System defender et Security tool

Marvinxxp6 Messages postés 15 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

Voila je vous expose mon problème :

Hier soir avant d'aller me coucher j'ai attraper un virus (pas celui H1N1 ^^ )
Il m'ouvre des fenêtres comme un antivirus mais sa n'en n'est pas un, et il fait semblent d'agir pareil, je n'avé pas d'antivirus installer et le centre de sécurité windows m'en trouve un.

J'ai parcouru un bon nombres de forums, j'ai essaye plusieurs méthodes :

- J'ai d'abord était modifier un fichier dans le system32 puis remplacer son nom par iexplorer afin d'avoir acces aux processus en contournant le virus, j'ai arreter le processus avec une série de chiffres.exe
- Arreter tous les processus Svchost.exe (lors d'une des fermeture un ancien Worm est venu refaire son apparition "L'arret du systeme" ou il faut changer la date pour que le pc ne reboot pas)
- Supprimer des dossier avec cette meme série de chiffres
- Exécuter des commandes diverses qui ne veuent pas se lancer car le virus les bloques
- Démarer en mode sans echec ne fonctionne pas...
- Installer Combofix sur le site de l'éditeur qui lors de l'installation me met un drole de message d'erreur...
- Telécharger Mallaware qui est payant 6euros par sms ( mais pas envie de mettre 6euros dans le vent sans certitude)

Mais je ne parvient toujours pas a le supprimer et je n'est pas envie de car j'ai pas mal de données(je savais que j'aurais dut faire des sauvegardes)

Je suis sous WindowsXp .

Merci d'avance pour vos réponses
A voir également:

19 réponses

Réponse 1 / 19
Utilisateur anonyme
 
Salut,

Faut éviter de manipuler COMBOFIX sans l'avis d'un Helper ;)

▶ Télécharge ZHPDiag (de Nicolas Coolman)

ou :ZHPDiag

Enregistre le sur ton Bureau.

Une fois le téléchargement achevé,

▶ lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.

▶ Clique sur la clé à molette puis sur Tous pour cocher toutes les cases des options.

▶ Clique sur la loupe pour lancer l'analyse.

A la fin de l'analyse,

▶ clique sur l'appareil photo et enregistre le rapport sur ton Bureau.

Pour me le transmettre clique sur ce lien :

http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.
0
Réponse 2 / 19
Marvinxxp6 Messages postés 15 Statut Membre
 
Bonsoir,

Merci pour ta réponse aussi rapide clair et précise.

J'ai eut énormément de difficulter a acceder a mon bureau car j'ai oublier de préciser dans mon premier message que mon bureau était devenu vierge (plus aucun icones) j'avais juste acces au menu démarer.

Mais aprés quelques manipulations et bidouillages c'est bon :)

J'ai oublier aussi de préciser que j'avais un version d'évaluation "périmée de puis un bout de temps" de Avast donc plus en fonctionnement

Par contre plus moyen d'avoir acces a internet de mon PC j'ai donc copier le rapport sur clé USB puis je l'est uploader sur "Cijoint".

Je te de donne le lien : http://www.cijoint.fr/cjlink.php?file=cj200911/cijLv6M5fP.txt

Merci encore ;)
0
Réponse 3 / 19
Utilisateur anonyme
 
Suit bien =))

Télécharge Navilog1 depuis-ce lien

▶ Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
▶ Ensuite double clique sur navilog1.exe pour lancer l'installation.

Une fois l'installation terminée, le fix s'exécutera automatiquement.

▶ Au menu principal, Fais le choix 1 >> Recherche / suppression automatique

Patiente jusqu'au message :
*** Analyse Termine le ..... ***

>>>>> Le fix peut durer une dizaine de minutes ;)

▶ Appuie sur une touche le bloc note va s'ouvrir.

▶ Copie-colle le rapport ici.

------------------------------------------


Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



▶ Télécharge :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)



--> Prochaine réponse 2 rapports ;))
0
Réponse 4 / 19
Marvinxxp6 Messages postés 15 Statut Membre
 
Salut,

Merci encore ;)

Malware est en cours d'anlyse mais comme dit un peu plus haut mon Pc ne veut plus se connecter a Internet je suis donc sur mon pc portable. Je n'est don pas réussis a effectuer la Maj de Malware il me met un message d'erreur lorsque je veut la faire. J'ai été fair un tour dans mes connexions réseau et la elle a disparue surment a cause du virus.

