Tout plein de virus!!

Résolu
Bones -  
 Utilisateur anonyme -
Bonjour,

J'ai plein de virus sur mon PC, et j'aimerais savoir comment m'en débarasser. Je n'ai plus accès au Gestionnaire des tâches et j'ai essayé par tous les moyens de l'ouvrir (Ctrl+Alt+suppr, avec la barre des tâches, avec l'application "Exécuter"...) et aucun des antivirus que je télécharge ne fonctionne. J'ai essayé un scan en ligne avec Spybot Search & Destroy qui ne marche pas non plus. Mon ancien Antivirus refuse de s'ouvrir et même si je fais tout ça en mode sans échec, rien ne marche. De plus, je reçoit des avertissements d'un Antivirus que je n'ai jamais télécharger. J'ai essayé de le supprimer de mon ordinateur, sans succès, et je me doute bien que la source du virus est là.

Il ne me reste donc, j'espère, qu'un tout dernier espoir, avant de devoir réinstaller Windows au complet: le Registre.

Comme je n'ai aucune idée de la façon dont il fonctionne, je voudrais savoir s'il est possible de supprimer des fichiers dangereux à partir du Registre.

Si vous avez d'autres suggestions de solutions à mon problème, merci de les écrire.

27 réponses

  • 1
  • 2
Résumé de la discussion

Infection informatique complexe avec impossibilité d'accéder au gestionnaire des tâches et blocage des antivirus sous Windows XP/IE8, poussant l'utilisateur à envisager une intervention manuelle du Registre. Plusieurs solutions efficaces ont été recommandées, notamment démarrer en mode sans échec, utiliser HostsXpert pour restaurer le fichier hosts, puis recourir à rkill et Malwarebytes Anti-Malware pour isoler et supprimer les menaces. Les interventions ont permis de mettre en quarantaine et supprimer des clés du Registre (par exemple Rogue.AntivirusSuite, Trojan.Agent et Security Hijack) ainsi que des exécutables malveillants identifiés dans les options d'exécution. Des indicateurs supplémentaires montrent que les éléments liés à l'Image File Execution Options et les fichiers exécutables malveillants peuvent nécessiter un nettoyage ciblé et une vérification complète du système après redémarrage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    Bonjour
    Tu as un rogue dans ton PC

    Télécharge rkill depuis l'un des liens ci-dessous:

    http://download.bleepingcomputer.com/grinler/rkill.pif
    https://download.bleepingcomputer.com/grinler/rkill.scr
    https://download.bleepingcomputer.com/grinler/rkill.com
    https://download.bleepingcomputer.com/grinler/rkill.exe

    Enregistre le fichier sur le Bureau.
    Désactive le module résident de l'antivirus et celui de l'antispyware.
    Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.
    Pour Vista, faire un clic droit sur le fichier [b]rkill/b téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.
    Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
    Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des quatre liens ci-dessus et faire une nouvelle tentative d'exécution

    Télécharge malwarebytes' anti-malware
    http://mbam.malwarebytes.org/program/mbam-setup.exe
    Enregistre le sur le bureau
    Double-clique sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation
    Si la pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
    Il va se mettre à jour une fois faite
    Va dans l'onglet recherche
    Sélectionne exécuter un examen complet
    Clique sur rechercher
    Le scan démarre
    A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
    Clique sur afficher les résultats pour afficher les objets trouvés
    Clique sur OK pour pousuivre
    Si des malwares ont été détectés, cliquer sur afficher les résultats
    Sélectionne tout (ou laisser coché)
    Clique sur supprimer la sélection
    Malwarebytes va détruire les fichiers et les clés de registre et en mettre une
    copie dans la quarantaine
    Malewarebytes va ouvrir le bloc-note et y copier le rapport
    Redémarre le PC
    Une fois redémarré, double-clique sur Malewarebytes
    Va dans l'onglet rapport/log
    Clique dessus pour l'afficher une fois affiché, cliquer sur édition en haut du
    bloc-note puis sur sélectionner tout
    Revient sur édition, puis sur copier et revient sur le forum et dans ta réponse
    Clic droit dans le cadre de la réponse et coller

