/07/2010|10:49] C:\DOCUME~1\per\APPLIC~1\<REP> LimeWire
    [06/03/2009|04:53] C:\DOCUME~1\per\APPLIC~1\<REP> Macromedia
    [06/14/2009|04:47] C:\DOCUME~1\per\APPLIC~1\<REP> Malwarebytes
    [06/06/2009|09:37] C:\DOCUME~1\per\APPLIC~1\<REP> Media Player Classic
    [10/23/2009|09:38] C:\DOCUME~1\per\APPLIC~1\<REP> Microsoft
    [06/03/2009|01:14] C:\DOCUME~1\per\APPLIC~1\<REP> Mozilla
    [01/08/2010|10:16] C:\DOCUME~1\per\APPLIC~1\<REP> Nokia
    [12/29/2009|12:04] C:\DOCUME~1\per\APPLIC~1\<REP> Nokia Ovi Suite
    [01/03/2010|11:46] C:\DOCUME~1\per\APPLIC~1\<REP> Nseries
    [10/05/2009|04:33] C:\DOCUME~1\per\APPLIC~1\<REP> Office Genuine Advantage
    [01/02/2010|11:05] C:\DOCUME~1\per\APPLIC~1\<REP> PC Suite
    [04/08/2010|09:45] C:\DOCUME~1\per\APPLIC~1\<REP> Skype
    [04/08/2010|05:46] C:\DOCUME~1\per\APPLIC~1\<REP> skypePM
    [06/15/2009|09:17] C:\DOCUME~1\per\APPLIC~1\<REP> Sony Ericsson
    [06/03/2009|01:06] C:\DOCUME~1\per\APPLIC~1\<REP> Sun
    [06/15/2009|09:21] C:\DOCUME~1\per\APPLIC~1\<REP> Teleca
    [03/27/2010|03:40] C:\DOCUME~1\per\APPLIC~1\<REP> uTorrent
    [06/30/2009|08:23] C:\DOCUME~1\per\APPLIC~1\<REP> vlc
    [06/04/2009|11:22] C:\DOCUME~1\per\APPLIC~1\<REP> WinRAR