J'ai 2 disques dur a analysés sa risque de prendre tu temps ^^

Je te tiens rapidement informer

Ty
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
Marvinxxp6 Messages postés 15 Statut Membre
 
Rapport avec NAVILOG


USER : marvin ( Administrator )







Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


C:\WINDOWS\prefetch\GAMEOVERLAYUI.EXE-0E5CDE47.pf supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\marvin\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok




*** Scan terminé 12/11/2009 14:18:18,64 ***
0
Réponse 6 / 19
Marvinxxp6 Messages postés 15 Statut Membre
 
Rapport Malware


Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 2

12/11/2009 15:16:47
mbam-log-2009-11-12 (15-16-47).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 243766
Temps écoulé: 45 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 739
Valeur(s) du Registre infectée(s): 18
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\protect (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reader_s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agentsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-Trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiVirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiVirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoTrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantiVirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hackTracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_
0
Réponse 7 / 19
Utilisateur anonyme
 
Vide la quarantaine de Malwarebyte's

- > Onglet quarantaine, supprimer tout.

▶ Télécharge et install UsbFix par Chiquitine29

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau .

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 8 / 19
Marvinxxp6 Messages postés 15 Statut Membre
 
Je ne savais pas que j'avais autant de crack sur mon pc :)




############################## | UsbFix V6.058 |

User : marvin () # MARVIN-1735C958
Update on 26/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 17:24:46 | 13/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com



Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled



############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 588
C:\WINDOWS\system32\csrss.exe 656
C:\WINDOWS\system32\winlogon.exe 680
C:\WINDOWS\system32\services.exe 728
C:\WINDOWS\system32\lsass.exe 744
C:\WINDOWS\system32\FastNetSrv.exe 1556
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe 1652
C:\Program Files\Java\jre6\bin\jqs.exe 1724
C:\WINDOWS\system32\svchost.exe 1816
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe 1844
C:\WINDOWS\system32\PnkBstrA.exe 1908
C:\WINDOWS\system32\PnkBstrB.exe 1992
c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe 144
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe 248
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe 288
C:\WINDOWS\system32\svchost.exe 1128
C:\WINDOWS\system32\wbem\wmiapsrv.exe 1340
C:\WINDOWS\System32\svchost.exe 1612
C:\WINDOWS\Explorer.EXE 352
C:\Documents and Settings\All Users\Application Data\f4750aa\WSf475.exe 920
C:\WINDOWS\system32\RUNDLL32.EXE 940
C:\Program Files\DAP\DAP.EXE 576
C:\Documents and Settings\marvin\Application Data\System\lsass.exe 268
C:\Program Files\WinZip\WZQKPICK.EXE 1160
C:\Documents and Settings\marvin\Menu Démarrer\Programmes\Démarrage\ctfmon.exe 1308
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe 1532

################## | Fichiers # Dossiers infectieux |

C:\DOCUME~1\marvin\MENUDM~1\PROGRA~1\DMARRA~1\ctfmon.exe
C:\autorun.inf
D:\autorun.inf
D:\Recycled\ctfmon.exe
E:\autorun.inf
E:\Recycled\ctfmon.exe
F:\autorun.inf
F:\Recycled\ctfmon.exe

################## | Registre # Clés infectieuses |

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe]

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{138779e0-09e5-11de-85f4-001bfc2fdfb7}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command =H:\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{138779e1-09e5-11de-85f4-001bfc2fdfb7}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command =I:\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{42ec8268-687f-11de-8667-001bfc2fdfb7}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command =H:\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{7ed35d22-f61c-11dd-85e2-001bfc2fdfb7}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command =H:\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{83280490-a05f-11de-86da-001bfc2fdfb7}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command =H:\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{ce1a24de-61c8-11dd-94aa-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\Recycled\ctfmon.exe
Shell\Open(&O)\command =C:\Recycled\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{d080c4db-d2c8-11dd-85b0-001bfc2fdfb7}
Shell\AutoRun\command =I:\InstallTomTomHOME.exe

HKCU\..\..\Explorer\MountPoints2\{d42c0e3c-d2ea-11de-8755-001bfc2fdfb7}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command =F:\Recycled\ctfmon.exe

################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\marvin\Bureau\crack\WGASetup.exe"
30/01/2009 00:00 |Size 58368 |Crc32 03147182 |Md5 6d86fcb98e276f9daa943cb5d6af4c07

"C:\Documents and Settings\marvin\Bureau\crack\WgaTray.exe"
30/01/2009 00:00 |Size 343040 |Crc32 29679ade |Md5 0807b34ab0d379b16aa47ca7992d3439

"C:\Program Files\eMule\Incoming\Call.Of.Duty.World.At.War.Keygen-RazorDOX\rzr-c5kg.exe"
08/11/2008 03:09 |Size 118784 |Crc32 ce9fa891 |Md5 2f032b001524f77fb9f8f4b22a0f624d