    0
    1. Bones
       
      Le lien pour malwarebytes' anti-malware ne fonctionne pas.. Y a-t-il une autre manière d'y accéder? Puis quand je clique sur le fichier rkill, la fenêtre noire apparaît et disparaît, puis une page du bloc note s'ouvre. Es-ce normal?
      0
  2. Utilisateur anonyme
     
    Ne redémarre surtout pas ton PC

    Avant de commencer, fait une sauvegarde de tous tes documents
    Attention, cet outil n'est pas à utiliser à la légère, et doit
    être recommandé que par une personne formée à cet outil

    Imprime la procédure

    Télécharge ComboFix renommé Bones de sUBs sur ton Bureau :
    http://sd-1.archive-host.com/membres/up/203669918515832581/Bones.exe
    tutoriel pour bien utiliser l'outil
    http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix

    /!\ Déconnecte-toi du net et DESACTIVE TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
    ---> Double-clique sur Bones.exe
    Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
    Surtout, accepte d'installer la console de récupération
    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de figer ton PC

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt

    0
    1. Bones
       
      Wow, tu as l'air bien informé(e).. Je suis désolée de ce contretemps mais j'ai enfin réussi à télécharger Malwarebytes anti-malware... Je vais donc suivre tes autres instructions... Je suis vraiment désolée.
      0
  3. Utilisateur anonyme
     
    J'attendrai le résultat
    0
    1. Bones
       
      Je n'arrive pas à coller le rapport du bloc note sur le forum, comme si le document était trop gros. Je vais le séparer en deux parties et les coller sur le forum.
      0
    2. Bones
       
      Malwarebytes' Anti-Malware 1.46
      www.malwarebytes.org

      Version de la base de données: 4052

      Windows 5.1.2600 Service Pack 3
      Internet Explorer 8.0.6001.18702

      2010-08-12 09:53:56
      mbam-log-2010-08-12 (09-53-56).txt

      Type d'examen: Examen complet (A:\|C:\|D:\|)
      Elément(s) analysé(s): 170502
      Temps écoulé: 29 minute(s), 50 seconde(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 765
      Valeur(s) du Registre infectée(s): 17
      Elément(s) de données du Registre infecté(s): 9
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 3

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)
      0
    3. Bones
       
      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aavgapi.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aawtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\about.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ad-aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adwareprj.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aluschedulersvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      0
    4. Bones
       
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus_pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxp (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashavast.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashbug.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashchest.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashcnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashdisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashlogv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashmaisv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashpopwz.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashquick.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashsimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashsimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpck.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashwebsv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswchlic.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswregsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswrundll.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswupdsv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
      0
    5. Bones
       
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcare.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
      0
  4. Utilisateur anonyme
     
    Sacrément infecté
    Si le rapport est trop long, héberge le
    Puis vide la quarantaine de Malwarebytes
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Tu avais fait le plein de nuisibles, en plus un détournement DNS
    Tu vas plutôt me faire ceci
    * Télécharge ZHPDiag (de Nicolas Coolman)
    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
    * Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
    * Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
    * Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
    Héberge le rapport ICI

    0
    1. Bones
       
      Ça dit que je ne peux pas déposer de fichiers avec l'extension .exe
      0
  7. Utilisateur anonyme
     
    C'est le rapport de ZHPDiag que tu dois déposer, c'est un fichier.txt
    0
    1. Bones
       
      Je crois que j'ai réussi.. Tu as besoin du lien?
      0
  8. Utilisateur anonyme
     
    Oui, donne moi le lien
    0
    1. Bones
       
      http://www.cijoint.fr/cjlink.php?file=cj201008/cijfCR3Oo3.txt
      0
  9. Utilisateur anonyme
     
    On va faire le nettoyage en 2 étapes

    Copie les lignes suivantes en gras ci dessous, c'est à dire
    que tu sélectionnes les lignes indiquées en gras avec ta souris, tu fait
    clic droit dessus>copier