    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [04/09/2010 10:02 AM][--a------] C:\WINDOWS\tasks\OGALogon.job
    [04/09/2010 10:02 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [09/07/2002 01:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [06/03/2009|10:10] C:\Program Files\<REP> Adobe
    [09/09/2009|09:13] C:\Program Files\<REP> Ahead
    [06/03/2009|08:48] C:\Program Files\<REP> ComPlus Applications
    [08/26/2009|04:10] C:\Program Files\<REP> DIFX
    [01/09/2010|09:12] C:\Program Files\<REP> Fichiers communs
    [06/20/2009|05:50] C:\Program Files\<REP> Hewlett-Packard
    [06/20/2009|05:52] C:\Program Files\<REP> hp deskjet 3320 series
    [09/22/2009|01:52] C:\Program Files\<REP> InstallShield Installation Information
    [06/03/2009|09:15] C:\Program Files\<REP> Intel
    [03/31/2010|09:03] C:\Program Files\<REP> Internet Explorer
    [06/03/2009|01:28] C:\Program Files\<REP> Java
    [09/25/2009|03:48] C:\Program Files\<REP> Kaspersky Lab
    [06/03/2009|10:39] C:\Program Files\<REP> K-Lite Codec Pack
    [09/09/2009|02:47] C:\Program Files\<REP> LimeWire
    [03/29/2010|08:16] C:\Program Files\<REP> Malwarebytes' Anti-Malware
    [06/05/2009|09:46] C:\Program Files\<REP> Messenger
    [11/01/2009|03:31] C:\Program Files\<REP> Microsoft
    [06/03/2009|08:51] C:\Program Files\<REP> microsoft frontpage
    [06/08/2009|02:29] C:\Program Files\<REP> Microsoft Office
    [01/31/2010|11:40] C:\Program Files\<REP> Microsoft Silverlight
    [03/19/2010|06:39] C:\Program Files\<REP> Movie Maker
    [03/25/2010|11:31] C:\Program Files\<REP> Mozilla Firefox
    [10/03/2009|02:00] C:\Program Files\<REP> MSBuild
    [06/08/2009|02:29] C:\Program Files\<REP> MSECache
    [06/03/2009|08:48] C:\Program Files\<REP> MSN Gaming Zone
    [08/31/2009|10:12] C:\Program Files\<REP> MSXML 6.0
    [06/03/2009|08:49] C:\Program Files\<REP> NetMeeting
    [03/25/2010|01:28] C:\Program Files\<REP> Nokia
    [06/03/2009|08:48] C:\Program Files\<REP> Online Services
    [08/22/2009|09:11] C:\Program Files\<REP> Outlook Express
    [03/25/2010|01:29] C:\Program Files\<REP> PC Connectivity Solution
    [06/03/2009|09:13] C:\Program Files\<REP> Realtek
    [10/03/2009|02:00] C:\Program Files\<REP> Reference Assemblies
    [06/03/2009|08:50] C:\Program Files\<REP> Services en ligne
    [06/03/2009|10:15] C:\Program Files\<REP> SiS VGA Utilities V3.79
    [06/03/2009|10:15] C:\Program Files\<REP> sisagp
    [06/08/2009|05:30] C:\Program Files\<REP> Skype
    [06/15/2009|09:14] C:\Program Files\<REP> Sony Ericsson
    [02/16/2010|03:34] C:\Program Files\<REP> Traducteur
    [06/03/2009|09:00] C:\Program Files\<REP> Uninstall Information
    [06/04/2009|12:33] C:\Program Files\<REP> Windows Live
    [11/01/2009|03:30] C:\Program Files\<REP> Windows Live SkyDrive
    [08/26/2009|05:09] C:\Program Files\<REP> Windows Media Player
    [06/03/2009|08:48] C:\Program Files\<REP> Windows NT
    [06/03/2009|08:50] C:\Program Files\<REP> WindowsUpdate
    [06/04/2009|07:30] C:\Program Files\<REP> WinRAR
    [06/03/2009|08:51] C:\Program Files\<REP> xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [02/20/2010|03:45] C:\Program Files\Fichiers communs\<REP> Adobe
    [06/03/2009|09:06] C:\Program Files\Fichiers communs\<REP> DESIGNER
    [08/31/2009|10:15] C:\Program Files\Fichiers communs\<REP> InstallShield
    [08/26/2009|05:10] C:\Program Files\Fichiers communs\<REP> Microsoft Shared
    [06/03/2009|08:49] C:\Program Files\Fichiers communs\<REP> MSSoap
    [04/09/2010|10:31] C:\Program Files\Fichiers communs\<REP> Nokia
    [06/03/2009|10:41] C:\Program Files\Fichiers communs\<REP> ODBC
    [06/03/2009|08:49] C:\Program Files\Fichiers communs\<REP> Services
    [06/08/2009|05:30] C:\Program Files\Fichiers communs\<REP> Skype
    [06/15/2009|09:15] C:\Program Files\Fichiers communs\<REP> Sony Ericsson Shared
    [06/03/2009|10:41] C:\Program Files\Fichiers communs\<REP> SpeechEngines
    [06/05/2009|09:45] C:\Program Files\Fichiers communs\<REP> System
    [06/15/2009|09:15] C:\Program Files\Fichiers communs\<REP> Teleca Shared
    [06/04/2009|11:18] C:\Program Files\Fichiers communs\<REP> Windows Live

    --------------------\\ Process

    ( 29 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-09 17:45:53
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    [F:13][D:5]-> C:\DOCUME~1\per\LOCALS~1\Temp
    [F:12][D:0]-> C:\DOCUME~1\per\Cookies
    [F:49][D:4]-> C:\DOCUME~1\per\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - Fri 04/09/2010|17:47 - Option : [1]

    --------------------\\ Fin du rapport a 17:47:25
    a c 302 8 Sécurité
    9 Avril 2010 18:53:23

  • Relance Lop S&D.
    (Sous Vista/Win7, il faut cliquer droit sur Lop S&D et choisir Exécuter en tant qu'administrateur)
  • Choisis cette fois-ci l'option 2 (Suppression).
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt).