"D:\Program Files\eMule\Incoming\CorelDRAW.Graphics.Suite.X4.v14.0.0.567.Keymaker.Only-CORE\keygen.exe"
07/02/2008 14:34 |Size 157696 |Crc32 d7575c43 |Md5 54266746d72d2045d9eb81c027aea525

"E:\coreldraw x4\CorelDRAW.Graphics.Suite.X4.v14.0.0.567.Keymaker.Only-CORE\keygen.exe"
07/02/2008 14:34 |Size 157696 |Crc32 b83a674a |Md5 7565dec2862b78994ca962ca679dd45d

"D:\Documents and Settings\marvin\Shared\CorelDRAW Graphics Suite X4 Crack.zip"
-> Contain : Setup.exe 282628 DFLT-N 59% 115725 01-10-2007 13:15:16 a2ec1fce

"D:\WINDOWS\Fonts\'\Adobe Dream Weaver CS3 Keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Advanced Serial Port Terminal 5.5.22.271.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\ALL Xilisoft Products Keygen v 1.00.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Altdo All Products Universal Keygen v1.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Bill Serial Port Monitor 3.0T.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Bioshock DVD iSO Working Crack-Darkcoder.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\BlueSprite Products Multikeygen v1.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Clock Tray Skins v4.0 WinALL Cracked.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Cracked -- Live At Vicar Street - Tommy Tiernan DVDRip Xvid.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Crackheads Gone Wild 2006 DVDRip XViD-BELiEVERS.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Crackheads Gone Wild DVDRip Xvid.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\CrackLock 3.8.1.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\CrackServer v1.07 WinMacLinux.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Date Cracker 2000.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\DPlot 2.1.4.9 Crack.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\EA Games Multi Keygen 2.1.0.103.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Eberhard Werner All Products Universal Keygen v1.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Eltima Advanced Serial Port Terminal v5.0.4.66.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Eltima Serial Port Monitor v3.0.0.101.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Ionworx SerialShield SDK v1.9.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Jethro Back Of Beyond 2007 DVDRip XviD-Crackpots.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Jim Davidson Live In Your Face Dvdrip XviD-CrackPots.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Marx Bros. - Animal Crackers 1930 DVDRip Divx.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Marx Brothers - Animal Crackers DVDRip Xvid.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Master Numerology v1.0 WinALL Cracked PROPER.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Maxon Cinema 4D 10.111 keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\New Winrar 3.71 with keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\PC Icon Converter Plus v4.1 Keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\PDF.Password.Cracker.Pro.v3.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\RAR Password Cracker 4.00.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\RAR Password Cracker 4.12 Retail.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Rar Password Cracker 4.12.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\RAR Password Cracker v4.00.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\RAR Password Cracker v4.12.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\River Past All Products Universal Keygen v1.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Run Fat Boy Run DVDRip XviD-Crackpots.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Safecracker iSO.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Safecracker-Unleashed iSO.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Safecracker.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Serial Mom 1994 DVDRip Divx.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Serial Port Monitor 4.0.2.274.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Serial Splitter 3.5.2.81.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Serials 2000 7.1.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Shared Serial Ports 2.0.80.880.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Smart Serial Mail v3.3.1 Retail.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\SmartSerialMail v4.22.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Spyware Doctor 5.0.1.200 KEYGEN.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\TOCA Race driver 3 NoDVD Crack.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Tom And Jerry A Nutcracker Tale FS DVDrip XviD-CH.W.D.F.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\TuneUp Utilities 2008 7.0.8002 incl. Serial.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Turbo ZIP Cracker v1.3.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Turbo ZIP Cracker v1.4.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Ultimate Zip Cracker 7.3.2.3.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Ultimate ZIP Cracker v7.3.1.5.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Ultimate ZIP Cracker v7.3.1.7.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Virtual Serial Port Driver 6.0.1.115.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Windows Keygen Pack 2008 AIO.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\WinMount 2.2.2 Cracked.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Witcobber Products 5 in 1 Multi Keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"C:\Program Files\eMule\Incoming\Call.Of.Duty.World.At.War.Keygen-RazorDOX.rar"
-> contain : rzr-c5kg.exe

"D:\Program Files\eMule\Incoming\Coreldraw Graphics Suite x4 14.0 Keygen.rar"
-> contain : keygen.exe

"D:\Program Files\eMule\Incoming\Steinberg.Cubase.SX4.0.1.305.Crack.by.H2O.rar"
-> contain : Steindberg.Cubase.SX4.0.1.305(ActivationCrack).exe


################## | ! Fin du rapport # UsbFix V6.058 ! |
0
Réponse 9 / 19
Marvinxxp6 Messages postés 15 Statut Membre
 
En tous cas merci encore.
0
Réponse 10 / 19
Utilisateur anonyme
 
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

▶ Ton bureau disparaitra et le pc redémarrera .

▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 11 / 19
Marvinxxp6 Messages postés 15 Statut Membre
 
Salut,


############################## | UsbFix V6.058 |

User : marvin () # MARVIN-1735C958
Update on 26/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 17:24:46 | 13/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com



Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled



############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 588
C:\WINDOWS\system32\csrss.exe 656
C:\WINDOWS\system32\winlogon.exe 680
C:\WINDOWS\system32\services.exe 728
C:\WINDOWS\system32\lsass.exe 744
C:\WINDOWS\system32\FastNetSrv.exe 1556
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe 1652
C:\Program Files\Java\jre6\bin\jqs.exe 1724
C:\WINDOWS\system32\svchost.exe 1816
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe 1844
C:\WINDOWS\system32\PnkBstrA.exe 1908
C:\WINDOWS\system32\PnkBstrB.exe 1992
c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe 144
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe 248
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe 288
C:\WINDOWS\system32\svchost.exe 1128
C:\WINDOWS\system32\wbem\wmiapsrv.exe 1340
C:\WINDOWS\System32\svchost.exe 1612
C:\WINDOWS\Explorer.EXE 352
C:\Documents and Settings\All Users\Application Data\f4750aa\WSf475.exe 920
C:\WINDOWS\system32\RUNDLL32.EXE 940
C:\Program Files\DAP\DAP.EXE 576
C:\Documents and Settings\marvin\Application Data\System\lsass.exe 268
C:\Program Files\WinZip\WZQKPICK.EXE 1160
C:\Documents and Settings\marvin\Menu Démarrer\Programmes\Démarrage\ctfmon.exe 1308
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe 1532

################## | Fichiers # Dossiers infectieux |

C:\DOCUME~1\marvin\MENUDM~1\PROGRA~1\DMARRA~1\ctfmon.exe
C:\autorun.inf
D:\autorun.inf
D:\Recycled\ctfmon.exe
E:\autorun.inf
E:\Recycled\ctfmon.exe
F:\autorun.inf
F:\Recycled\ctfmon.exe

################## | Registre # Clés infectieuses |

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe]

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{138779e0-09e5-11de-85f4-001bfc2fdfb7}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command =H:\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{138779e1-09e5-11de-85f4-001bfc2fdfb7}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command =I:\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{42ec8268-687f-11de-8667-001bfc2fdfb7}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command =H:\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{7ed35d22-f61c-11dd-85e2-001bfc2fdfb7}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command =H:\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{83280490-a05f-11de-86da-001bfc2fdfb7}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command =H:\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{ce1a24de-61c8-11dd-94aa-806d6172696f}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\Recycled\ctfmon.exe
Shell\Open(&O)\command =C:\Recycled\Recycled\ctfmon.exe

HKCU\..\..\Explorer\MountPoints2\{d080c4db-d2c8-11dd-85b0-001bfc2fdfb7}
Shell\AutoRun\command =I:\InstallTomTomHOME.exe

HKCU\..\..\Explorer\MountPoints2\{d42c0e3c-d2ea-11de-8755-001bfc2fdfb7}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Shell\Open(&0)\command =F:\Recycled\ctfmon.exe

################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\marvin\Bureau\crack\WGASetup.exe"
30/01/2009 00:00 |Size 58368 |Crc32 03147182 |Md5 6d86fcb98e276f9daa943cb5d6af4c07

"C:\Documents and Settings\marvin\Bureau\crack\WgaTray.exe"
30/01/2009 00:00 |Size 343040 |Crc32 29679ade |Md5 0807b34ab0d379b16aa47ca7992d3439

"C:\Program Files\eMule\Incoming\Call.Of.Duty.World.At.War.Keygen-RazorDOX\rzr-c5kg.exe"
08/11/2008 03:09 |Size 118784 |Crc32 ce9fa891 |Md5 2f032b001524f77fb9f8f4b22a0f624d

"D:\Program Files\eMule\Incoming\CorelDRAW.Graphics.Suite.X4.v14.0.0.567.Keymaker.Only-CORE\keygen.exe"
07/02/2008 14:34 |Size 157696 |Crc32 d7575c43 |Md5 54266746d72d2045d9eb81c027aea525

"E:\coreldraw x4\CorelDRAW.Graphics.Suite.X4.v14.0.0.567.Keymaker.Only-CORE\keygen.exe"
07/02/2008 14:34 |Size 157696 |Crc32 b83a674a |Md5 7565dec2862b78994ca962ca679dd45d

"D:\Documents and Settings\marvin\Shared\CorelDRAW Graphics Suite X4 Crack.zip"
-> Contain : Setup.exe 282628 DFLT-N 59% 115725 01-10-2007 13:15:16 a2ec1fce