    O4 - HKCU\..\Run: [WindowsSysControl] C:\Documents and Settings\Stephanie\Application Data\winscdrn.exe (.not file.)
    O4 - HKCU\..\Run: [EBUNWVLUMV] C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\Hvh.exe (.not file.)
    O4 - HKCU\..\Run: [Security Master AV] . (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\All Users\Application Data\12ba556\SM12ba_302.exe
    O4 - HKUS\S-1-5-21-1085031214-1547161642-682003330-1004\..\Run: [WindowsSysControl] C:\Documents and Settings\Stephanie\Application Data\winscdrn.exe (.not file.)
    O4 - HKUS\S-1-5-21-1085031214-1547161642-682003330-1004\..\Run: [Security Master AV] . (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\All Users\Application Data\12ba556\SM12ba_302.exe
    O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
    [HKCU\Software\EBUNWVLUMV]
    [HKCU\Software\V71IQL7HI7]
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\Stephanie\Application Data\winscdrn.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Documents and Settings\Stephanie\Application Data\winscdrn.exe
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\12ba556\SM12ba_302.exe" [Enabled] .(.Pas de propriétaire - .) (.not file.) -- C:\Documents and Settings\All Users\Application Data\12ba556\SM12ba_302.exe
    HOSTFix


    * Lance ZHPFix, soit à partir d'un raccourci sur le bureau, soit à partir de
    ZHPDiag (avec Vista/Seven, clic droit dessus, et sur exécuter en
    tant qu'administrateur
    )
    * Clique sur l'icône représentant la lettre H, cela collera les lignes que tu
    as mis en mémoire
    * Clique sur OK, sur Tous, puis sur Nettoyer
    * Copie/colle la totalité du rapport dans ta prochaine réponse
    0
    1. Bones
       
      Ça me dit "Impossible de créer le fichier (nom du fichier). Accès refusé."
      0
  10. Utilisateur anonyme
     
    Est-ce que l'outil a fait le nettoyage ?
    0
    1. Bones
       
      Je crois que j'ai trouvé une solution.. Dis moi si c'est correct:

      Rapport de ZHPFix v1.12.3134 par Nicolas Coolman, Update du 12/08/2010
      Fichier d'export Registre : C:\ZHPExportRegistry-2010-08-12-12-09-29.txt
      Run by Stephanie at 2010-08-12 12:09:29
      Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
      Contact : nicolascoolman@yahoo.fr

      ========== Clé(s) du Registre ==========
      HKCU\Software\EBUNWVLUMV => Clé absente
      HKCU\Software\V71IQL7HI7 => Clé absente

      ========== Valeur(s) du Registre ==========
      O4 - HKCU\..\Run: [WindowsSysControl] C:\Documents and Settings\Stephanie\Application Data\winscdrn.exe (.not file.) => Valeur absente
      O4 - HKCU\..\Run: [EBUNWVLUMV] C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\Hvh.exe (.not file.) => Valeur absente
      O4 - HKCU\..\Run: [Security Master AV] . (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\All Users\Application Data\12ba556\SM12ba_302.exe => Valeur absente
      O4 - HKUS\S-1-5-21-1085031214-1547161642-682003330-1004\..\Run: [WindowsSysControl] C:\Documents and Settings\Stephanie\Application Data\winscdrn.exe (.not file.) => Valeur absente
      O4 - HKUS\S-1-5-21-1085031214-1547161642-682003330-1004\..\Run: [Security Master AV] . (.Pas de propriétaire - Pas de description.) -- C:\Documents and Settings\All Users\Application Data\12ba556\SM12ba_302.exe => Valeur absente
      O47 - AAKE:Key Export SP - "C:\Documents and Settings\Stephanie\Application Data\winscdrn.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) -- C:\Documents and Settings\Stephanie\Application Data\winscdrn.exe => Valeur absente
      O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\12ba556\SM12ba_302.exe" [Enabled] .(.Pas de propriétaire - .) (.not file.) -- C:\Documents and Settings\All Users\Application Data\12ba556\SM12ba_302.exe => Valeur absente

      ========== Fichier(s) ==========
      c:\windows\tasks\{8c3fdd81-7ae0-4605-a46a-2488b179f2a3}.job => Fichier absent


      ========== Récapitulatif ==========
      2 : Clé(s) du Registre
      7 : Valeur(s) du Registre
      1 : Fichier(s)