    (Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
    9 Avril 2010 19:10:45

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : per ( Administrator )
    BOOT : Normal boot
    Antivirus : CleanUp Antivirus (Activated)
    Firewall : CleanUp Antivirus (Activated)
    C:\ (Local Disk) - NTFS - Total:39 Go (Free:8 Go)
    D:\ (Local Disk) - NTFS - Total:39 Go (Free:38 Go)
    E:\ (Local Disk) - NTFS - Total:39 Go (Free:25 Go)
    F:\ (Local Disk) - NTFS - Total:36 Go (Free:36 Go)
    G:\ (CD or DVD)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)
    K:\ (USB)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [2] ( Fri 04/09/2010|17:58 )


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listing des dossiers dans APPLIC~1


    [06/03/2009|08:51] C:\DOCUME~1\ADMINI~1.MAS\APPLIC~1\<REP> Microsoft

    [02/20/2010|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Adobe
    [03/25/2010|01:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Installations
    [04/09/2010|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Kaspersky Lab
    [09/03/2009|09:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Kaspersky Lab Setup Files
    [03/29/2010|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Malwarebytes
    [08/26/2009|05:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Microsoft
    [08/31/2009|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Nokia
    [10/03/2009|02:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> NokiaMusic
    [10/17/2009|02:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> NOS
    [10/05/2009|04:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Office Genuine Advantage
    [12/29/2009|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> OviInstallerCache
    [08/26/2009|05:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> PC Suite
    [06/08/2009|05:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Skype
    [06/15/2009|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Sony Ericsson
    [06/15/2009|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Teleca
    [07/07/2009|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> Windows Genuine Advantage
    [09/10/2009|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<REP> WinZip

    [06/03/2009|08:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<REP> Microsoft

    [06/03/2009|08:59] C:\DOCUME~1\LOCALS~1\APPLIC~1\<REP> Microsoft

    [06/03/2009|08:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\<REP> Microsoft

    [06/06/2009|02:19] C:\DOCUME~1\per\APPLIC~1\<REP> Adobe
    [11/06/2009|04:22] C:\DOCUME~1\per\APPLIC~1\<REP> BitTorrent
    [03/21/2010|06:50] C:\DOCUME~1\per\APPLIC~1\<REP> dvdcss
    [06/14/2009|04:21] C:\DOCUME~1\per\APPLIC~1\<REP> Google
    [06/03/2009|06:36] C:\DOCUME~1\per\APPLIC~1\<REP> Help
    [06/03/2009|09:00] C:\DOCUME~1\per\APPLIC~1\<REP> Identities
    [04/07/2010|10:49] C:\DOCUME~1\per\APPLIC~1\<REP> LimeWire
    [06/03/2009|04:53] C:\DOCUME~1\per\APPLIC~1\<REP> Macromedia
    [06/14/2009|04:47] C:\DOCUME~1\per\APPLIC~1\<REP> Malwarebytes
    [06/06/2009|09:37] C:\DOCUME~1\per\APPLIC~1\<REP> Media Player Classic
    [10/23/2009|09:38] C:\DOCUME~1\per\APPLIC~1\<REP> Microsoft
    [06/03/2009|01:14] C:\DOCUME~1\per\APPLIC~1\<REP> Mozilla
    [01/08/2010|10:16] C:\DOCUME~1\per\APPLIC~1\<REP> Nokia
    [12/29/2009|12:04] C:\DOCUME~1\per\APPLIC~1\<REP> Nokia Ovi Suite
    [01/03/2010|11:46] C:\DOCUME~1\per\APPLIC~1\<REP> Nseries
    [10/05/2009|04:33] C:\DOCUME~1\per\APPLIC~1\<REP> Office Genuine Advantage
    [01/02/2010|11:05] C:\DOCUME~1\per\APPLIC~1\<REP> PC Suite
    [04/08/2010|09:45] C:\DOCUME~1\per\APPLIC~1\<REP> Skype
    [04/08/2010|05:46] C:\DOCUME~1\per\APPLIC~1\<REP> skypePM
    [06/15/2009|09:17] C:\DOCUME~1\per\APPLIC~1\<REP> Sony Ericsson
    [06/03/2009|01:06] C:\DOCUME~1\per\APPLIC~1\<REP> Sun
    [06/15/2009|09:21] C:\DOCUME~1\per\APPLIC~1\<REP> Teleca
    [03/27/2010|03:40] C:\DOCUME~1\per\APPLIC~1\<REP> uTorrent
    [06/30/2009|08:23] C:\DOCUME~1\per\APPLIC~1\<REP> vlc
    [06/04/2009|11:22] C:\DOCUME~1\per\APPLIC~1\<REP> WinRAR