"D:\WINDOWS\Fonts\'\Adobe Dream Weaver CS3 Keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Advanced Serial Port Terminal 5.5.22.271.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\ALL Xilisoft Products Keygen v 1.00.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Altdo All Products Universal Keygen v1.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Bill Serial Port Monitor 3.0T.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Bioshock DVD iSO Working Crack-Darkcoder.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\BlueSprite Products Multikeygen v1.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Clock Tray Skins v4.0 WinALL Cracked.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Cracked -- Live At Vicar Street - Tommy Tiernan DVDRip Xvid.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Crackheads Gone Wild 2006 DVDRip XViD-BELiEVERS.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Crackheads Gone Wild DVDRip Xvid.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\CrackLock 3.8.1.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\CrackServer v1.07 WinMacLinux.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Date Cracker 2000.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\DPlot 2.1.4.9 Crack.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\EA Games Multi Keygen 2.1.0.103.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Eberhard Werner All Products Universal Keygen v1.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Eltima Advanced Serial Port Terminal v5.0.4.66.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Eltima Serial Port Monitor v3.0.0.101.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Ionworx SerialShield SDK v1.9.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Jethro Back Of Beyond 2007 DVDRip XviD-Crackpots.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Jim Davidson Live In Your Face Dvdrip XviD-CrackPots.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Marx Bros. - Animal Crackers 1930 DVDRip Divx.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Marx Brothers - Animal Crackers DVDRip Xvid.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Master Numerology v1.0 WinALL Cracked PROPER.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Maxon Cinema 4D 10.111 keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\New Winrar 3.71 with keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\PC Icon Converter Plus v4.1 Keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\PDF.Password.Cracker.Pro.v3.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\RAR Password Cracker 4.00.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\RAR Password Cracker 4.12 Retail.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Rar Password Cracker 4.12.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\RAR Password Cracker v4.00.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\RAR Password Cracker v4.12.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\River Past All Products Universal Keygen v1.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Run Fat Boy Run DVDRip XviD-Crackpots.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Safecracker iSO.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Safecracker-Unleashed iSO.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Safecracker.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Serial Mom 1994 DVDRip Divx.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Serial Port Monitor 4.0.2.274.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Serial Splitter 3.5.2.81.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Serials 2000 7.1.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Shared Serial Ports 2.0.80.880.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Smart Serial Mail v3.3.1 Retail.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\SmartSerialMail v4.22.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Spyware Doctor 5.0.1.200 KEYGEN.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\TOCA Race driver 3 NoDVD Crack.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Tom And Jerry A Nutcracker Tale FS DVDrip XviD-CH.W.D.F.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\TuneUp Utilities 2008 7.0.8002 incl. Serial.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Turbo ZIP Cracker v1.3.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Turbo ZIP Cracker v1.4.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Ultimate Zip Cracker 7.3.2.3.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Ultimate ZIP Cracker v7.3.1.5.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Ultimate ZIP Cracker v7.3.1.7.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Virtual Serial Port Driver 6.0.1.115.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Windows Keygen Pack 2008 AIO.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\WinMount 2.2.2 Cracked.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Witcobber Products 5 in 1 Multi Keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"C:\Program Files\eMule\Incoming\Call.Of.Duty.World.At.War.Keygen-RazorDOX.rar"
-> contain : rzr-c5kg.exe

"D:\Program Files\eMule\Incoming\Coreldraw Graphics Suite x4 14.0 Keygen.rar"
-> contain : keygen.exe

"D:\Program Files\eMule\Incoming\Steinberg.Cubase.SX4.0.1.305.Crack.by.H2O.rar"
-> contain : Steindberg.Cubase.SX4.0.1.305(ActivationCrack).exe


################## | ! Fin du rapport # UsbFix V6.058 ! |
0
Réponse 12 / 19
Utilisateur anonyme
 
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

▶ Ton bureau disparaitra et le pc redémarrera .

▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 13 / 19
Marvinxxp6 Messages postés 15 Statut Membre
 
a oui me suis trompé de rapport
0
Réponse 14 / 19
Marvinxxp6 Messages postés 15 Statut Membre
 
############################## | UsbFix V6.058 |

User : marvin () # MARVIN-1735C958
Update on 26/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 18:26:06 | 14/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com



Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled



############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 588
C:\WINDOWS\system32\csrss.exe 644
C:\WINDOWS\system32\winlogon.exe 668
C:\WINDOWS\system32\services.exe 716
C:\WINDOWS\system32\lsass.exe 732
C:\WINDOWS\system32\FastNetSrv.exe 1552
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe 1608
C:\Program Files\Java\jre6\bin\jqs.exe 1716
C:\WINDOWS\system32\svchost.exe 1808
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe 1832
C:\WINDOWS\system32\PnkBstrA.exe 1864
C:\WINDOWS\system32\PnkBstrB.exe 1988
c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe 2040
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe 260
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe 620
C:\WINDOWS\system32\svchost.exe 1060
C:\WINDOWS\system32\wbem\wmiapsrv.exe 1196
C:\WINDOWS\System32\svchost.exe 1668
C:\WINDOWS\system32\userinit.exe 1700
C:\WINDOWS\Explorer.EXE 340