      End of the scan
      0
    2. Bones
       
      Je ne pouvais pas tout cocher, l'ordinateur me refusait l'accès à "HOSTFix"... Je l'ai décoché et l'outil a pu faire le nettoyage.
      0
  11. Utilisateur anonyme
     
    Copie les lignes suivantes en gras ci dessous, c'est à dire
    que tu sélectionnes les lignes indiquées en gras avec ta souris, tu fait
    clic droit dessus>copier

    O50 - IFEO:Image File Execution Options - a.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - aAvgApi.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - AAWTray.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - About.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ackwin32.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - Ad-Aware.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - adaware.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - advxdwin.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - AdwarePrj.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - agent.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - agentsvr.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - agentw.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - alertsvc.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - alevir.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - alogserv.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - AlphaAV - svchost.exe
    O50 - IFEO:Image File Execution Options - AlphaAV.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - AluSchedulerSvc.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - amon9x.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - anti-trojan.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - Anti-Virus Professional.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - AntispywarXP2009.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - antivirus.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - AntivirusPlus - svchost.exe
    O50 - IFEO:Image File Execution Options - AntivirusPlus.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - AntivirusPro_2010.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - AntivirusXP - svchost.exe
    O50 - IFEO:Image File Execution Options - AntivirusXP.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - antivirusxppro2009.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - AntiVirus_Pro.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ants.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - apimonitor.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - aplica32.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - apvxdwin.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - arr.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - Arrakis3.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashAvast.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashBug.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashChest.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashCnsnt.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashDisp.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashLogV.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashMaiSv.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashPopWz.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashQuick.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashServ.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashSimp2.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashSimpl.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashSkPcc.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashSkPck.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashUpd.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ashWebSv.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - aswChLic.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - aswRegSvr.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - aswRunDll.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - aswUpdSv.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - atcon.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - atguard.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - atro55en.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - atupdater.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - atwatch.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - au.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - aupdate.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - auto-protect.nav80try.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - autodown.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - autotrace.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - autoupdate.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - av360.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avadmin.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - AVCare.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avcenter.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avciman.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avconfig.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avconsol.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ave32.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - AVENGINE.EXE - svchost.exe
    O50 - IFEO:Image File Execution Options - avgcc32.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgchk.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgcmgr.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgcsrvx.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgctrl.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgdumpx.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgemc.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgiproxy.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgnsx.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgnt.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgrsx.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgscanx.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgserv.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgserv9.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgsrmax.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgtray.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgui.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgupd.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgw.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avgwdsvc.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avkpop.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avkserv.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avkservice.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avkwctl9.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avltmain.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avmailc.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avmcdlg.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avnotify.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avnt.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avp32.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avpcc.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avpdos32.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avpm.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avptc32.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avpupd.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avsched32.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avsynmgr.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avupgsvc.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - AVWEBGRD.EXE - svchost.exe
    O50 - IFEO:Image File Execution Options - avwin.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avwin95.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avwinnt.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avwsc.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avwupd.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avwupd32.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avwupsrv.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avxmonitor9x.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avxmonitornt.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - avxquar.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - b.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - backweb.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bargains.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bdagent.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bdfvcl.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bdfvwiz.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - BDInProcPatch.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bdmcon.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - BDMsnScan.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bdreinit.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bdsubwiz.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - BDSurvey.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bdtkexec.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bdwizreg.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bd_professional.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - beagle.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - belt.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bidef.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bidserver.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bipcp.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bipcpevalsetup.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bisp.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - blackd.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - blackice.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - blink.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - blss.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bootconf.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bootwarn.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - borg2.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bpc.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - brasil.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - brastk.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - brw.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bs120.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bspatch.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bundle.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - bvt.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - c.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cavscan.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ccapp.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ccevtmgr.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ccpxysvc.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - ccSvcHst.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cdp.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cfd.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cfgwiz.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cfiadmin.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cfiaudit.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cfinet.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cfinet32.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cfp.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cfpconfg.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cfplogvw.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cfpupdat.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - Cl.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - claw95.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - claw95cf.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - clean.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cleaner.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cleaner3.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cleanIELow.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cleanpc.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - click.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cmd32.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cmdagent.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cmesys.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cmgrdian.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cmon016.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - connectionmonitor.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - control - svchost.exe
    O50 - IFEO:Image File Execution Options - cpd.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cpf9x206.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cpfnt206.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - crashrep.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - csc.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cssconfg.exe - svchost.exe
    O50 - IFEO:Image File Execution Options - cssupdat.exe - svchost.exe