    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [04/09/2010 10:02 AM][--a------] C:\WINDOWS\tasks\OGALogon.job
    [04/09/2010 10:02 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [09/07/2002 01:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [06/03/2009|10:10] C:\Program Files\<REP> Adobe
    [09/09/2009|09:13] C:\Program Files\<REP> Ahead
    [06/03/2009|08:48] C:\Program Files\<REP> ComPlus Applications
    [08/26/2009|04:10] C:\Program Files\<REP> DIFX
    [01/09/2010|09:12] C:\Program Files\<REP> Fichiers communs
    [06/20/2009|05:50] C:\Program Files\<REP> Hewlett-Packard
    [06/20/2009|05:52] C:\Program Files\<REP> hp deskjet 3320 series
    [09/22/2009|01:52] C:\Program Files\<REP> InstallShield Installation Information
    [06/03/2009|09:15] C:\Program Files\<REP> Intel
    [03/31/2010|09:03] C:\Program Files\<REP> Internet Explorer
    [06/03/2009|01:28] C:\Program Files\<REP> Java
    [09/25/2009|03:48] C:\Program Files\<REP> Kaspersky Lab
    [06/03/2009|10:39] C:\Program Files\<REP> K-Lite Codec Pack
    [09/09/2009|02:47] C:\Program Files\<REP> LimeWire
    [03/29/2010|08:16] C:\Program Files\<REP> Malwarebytes' Anti-Malware
    [06/05/2009|09:46] C:\Program Files\<REP> Messenger
    [11/01/2009|03:31] C:\Program Files\<REP> Microsoft
    [06/03/2009|08:51] C:\Program Files\<REP> microsoft frontpage
    [06/08/2009|02:29] C:\Program Files\<REP> Microsoft Office
    [01/31/2010|11:40] C:\Program Files\<REP> Microsoft Silverlight
    [03/19/2010|06:39] C:\Program Files\<REP> Movie Maker
    [03/25/2010|11:31] C:\Program Files\<REP> Mozilla Firefox
    [10/03/2009|02:00] C:\Program Files\<REP> MSBuild
    [06/08/2009|02:29] C:\Program Files\<REP> MSECache
    [06/03/2009|08:48] C:\Program Files\<REP> MSN Gaming Zone
    [08/31/2009|10:12] C:\Program Files\<REP> MSXML 6.0
    [06/03/2009|08:49] C:\Program Files\<REP> NetMeeting
    [03/25/2010|01:28] C:\Program Files\<REP> Nokia
    [06/03/2009|08:48] C:\Program Files\<REP> Online Services
    [08/22/2009|09:11] C:\Program Files\<REP> Outlook Express
    [03/25/2010|01:29] C:\Program Files\<REP> PC Connectivity Solution
    [06/03/2009|09:13] C:\Program Files\<REP> Realtek
    [10/03/2009|02:00] C:\Program Files\<REP> Reference Assemblies
    [06/03/2009|08:50] C:\Program Files\<REP> Services en ligne
    [06/03/2009|10:15] C:\Program Files\<REP> SiS VGA Utilities V3.79
    [06/03/2009|10:15] C:\Program Files\<REP> sisagp
    [06/08/2009|05:30] C:\Program Files\<REP> Skype
    [06/15/2009|09:14] C:\Program Files\<REP> Sony Ericsson
    [02/16/2010|03:34] C:\Program Files\<REP> Traducteur
    [06/03/2009|09:00] C:\Program Files\<REP> Uninstall Information
    [06/04/2009|12:33] C:\Program Files\<REP> Windows Live
    [11/01/2009|03:30] C:\Program Files\<REP> Windows Live SkyDrive
    [08/26/2009|05:09] C:\Program Files\<REP> Windows Media Player
    [06/03/2009|08:48] C:\Program Files\<REP> Windows NT
    [06/03/2009|08:50] C:\Program Files\<REP> WindowsUpdate
    [06/04/2009|07:30] C:\Program Files\<REP> WinRAR
    [06/03/2009|08:51] C:\Program Files\<REP> xerox