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\DOCUME~1\marvin\MENUDM~1\PROGRA~1\DMARRA~1\ctfmon.exe
C:\autorun.inf -> fichier appelé : "C:\Recycled\Recycled\ctfmon.exe" ( Présent ! )
Supprimé ! C:\Recycled\Recycled\ctfmon.exe
Supprimé ! C:\autorun.inf
D:\autorun.inf -> fichier appelé : "D:\Recycled\ctfmon.exe" ( Présent ! )
Supprimé ! D:\Recycled\ctfmon.exe
Supprimé ! D:\autorun.inf
E:\autorun.inf -> fichier appelé : "E:\Recycled\ctfmon.exe" ( Présent ! )
Supprimé ! E:\Recycled\ctfmon.exe
Supprimé ! E:\autorun.inf
F:\autorun.inf -> fichier appelé : "F:\Recycled\ctfmon.exe" ( Présent ! )
Supprimé ! F:\Recycled\ctfmon.exe
Supprimé ! F:\autorun.inf

################## | Registre # Clés infectieuses |

Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe]

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\C\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\D\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\E\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{138779e0-09e5-11de-85f4-001bfc2fdfb7}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{138779e1-09e5-11de-85f4-001bfc2fdfb7}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{42ec8268-687f-11de-8667-001bfc2fdfb7}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{7ed35d22-f61c-11dd-85e2-001bfc2fdfb7}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{83280490-a05f-11de-86da-001bfc2fdfb7}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{ce1a24de-61c8-11dd-94aa-806d6172696f}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d080c4db-d2c8-11dd-85b0-001bfc2fdfb7}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d42c0e3c-d2ea-11de-8755-001bfc2fdfb7}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[04/08/2008 10:53|--a------|1024] C:\.rnd
[04/08/2008 10:02|--a------|0] C:\AUTOEXEC.BAT
[13/11/2009 18:31|-r-hs----|224] C:\boot.ini
[07/09/2002 01:00|-rahs----|4952] C:\Bootfont.bin
[12/11/2009 14:18|--a------|871] C:\cleannavi.txt
[04/08/2008 10:02|--a------|0] C:\CONFIG.SYS
[26/11/2009 22:45|--a------|10] C:\confin.sys
[11/04/2006 01:32|--a------|51] C:\delnis.bat
[04/08/2008 10:02|-rahs----|0] C:\IO.SYS
[04/08/2008 10:02|-rahs----|0] C:\MSDOS.SYS
[03/08/2004 21:38|-rahs----|47564] C:\NTDETECT.COM
[03/08/2004 21:59|-rahs----|251712] C:\ntldr
[29/02/2004 16:44|--a------|52576] C:\orange.bmp
[12/10/2009 05:31|--a------|304160] C:\PA207.DAT
[?|?|?] C:\pagefile.sys
[14/11/2009 18:32|--a------|5704] C:\UsbFix.txt
[30/01/2009 00:00|---------|58368] C:\WGASetup.exe
[09/09/2007 08:21|--a------|1024] D:\.rnd
[09/09/2007 07:57|--a------|0] D:\AUTOEXEC.BAT
[07/03/2008 00:23|-rahs----|224] D:\boot.ini
[28/08/2001 13:00|-rahs----|4952] D:\Bootfont.bin
[09/09/2007 07:57|--a------|0] D:\CONFIG.SYS
[06/03/2008 22:18|--a------|340498296] D:\CorelDRAWGraphicsSuiteX4Installer_FR.exe
[18/11/2006 14:01|--a------|1450904] D:\Deamon Tools 4.0.3 ENG.exe
[09/09/2007 07:57|-rahs----|0] D:\IO.SYS
[05/05/2005 12:19|--a------|60416] D:\Keygen Windows XP Pro SP2.exe
[09/09/2007 07:57|-rahs----|0] D:\MSDOS.SYS
[09/09/2007 08:10|-rahs----|47564] D:\NTDETECT.COM
[08/03/2008 20:04|--a------|45] D:\TEST.XML
[05/09/2005 20:43|--a------|6786] D:\ThiWeb.gif
[08/03/2008 18:28|--a------|20674] D:\TWindowsXP.zip
[01/10/2007 18:18|--a------|33] E:\fichier msx.txt
[07/02/2008 21:31|--a------|43] E:\mot de passe.txt
[24/02/2007 18:08|--a------|25] E:\telechargement a fond.txt
[08/03/2008 18:28|--a------|20674] E:\TWindowsXP.zip
[05/10/2006 21:00|--a------|1003083] E:\UA-25_f1.pdf
[28/11/2009 01:23|--a------|1295769] F:\ZHPDiag 1.24.34.exe
[03/08/2004 23:55|--ah-----|45056] F:\CTFMON.EXE
[12/11/2009 01:51|--a------|265868] F:\ZHPDiag.Txt
[28/11/2009 14:09|--a------|608448] F:\comctl32.ocx
[28/11/2009 14:09|--a------|4045528] F:\mbam-setup.exe
[28/11/2009 14:07|--a------|228109] F:\Navilog1.exe
[03/08/2004 23:55|--ah-----|45056] F:\APACHE.EXE
[12/11/2009 14:19|--a------|871] F:\cleannavi.txt
[12/11/2009 15:30|--a------|128386] F:\mbam-log-2009-11-12 (15-16-47).txt
[29/11/2009 17:20|--a------|1364348] F:\UsbFix.exe
[13/11/2009 17:36|--a------|16139] F:\UsbFix.txt
[03/08/2004 23:55|--ah-----|45056] F:\NSVCLOG.EXE