    * Lance ZHPFix, soit à partir d'un raccourci sur le bureau, soit à partir de
    ZHPDiag (avec Vista/Seven, clic droit dessus, et sur exécuter en
    tant qu'administrateur
    )
    * Clique sur l'icône représentant la lettre H, cela collera les lignes que tu
    as mis en mémoire
    * Clique sur OK, sur Tous, puis sur Nettoyer
    * Copie/colle la totalité du rapport dans ta prochaine réponse
    0
    1. Bones
       
      Rapport de ZHPFix v1.12.3134 par Nicolas Coolman, Update du 12/08/2010
      Fichier d'export Registre : C:\ZHPExportRegistry-2010-08-12-12-26-41.txt
      Run by Stephanie at 2010-08-12 12:26:41
      Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
      Contact : nicolascoolman@yahoo.fr

      ========== Clé(s) du Registre ==========
      O50 - IFEO:Image File Execution Options - a.exe - svchost.exe => Clé absente
      O50 - IFEO:Image File Execution Options - aAvgApi.exe - svchost.exe => Clé absente
      O50 - IFEO:Image File Execution Options - AAWTray.exe - svchost.exe => Clé absente
      O50 - IFEO:Image File Execution Options - About.exe - svchost.exe => Clé absente
      O50 - IFEO:Image File Execution Options - ackwin32.exe - svchost.exe => Clé absente
      O50 - IFEO:Image File Execution Options - Ad-Aware.exe - svchost.exe => Clé absente
      O50 - IFEO:Image File Execution Options - adaware.exe - svchost.exe => Clé absente
      O50 - IFEO:Image File Execution Options - advxdwin.exe - svchost.exe => Clé absente
      O50 - IFEO:Image File Execution Options - AdwarePrj.exe - svchost.exe => Clé absente
      O50 - IFEO:Image File Execution Options - agent.exe - svchost.exe => Clé absente
      O50 - IFEO:Image File Execution Options - agentsvr.exe - svchost.exe => Clé absente
      O50 - IFEO:Image File Execution Options - agentw.exe - svchost.exe => Clé absente
      O50 - IFEO:Image File Execution Options - alertsvc.exe - svchost.exe => Clé absente
      O50 - IFEO:Image File Execution Options - alevir.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - alogserv.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - AlphaAV - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - AlphaAV.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - AluSchedulerSvc.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - amon9x.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - anti-trojan.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - Anti-Virus Professional.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - AntispywarXP2009.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - antivirus.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - AntivirusPlus - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - AntivirusPlus.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - AntivirusPro_2010.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - AntivirusXP - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - AntivirusXP.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - antivirusxppro2009.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - AntiVirus_Pro.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ants.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - apimonitor.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - aplica32.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - apvxdwin.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - arr.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - Arrakis3.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashAvast.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashBug.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashChest.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashCnsnt.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashDisp.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashLogV.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashMaiSv.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashPopWz.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashQuick.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashServ.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashSimp2.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashSimpl.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashSkPcc.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashSkPck.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashUpd.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ashWebSv.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - aswChLic.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - aswRegSvr.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - aswRunDll.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - aswUpdSv.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - atcon.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - atguard.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - atro55en.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - atupdater.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - atwatch.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - au.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - aupdate.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - auto-protect.nav80try.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - autodown.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - autotrace.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - autoupdate.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - av360.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avadmin.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - AVCare.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avcenter.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avciman.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avconfig.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avconsol.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ave32.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - AVENGINE.EXE - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgcc32.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgchk.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgcmgr.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgcsrvx.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgctrl.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgdumpx.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgemc.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgiproxy.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgnsx.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgnt.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgrsx.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgscanx.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgserv.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgserv9.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgsrmax.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgtray.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgui.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgupd.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgw.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avgwdsvc.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avkpop.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avkserv.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avkservice.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avkwctl9.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avltmain.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avmailc.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avmcdlg.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avnotify.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avnt.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avp32.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avpcc.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avpdos32.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avpm.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avptc32.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avpupd.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avsched32.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avsynmgr.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avupgsvc.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - AVWEBGRD.EXE - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avwin.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avwin95.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avwinnt.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avwsc.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avwupd.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avwupd32.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avwupsrv.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avxmonitor9x.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avxmonitornt.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - avxquar.exe - svchost.exe => Clé supprimée avec succès
      0
    2. Bones
       