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [02/20/2010|03:45] C:\Program Files\Fichiers communs\<REP> Adobe
    [06/03/2009|09:06] C:\Program Files\Fichiers communs\<REP> DESIGNER
    [08/31/2009|10:15] C:\Program Files\Fichiers communs\<REP> InstallShield
    [08/26/2009|05:10] C:\Program Files\Fichiers communs\<REP> Microsoft Shared
    [06/03/2009|08:49] C:\Program Files\Fichiers communs\<REP> MSSoap
    [04/09/2010|10:31] C:\Program Files\Fichiers communs\<REP> Nokia
    [06/03/2009|10:41] C:\Program Files\Fichiers communs\<REP> ODBC
    [06/03/2009|08:49] C:\Program Files\Fichiers communs\<REP> Services
    [06/08/2009|05:30] C:\Program Files\Fichiers communs\<REP> Skype
    [06/15/2009|09:15] C:\Program Files\Fichiers communs\<REP> Sony Ericsson Shared
    [06/03/2009|10:41] C:\Program Files\Fichiers communs\<REP> SpeechEngines
    [06/05/2009|09:45] C:\Program Files\Fichiers communs\<REP> System
    [06/15/2009|09:15] C:\Program Files\Fichiers communs\<REP> Teleca Shared
    [06/04/2009|11:18] C:\Program Files\Fichiers communs\<REP> Windows Live

    --------------------\\ Process

    ( 28 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-09 18:04:45
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections


    Aucune autre infection trouvée !

    [F:13][D:5]-> C:\DOCUME~1\per\LOCALS~1\Temp
    [F:12][D:0]-> C:\DOCUME~1\per\Cookies
    [F:49][D:4]-> C:\DOCUME~1\per\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - Fri 04/09/2010|17:47 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - Fri 04/09/2010|18:07 - Option : [2]

    --------------------\\ Fin du rapport a 18:07:07
    10 Avril 2010 15:15:48

    Salut,pour mon problème c'est réglé??
    a c 302 8 Sécurité
    10 Avril 2010 15:27:51

  • Refais un scan OTL et poste le rapport OTL.
    10 Avril 2010 15:49:19

    OTL logfile created on: 10-04-2010 14:42:43 - Run 4
    OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\per\Bureau
    Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00001401 | Country: Algérie | Language: ARG | Date Format: dd-MM-yyyy