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# E:\autorun.inf -> Dossier créé par UsbFix.
# F:\autorun.inf -> Dossier créé par UsbFix.

################## | Suspect | https://www.virustotal.com/gui/ |


################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\marvin\Bureau\crack\WGASetup.exe"
30/01/2009 00:00 |Size 58368 |Crc32 03147182 |Md5 6d86fcb98e276f9daa943cb5d6af4c07

"C:\Documents and Settings\marvin\Bureau\crack\WgaTray.exe"
30/01/2009 00:00 |Size 343040 |Crc32 29679ade |Md5 0807b34ab0d379b16aa47ca7992d3439

"C:\Program Files\eMule\Incoming\Call.Of.Duty.World.At.War.Keygen-RazorDOX\rzr-c5kg.exe"
08/11/2008 03:09 |Size 118784 |Crc32 ce9fa891 |Md5 2f032b001524f77fb9f8f4b22a0f624d

"D:\Program Files\eMule\Incoming\CorelDRAW.Graphics.Suite.X4.v14.0.0.567.Keymaker.Only-CORE\keygen.exe"
07/02/2008 14:34 |Size 157696 |Crc32 d7575c43 |Md5 54266746d72d2045d9eb81c027aea525

"E:\coreldraw x4\CorelDRAW.Graphics.Suite.X4.v14.0.0.567.Keymaker.Only-CORE\keygen.exe"
07/02/2008 14:34 |Size 157696 |Crc32 b83a674a |Md5 7565dec2862b78994ca962ca679dd45d

"D:\Documents and Settings\marvin\Shared\CorelDRAW Graphics Suite X4 Crack.zip"
-> Contain : Setup.exe 282628 DFLT-N 59% 115725 01-10-2007 13:15:16 a2ec1fce

"D:\WINDOWS\Fonts\'\Adobe Dream Weaver CS3 Keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Advanced Serial Port Terminal 5.5.22.271.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\ALL Xilisoft Products Keygen v 1.00.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Altdo All Products Universal Keygen v1.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Bill Serial Port Monitor 3.0T.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Bioshock DVD iSO Working Crack-Darkcoder.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\BlueSprite Products Multikeygen v1.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Clock Tray Skins v4.0 WinALL Cracked.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Cracked -- Live At Vicar Street - Tommy Tiernan DVDRip Xvid.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Crackheads Gone Wild 2006 DVDRip XViD-BELiEVERS.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Crackheads Gone Wild DVDRip Xvid.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\CrackLock 3.8.1.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\CrackServer v1.07 WinMacLinux.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Date Cracker 2000.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\DPlot 2.1.4.9 Crack.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\EA Games Multi Keygen 2.1.0.103.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Eberhard Werner All Products Universal Keygen v1.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Eltima Advanced Serial Port Terminal v5.0.4.66.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Eltima Serial Port Monitor v3.0.0.101.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Ionworx SerialShield SDK v1.9.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Jethro Back Of Beyond 2007 DVDRip XviD-Crackpots.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Jim Davidson Live In Your Face Dvdrip XviD-CrackPots.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Marx Bros. - Animal Crackers 1930 DVDRip Divx.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Marx Brothers - Animal Crackers DVDRip Xvid.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Master Numerology v1.0 WinALL Cracked PROPER.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Maxon Cinema 4D 10.111 keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\New Winrar 3.71 with keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\PC Icon Converter Plus v4.1 Keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\PDF.Password.Cracker.Pro.v3.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\RAR Password Cracker 4.00.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\RAR Password Cracker 4.12 Retail.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Rar Password Cracker 4.12.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\RAR Password Cracker v4.00.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\RAR Password Cracker v4.12.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\River Past All Products Universal Keygen v1.0.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Run Fat Boy Run DVDRip XviD-Crackpots.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Safecracker iSO.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Safecracker-Unleashed iSO.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Safecracker.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Serial Mom 1994 DVDRip Divx.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Serial Port Monitor 4.0.2.274.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Serial Splitter 3.5.2.81.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Serials 2000 7.1.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Shared Serial Ports 2.0.80.880.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Smart Serial Mail v3.3.1 Retail.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\SmartSerialMail v4.22.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Spyware Doctor 5.0.1.200 KEYGEN.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\TOCA Race driver 3 NoDVD Crack.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Tom And Jerry A Nutcracker Tale FS DVDrip XviD-CH.W.D.F.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\TuneUp Utilities 2008 7.0.8002 incl. Serial.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Turbo ZIP Cracker v1.3.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Turbo ZIP Cracker v1.4.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Ultimate Zip Cracker 7.3.2.3.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Ultimate ZIP Cracker v7.3.1.5.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Ultimate ZIP Cracker v7.3.1.7.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Virtual Serial Port Driver 6.0.1.115.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Windows Keygen Pack 2008 AIO.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\WinMount 2.2.2 Cracked.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"D:\WINDOWS\Fonts\'\Witcobber Products 5 in 1 Multi Keygen.zip"
-> Contain : Setup.exe 282630 DFLT-N 59% 115725 01-10-2007 13:15:16 99a84726

"C:\Program Files\eMule\Incoming\Call.Of.Duty.World.At.War.Keygen-RazorDOX.rar"
-> contain : rzr-c5kg.exe

"D:\Program Files\eMule\Incoming\Coreldraw Graphics Suite x4 14.0 Keygen.rar"
-> contain : keygen.exe

"D:\Program Files\eMule\Incoming\Steinberg.Cubase.SX4.0.1.305.Crack.by.H2O.rar"
-> contain : Steindberg.Cubase.SX4.0.1.305(ActivationCrack).exe


################## | Upload |

Veuillez envoyer le fichier : C:\DOCUME~1\marvin\Bureau\UsbFix_Upload_Me_MARVIN-1735C958.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.058 ! |
0
Réponse 15 / 19
Utilisateur anonyme
 
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

! Déconnecte toi et FERME TOUTES TES APPLICATIONS EN COURS !

Double-clique sur " RSIT.exe " pour le lancer .

▶ Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

▶ Devant l'option "List files/folders created ..." , tu choisis : 2 months

▶ clique ensuite sur " Continue " pour lancer l'analyse ...


▶ laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
0
Réponse 16 / 19
Marvinxxp6 Messages postés 15 Statut Membre
 
Bonsoir,

Je tiens a te remercié pour toutes les manip a effectuer grace a TOI j'ai eut acces a mon bureau et réussis a sauvegarder toutes mes données sur mon second disque.

Mais j'ai craquer j'étais a bout :) j'ai formater car plus moyen de récupéré mes connexion réseaux meme en passant par la commandes services et en efectuant pleins de d'actions différentes trouver sur les forums. Je pensse que meme en supprimant le virus elle ne seraient pas revenues car j'ai modifier pas mal de choses dans le registre.

En tous cas je sais pas si tu fait sa bénévolment ou si tu est rémunéré mais tien a te féliciter pour ta réactiviter et ton aide précieuse. ^^

Merci encore
0
Réponse 17 / 19
Utilisateur anonyme
 
Tu as formater ?

Si c'est non fait moi ce que je t'ai dis poste 15 pour conclure :))

0
Réponse 18 / 19
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
bonjour à vous 2 je crois bien helpeur mask qu'il est infecté par virut : C:\WINDOWS\System32\reader_s.exe


Il va falloir lui faire tout ce qu'il faut pour éliminer ça s'il n'a pas formaté.
0
Utilisateur anonyme
 
Il faut faire faire dr Web, urgent
0
Réponse 19 / 19
Utilisateur anonyme
 
J'essaye de savoir si il a formater ou pas ...
0

Discussions similaires

Rétrodiffusion "Mail Delivery System"
baissaoui -
baissaoui -

0 réponse
comment faire si on a un mail delivery system
angeldu5954 -
angeldu5954 -

5 réponses
SecurityHealth est a désactiver ou pas au démarrage de W10 Pro 64 ?
Walti55 -
Walti55 -

2 réponses
Security boot fail lors du démarrage
Steu -
Thiecoss -

5 réponses