      O50 - IFEO:Image File Execution Options - b.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - backweb.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bargains.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bdagent.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bdfvcl.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bdfvwiz.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - BDInProcPatch.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bdmcon.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - BDMsnScan.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bdreinit.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bdsubwiz.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - BDSurvey.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bdtkexec.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bdwizreg.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bd_professional.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - beagle.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - belt.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bidef.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bidserver.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bipcp.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bipcpevalsetup.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bisp.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - blackd.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - blackice.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - blink.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - blss.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bootconf.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bootwarn.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - borg2.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bpc.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - brasil.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - brastk.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - brw.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bs120.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bspatch.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bundle.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - bvt.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - c.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cavscan.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ccapp.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ccevtmgr.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ccpxysvc.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - ccSvcHst.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cdp.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cfd.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cfgwiz.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cfiadmin.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cfiaudit.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cfinet.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cfinet32.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cfp.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cfpconfg.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cfplogvw.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cfpupdat.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - Cl.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - claw95.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - claw95cf.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - clean.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cleaner.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cleaner3.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cleanIELow.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cleanpc.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - click.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cmd32.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cmdagent.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cmesys.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cmgrdian.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cmon016.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - connectionmonitor.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - control - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cpd.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cpf9x206.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cpfnt206.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - crashrep.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - csc.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cssconfg.exe - svchost.exe => Clé supprimée avec succès
      O50 - IFEO:Image File Execution Options - cssupdat.exe - svchost.exe => Clé supprimée avec succès


      ========== Récapitulatif ==========
      202 : Clé(s) du Registre


      End of the scan
      0
    3. Bones
       
      J'ai encore du le coller en plusieurs parties (2).. Je suis désolée et merci infiniment pour ton temps.
      0
  12. Utilisateur anonyme
     
    Cela avance, c'est encourageant, mais on a pas fini
    Met à jour Malwarebytes, et fait moi un scan complet, il risque de trouver
    encore de nombreux éléments infectieux, il faut affaiblir ce rogue
    Tu avais plusieurs rogues dans ton PC

    Je verrai cela plus tard dans la soirée
    0
    1. Bones
       
      D'accord, je te remercie beaucoup. Je vais faire le scan avec Malwarebytes et coller la réponse ici. Comme ça, elle sera prête pour toi quand tu voudras la consulter. Encore merci.
      0
    2. Bones
       
      Malwarebytes' Anti-Malware 1.46
      www.malwarebytes.org

      Version de la base de données: 4422

      Windows 5.1.2600 Service Pack 3
      Internet Explorer 8.0.6001.18702

      2010-08-12 13:20:28
      mbam-log-2010-08-12 (13-20-28).txt

      Type d'examen: Examen complet (A:\|C:\|D:\|)
      Elément(s) analysé(s): 187492
      Temps écoulé: 35 minute(s), 4 seconde(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 564
      Valeur(s) du Registre infectée(s): 9
      Elément(s) de données du Registre infecté(s): 7
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 20

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      0
    3. Bones
       
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\history.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\identity.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieshow.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jsrcgen.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
      0
    4. Bones
       
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\malwareremoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsacore.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfwsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      0
    5. Bones
       
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_Internet_secu_3.0_407.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oacat.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oahlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oareg.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OcHealthMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\odsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavfnsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc_antispyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\peravir.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      0
  13. Utilisateur anonyme
     
    C:\WINDOWS\system32\drivers\cebhqkpk.sys (Rootkit.Bubnix)
    C'est moins drôle ce truc
    Déjà une bonne chose, on a réussit à shooter ce maudit rogue
    Vide la quarantaine de Malwarebytes