    895.00 Mb Total Physical Memory | 291.00 Mb Available Physical Memory | 33.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 39.06 Gb Total Space | 8.92 Gb Free Space | 22.84% Space Free | Partition Type: NTFS
    Drive D: | 39.06 Gb Total Space | 38.70 Gb Free Space | 99.08% Space Free | Partition Type: NTFS
    Drive E: | 39.06 Gb Total Space | 25.94 Gb Free Space | 66.41% Space Free | Partition Type: NTFS
    Drive F: | 36.20 Gb Total Space | 36.13 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: MASSYL
    Current User Name: per
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Documents and Settings\per\Bureau\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
    PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\per\Bureau\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll (Kaspersky Lab)
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll (Kaspersky Lab)
    MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
    SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
    DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
    DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
    DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
    DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
    DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
    DRV - (klif) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
    DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
    DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
    DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
    DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
    DRV - (SiSGbeXP) -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys (Silicon Integrated Systems Corp.)
    DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\WINDOWS\system32\drivers\se44unic.sys (MCCI)
    DRV - (se44obex) -- C:\WINDOWS\system32\drivers\se44obex.sys (MCCI)
    DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\WINDOWS\system32\drivers\se44nd5.sys (MCCI)
    DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\se44mgmt.sys (MCCI)
    DRV - (se44mdm) -- C:\WINDOWS\system32\drivers\se44mdm.sys (MCCI)
    DRV - (se44mdfl) -- C:\WINDOWS\system32\drivers\se44mdfl.sys (MCCI)
    DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\WINDOWS\system32\drivers\se44bus.sys (MCCI)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
    DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8C 2A 2A 11 99 61 5E 41 92 DF AD 46 48 2D 13 14 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 48
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {579fdf7f-4ec5-438c-9cc6-685c9f83fa3e}:1.0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-04-07 16:09:42 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-04-04 09:13:38 | 000,000,000 | ---D | M]

    [2009-06-04 08:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Mozilla\Extensions
    [2009-06-04 08:50:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010-04-10 09:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions
    [2010-02-05 22:51:09 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2009-10-04 17:34:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010-03-29 21:47:55 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{579fdf7f-4ec5-438c-9cc6-685c9f83fa3e}
    [2009-10-17 10:13:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2009-06-04 13:18:20 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\searchplugins\live-search.xml
    [2009-10-13 12:46:04 | 000,002,123 | ---- | M] () -- C:\Documents and Settings\per\Application Data\Mozilla\Firefox\Profiles\m3t1atd4.default\searchplugins\MyStart Search.xml
    [2010-03-29 21:49:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010-03-27 15:58:50 | 000,002,855 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 74.125.45.100 4-open-davinci.com
    O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
    O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
    O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
    O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
    O1 - Hosts: 74.125.45.100 www.getavplusnow.com
    O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
    O1 - Hosts: 74.125.45.100 urs.microsoft.com
    O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
    O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
    O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
    O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
    O1 - Hosts: 67.212.177.251 www.google.com
    O1 - Hosts: 67.212.177.251 google.com
    O1 - Hosts: 67.212.177.251 google.com.au
    O1 - Hosts: 67.212.177.251 www.google.com.au
    O1 - Hosts: 67.212.177.251 google.be
    O1 - Hosts: 67.212.177.251 www.google.be
    O1 - Hosts: 67.212.177.251 google.com.br
    O1 - Hosts: 67.212.177.251 www.google.com.br
    O1 - Hosts: 67.212.177.251 google.ca
    O1 - Hosts: 38 more lines...
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm ()
    O9 - Extra Button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (Kaspersky Lab)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/curren... (Reg Error: Key error.)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\per\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\per\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O27 - HKLM IFEO\mrt.exe: Debugger - svchost.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-06-03 08:51:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2009-06-14 16:00:03 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010-04-10 13:42:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\per\Recent
    [2010-04-09 17:41:44 | 000,000,000 | ---D | C] -- C:\Lop SD
    [2010-04-09 10:01:22 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010-04-02 13:26:44 | 000,000,000 | ---D | C] -- C:\UsbFix
    [2010-03-31 18:55:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
    [2010-03-30 19:39:45 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\per\Bureau\OTL.exe
    [2010-03-29 20:16:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010-03-29 20:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010-03-29 20:16:06 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010-03-29 20:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010-03-29 20:02:13 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\per\Mes documents\malwarebytes-anti-malware_malwarebytes_anti-malware_1.44_francais_215092.exe
    [2010-03-29 19:07:01 | 000,000,000 | ---D | C] -- C:\Ad-Remover
    [2010-03-25 23:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010-03-25 01:29:24 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
    [2010-03-25 01:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
    [2010-01-30 21:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009-08-27 08:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2009-06-03 08:59:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2009-06-03 08:54:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

    ========== Files - Modified Within 30 Days ==========

    [2010-04-10 14:47:05 | 000,017,952 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
    [2010-04-10 14:46:38 | 000,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
    [2010-04-10 13:42:18 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2010-04-10 13:42:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010-04-10 13:42:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010-04-10 13:42:14 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
    [2010-04-10 11:32:14 | 001,093,664 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
    [2010-04-10 09:33:29 | 000,210,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010-04-09 21:50:29 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\per\NTUSER.DAT
    [2010-04-09 21:50:29 | 000,106,400 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
    [2010-04-09 21:50:06 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\per\ntuser.ini
    [2010-04-09 21:18:58 | 000,042,952 | ---- | M] () -- C:\Documents and Settings\per\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010-04-09 21:13:26 | 000,052,970 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\attestation_points_snfge.pdf
    [2010-04-09 21:12:15 | 000,044,455 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\attestation_points_fmc.pdf
    [2010-04-09 17:41:22 | 000,501,736 | ---- | M] () -- C:\Documents and Settings\per\Bureau\LopSD.exe
    [2010-04-09 12:01:57 | 000,000,035 | ---- | M] () -- C:\WINDOWS\System32\package.lst
    [2010-04-09 10:49:30 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\per\Bureau\CCleaner.lnk
    [2010-04-09 10:31:37 | 000,511,954 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2010-04-09 10:31:37 | 000,443,722 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010-04-09 10:31:37 | 000,085,018 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2010-04-09 10:31:37 | 000,071,684 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010-04-09 10:30:56 | 001,128,466 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010-04-09 09:02:13 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
    [2010-04-08 17:45:44 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\per\Bureau\Skype.lnk
    [2010-04-07 19:10:52 | 000,285,152 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\dossier_organisateurs.pdf
    [2010-04-05 21:01:05 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\gastrite biliaire post ctc.doc
    [2010-04-05 20:59:27 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\IPP a long terme.doc
    [2010-04-05 20:57:23 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\Kc du rectum.doc
    [2010-04-05 20:55:42 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\GEA.doc
    [2010-04-05 20:54:23 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\per\Bureau\Microsoft Office Word 2003.lnk
    [2010-04-04 13:55:45 | 000,001,907 | ---- | M] () -- C:\UsbFix_Upload_Me_MASSYL.zip
    [2010-04-04 08:41:22 | 000,033,776 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\ti83p112.sav
    [2010-03-31 19:45:42 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\per\Bureau\WordBiz.lnk
    [2010-03-31 10:31:06 | 003,370,880 | -H-- | M] () -- C:\Documents and Settings\per\Local Settings\Application Data\IconCache.db
    [2010-03-30 19:41:17 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\per\Bureau\OTL.exe
    [2010-03-29 21:54:39 | 000,003,616 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861P.manifest
    [2010-03-29 20:16:14 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010-03-29 20:15:46 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\per\Mes documents\malwarebytes-anti-malware_malwarebytes_anti-malware_1.44_francais_215092.exe
    [2010-03-29 19:16:37 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861C.manifest
    [2010-03-29 19:16:37 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861S.manifest
    [2010-03-29 19:16:37 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861O.manifest
    [2010-03-29 13:43:01 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\CURRICULUM VITAE wassila.doc
    [2010-03-28 15:53:37 | 000,255,714 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\sdf.pdf
    [2010-03-28 15:07:02 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\per\intlname.ols
    [2010-03-27 17:34:19 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\per\Bureau\Counter-Strike 1.6.lnk
    [2010-03-27 15:58:50 | 000,002,855 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010-03-25 23:38:39 | 000,000,800 | -HS- | M] () -- C:\WINDOWS\System32\1224417291
    [2010-03-25 23:31:30 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
    [2010-03-25 20:32:51 | 000,070,656 | ---- | M] () -- C:\Documents and Settings\per\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010-03-25 01:28:14 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Nokia Software Updater.lnk
    [2010-03-22 21:04:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010-03-19 15:09:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010-03-19 10:38:24 | 000,123,283 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\fighting_spirit.zip
    [2010-03-13 12:53:07 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\per\Mes documents\Lycée El.doc