    Fait moi ceci maintenant
    https://forums.commentcamarche.net/forum/affich-18812124-tout-plein-de-virus#4

    0
    1. Bones
       
      L'ordinateur n'a pas redémaré et aucune demande n'a été faite. Dois-je le redémarrer moi-même pour finaliser?
      0
  14. Utilisateur anonyme
     
    Bonjour,
    Il aurai fallu redémarrer le PC pour finaliser la suppression

    Pourrai tu me refaire ZHPDiag pour voir où cela en ai, et héberge le rapport
    0
    1. Bones
       
      Sans vouloir t'ennuyer, je ne sais toujours pas ce que tu veux dire par "héberge le rapport".. Je le met sur le site de dépot de fichier. Si c'est ça, héberger un rapport, tant mieux :). Je te remercie pour tout ton temps.

      Voici le lien: http://www.cijoint.fr/cjlink.php?file=cj201008/cijMaLYScW.txt

      Si ce n'est pas ça, héberger le rapport, explique moi, s'il-te-plaît.
      0
  15. Utilisateur anonyme
     
    C'est ce que tu as fait, tu as hébergé le rapport
    C'est beaucoup mieux
    J'analyse le rapport, et je te redits cela
    Surtout, évite de trop surfer, car tu as encore les fichiers host modifiés
    qui pourraient te rediriger vers des sites de rogues
    O.o°*??? Ex Nathandre aux 12938 messages depuis le 27.10.2008 °.Oø¤º°'°º¤ø
    0
  16. Utilisateur anonyme
     
    Tu vas faire ceci en mode sans échec
    Imprime d'abord la procédure, et télécharge l'outil avant

    Télécharge HostsXpert sur ton Bureau :
    https://www.clubic.com/telecharger-fiche185974-hostsxpert.html
    Décompresse-le (Clic droit >> Extraire ici)
    Double-clique sur HostsXpert pour le lancer
    Clique sur le bouton "Restore MS Hosts File" puis ferme le programme

    PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.

    0
    1. Bones
       
      Voilà, c'est fait. Je suis prête pour les prochaines instructions.
      0
  17. Utilisateur anonyme
     
    Bonjour
    Pourrai tu me refaire ZHPDiag pour que je vérifie si les fichiers host ont été
    restauré

    Je te met en garde contre les téléchargements avec des logiciels P2P
    (Limewire, Emule, Utorrent, Bit Torrent) qui sont un vrai danger, car on
    peut télécharger des cochonneries avec
    Surtout, ne clique plus sur les bannières publicitaires, car, derrière, ils
    proposent de télécharger des rogues
    Ne télécharge jamais de cracks avec des logiciels P2P, car c'est source
    d'infections
    Fait très attention si on te propose des logiciels de sécurité dont tu ne
    connais pas le nom
    0
    1. Bones
       
      Voici le lien: http://www.cijoint.fr/cjlink.php?file=cj201008/cijEbcC5x4.txt
      0
  18. Utilisateur anonyme
     
    Cela fait plaisir de voir un rapport comme cela
    Dit moi comment va le PC
    Pendant ce temps là, j'analyse le rapport
    0
    1. Bones
       
      Il va BEAUCOUP mieux.. Le faux antivirus a disparus et il n'y a plus de fenêtres pop-up qui nous avertissent de n'importe quoi.. Même mon clavie s'en porte mieux!! Quand les virus étaient actifs au maximum, je ne pouvais même plus faire d'accent circonflexe :P. De plus, j'ai de nouveau accès au gestionnaire des tâches et mes sites ne sont plus redirigés n'importe où.. Tu as toute ma reconnaissance et mon admiration.
      0
  19. Utilisateur anonyme
     
    On va nettoyer les restes
    Tu n'es plus redirigé, car les fichiers hosts ont été restauré

    Je réitère ce que je t'ai dit, fait très attention maintenant si tu veux garder
    ton PC en bon état
    Evite les sites de jeux, et autres sites coc****, car c'est bourré de
    cochonneries

    Copie les lignes suivantes en gras ci dessous, c'est à dire
    que tu sélectionnes les lignes indiquées en gras avec ta souris, tu fait
    clic droit dessus>copier

    [HKCU\Software\3]
    O69 - SBI: SearchScopes [HKCU] {87693257-7142-4837-B6A7-C32182BF7445} [DefaultScope] - (Google) - http://findgala.com
    [HKCU\Software\Conduit]
    [HKCU\Software\nwzwnzbkql]


    * Lance ZHPFix, soit à partir d'un raccourci sur le bureau, soit à partir de
    ZHPDiag (avec Vista/Seven, clic droit dessus, et sur exécuter en
    tant qu'administrateur
    )
    * Clique sur l'icône représentant la lettre H, cela collera les lignes que tu
    as mis en mémoire
    * Clique sur OK, sur Tous, puis sur Nettoyer
    * Copie/colle la totalité du rapport dans ta prochaine réponse

    Ensuite, met à jour Malwarebytes, et refait un scan complet

    O.o°*??? Ex Nathandre aux 12938 messages depuis le 27.10.2008 °.Oø¤º°'°º¤ø
    0
    1. Bones
       
      Rapport de ZHPFix v1.12.3134 par Nicolas Coolman, Update du 12/08/2010
      Fichier d'export Registre : C:\ZHPExportRegistry-2010-08-14-09-52-14.txt
      Run by Stephanie at 2010-08-14 09:52:14
      Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
      Contact : nicolascoolman@yahoo.fr

      ========== Clé(s) du Registre ==========
      HKCU\Software\3 => Clé supprimée avec succès
      HKCU\Software\Conduit => Clé supprimée avec succès
      HKCU\Software\nwzwnzbkql => Clé supprimée avec succès

      ========== Elément(s) de donnée du Registre ==========
      O69 - SBI: SearchScopes [HKCU] {87693257-7142-4837-B6A7-C32182BF7445} [DefaultScope] - (Google) - http://findgala.com => Donnée supprimée avec succès


      ========== Récapitulatif ==========
      3 : Clé(s) du Registre
      1 : Elément(s) de donnée du Registre


      End of the scan
      0
  20. Utilisateur anonyme
     
    Tu peux faire Malwarebytes
    0
    1. Bones
       
      Il est en train d'analyser.. En attendant, j'ai quelques petites questions. Quand mon ordis sera tout propre, est-ce que je dois installer un nouvel Antivirus ou c'est Malwarebytes qui fera le travail? Est-ce que je devrai installer de nouvelles protections?
      0
  21. Utilisateur anonyme
     
    Je t'en proposerai un après lorsqu'on aura fini le nettoyage
    Malwarebytes version gratuite ne fonctionne pas en temps réel, il faudra
    le conserver pour scanner une fois de temps en temps le PC, et il faudra le mettre
    à jour avant chaque scan
    Tant que tu n'as pas de protection, ne surfe pas n'importe où
    0
    1. Bones
       
      Voici le rapport de Malwarebytes. Je dois aller quelque part pour l'instant, mais analyse le rapport et transmet-moi tes instructions ensuite, je regarderai tout ça quand je reviendrai. Merci infiniment.

      Malwarebytes' Anti-Malware 1.46
      www.malwarebytes.org

      Version de la base de données: 4427

      Windows 5.1.2600 Service Pack 3
      Internet Explorer 8.0.6001.18702

      2010-08-14 10:27:44
      mbam-log-2010-08-14 (10-27-44).txt

      Type d'examen: Examen complet (A:\|C:\|D:\|)
      Elément(s) analysé(s): 175932
      Temps écoulé: 32 minute(s), 36 seconde(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 1

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\System Volume Information\_restore{70CA56FC-E8BD-4DB7-9E5B-B1CFF250DC02}\RP23\A0004049.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      0
    2. Bones
       
      Je suis revenue. Je suis désolée, je n'ai pas pensé à héberger le rapport.. Si tu préfères cette façon, voici le lien: http://www.cijoint.fr/cjlink.php?file=cj201008/cijzU6Nwup.txt ... Quand tu le voudras bien, transmet-moi les prochaines instructions. Merci.
      0
  • 1
  • 2