    ========== Files Created - No Company Name ==========

    [2010-04-09 21:14:32 | 000,044,455 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\attestation_points_fmc.pdf
    [2010-04-09 21:14:03 | 000,052,970 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\attestation_points_snfge.pdf
    [2010-04-09 17:39:36 | 000,501,736 | ---- | C] () -- C:\Documents and Settings\per\Bureau\LopSD.exe
    [2010-04-07 19:10:52 | 000,285,152 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\dossier_organisateurs.pdf
    [2010-04-05 21:01:05 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\gastrite biliaire post ctc.doc
    [2010-04-05 20:59:27 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\IPP a long terme.doc
    [2010-04-05 20:57:22 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\Kc du rectum.doc
    [2010-04-05 20:55:42 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\GEA.doc
    [2010-04-04 13:55:45 | 000,001,907 | ---- | C] () -- C:\UsbFix_Upload_Me_MASSYL.zip
    [2010-03-31 19:45:42 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\per\Bureau\WordBiz.lnk
    [2010-03-29 20:16:14 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
    [2010-03-29 13:40:12 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\CURRICULUM VITAE wassila.doc
    [2010-03-28 15:53:37 | 000,255,714 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\sdf.pdf
    [2010-03-27 17:34:19 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\per\Bureau\Counter-Strike 1.6.lnk
    [2010-03-27 16:14:49 | 939,053,056 | -HS- | C] () -- C:\hiberfil.sys
    [2010-03-25 23:38:39 | 000,000,800 | -HS- | C] () -- C:\WINDOWS\System32\1224417291
    [2010-03-25 23:31:30 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
    [2010-03-25 23:12:37 | 000,003,616 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861P.manifest
    [2010-03-25 23:12:37 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861C.manifest
    [2010-03-25 23:12:37 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861S.manifest
    [2010-03-25 23:12:37 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\per\Application Data\02000000ade0626b861O.manifest
    [2010-03-25 01:28:14 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Nokia Software Updater.lnk
    [2010-03-22 21:04:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010-03-21 19:59:50 | 055,925,993 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\A.flv
    [2010-03-19 10:37:51 | 000,123,283 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\fighting_spirit.zip
    [2010-03-13 12:43:26 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\per\Mes documents\Lycée El.doc
    [2010-03-13 11:11:36 | 000,002,573 | ---- | C] () -- C:\Documents and Settings\per\Bureau\Microsoft Office Word 2003.lnk
    [2009-10-05 23:36:07 | 001,632,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009-06-15 09:39:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
    [2009-06-06 21:33:26 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009-06-05 21:24:32 | 000,000,453 | ---- | C] () -- C:\WINDOWS\QViewer.ini
    [2009-06-05 21:24:03 | 000,000,101 | ---- | C] () -- C:\WINDOWS\DivineIslam.ini
    [2009-06-03 12:59:39 | 000,070,656 | ---- | C] () -- C:\Documents and Settings\per\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009-06-03 10:39:46 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009-06-03 10:39:45 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2009-06-03 10:39:45 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009-06-03 10:39:45 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009-06-03 10:39:44 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2009-06-03 10:39:43 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009-06-03 10:15:43 | 000,092,195 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
    [2009-06-03 10:14:50 | 000,126,895 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
    [2009-06-03 09:14:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2009-06-03 09:06:55 | 000,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2003-04-01 09:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2010-03-25 01:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2009-08-31 10:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2009-10-03 02:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
    [2009-12-29 11:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
    [2009-08-26 17:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2009-06-15 09:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
    [2009-09-10 10:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2009-11-06 16:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\BitTorrent
    [2010-04-10 14:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\LimeWire
    [2010-01-08 10:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Nokia
    [2009-12-29 12:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Nokia Ovi Suite
    [2010-01-03 11:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Nseries
    [2010-01-02 11:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\PC Suite
    [2009-06-15 09:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\Teleca
    [2010-03-27 15:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\per\Application Data\uTorrent
    [2010-04-10 13:42:18 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

    ========== Purity Check ==========


    < End of report >
    a c 302 8 Sécurité
    10 Avril 2010 20:49:30

    1/

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo! Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    --> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Ajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS