Troyen win 32 et gomeo

clochette -  
moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Voilà, avast me détecte un win 32 fake-alert uj et un malwarre -gen. Je lui ai demandé de les supprimer seulement depuis, je rame pour accéder aux pages internet que je demande, j'ai des ouvertures intempestives de gomeo et je ne peux plus ouvrir ma boite mail sur gmail;
Quelqu'un pourrait il me sauver?!

19 réponses

Résumé de la discussion

Avast détecte des alertes Win32 fictives (fake-alert uj) et un malware générique, tandis qu'un utilisateur sous Windows XP et Firefox 3.6.13 éprouve des ouvertures intempestives et des difficultés d'accès à Gmail.
Plusieurs intervenants recommencent par recueillir des rapports système et malwares, avec des outils comme ZHPDiag/ZHPFix et OTL, et demandent le partage des rapports via des liens Cjoint, afin d'identifier les éléments malveillants.
Des recommandations de sécurité multiplient les étapes, comme Malwarebytes Anti-Malware, ComboFix et rapports OTL, tout en rappelant d'éviter les téléchargements non vérifiés et de privilégier les sources officielles.
En cas de persistance du problème, des précautions supplémentaires comme l'analyse hors ligne et la création d'une image système sont évoquées pour éviter l'exécution de logiciels potentiellement malveillants.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    bonjour

    * Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)
    http://www.teamxscript.org/adremoverTelechargement.html

    /!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\

    Désactive provisoirement et seulement le temps de l'utilisation de ADremover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    - Double-clique sur l'icône Ad-remover située sur ton Bureau.
    - Sur la page, clique sur le bouton « NETTOYER »
    - Confirme lancement du scan
    - Laisse travailler l'outil.
    - Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
    0
    1. clochette
       
      Alors voilà le rapport. Est ce que c'est grave docteur?!

      ======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======

      Mis à jour par TeamXscript le 03/01/11 à 14:20
      Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
      Site web: http://www.teamxscript.org

      C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 12:12:31 le 08/01/2011, Mode normal

      Microsoft Windows XP Professionnel Service Pack 3 (X86)
      Administrateur@NAC ( )

      ============== ACTION(S) ==============


      Fichier supprimé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\uakwmky_nav.dat
      Fichier supprimé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\uakwmky.dat
      Fichier supprimé: C:\Documents and Settings\Administrateur\Local Settings\Application Data\uakwmky_navps.dat

      (!) -- Fichiers temporaires supprimés.


      Clé supprimée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uakwmky
      Clé supprimée: HKCU\Software\fcn


      ============== SCAN ADDITIONNEL ==============

      ** Mozilla Firefox Version [3.6.13 (fr)] **

      -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\2ry00xzx.default\Prefs.js --
      browser.download.lastDir, C:\\Documents and Settings\\Administrateur\\Bureau
      browser.startup.homepage, hxxp://fr.msn.com/
      browser.startup.homepage_override.mstone, rv:1.9.2.13

      ========================================

      ** Internet Explorer Version [7.0.5730.13] **

      [HKCU\Software\Microsoft\Internet Explorer\Main]
      AutoHide: yes
      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Do404Search: 0x01000000
      Enable Browser Extensions: yes
      Local Page: C:\WINDOWS\system32\blank.htm
      Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      Show_ToolBar: yes
      Start Page: hxxp://fr.msn.com/

      [HKLM\Software\Microsoft\Internet Explorer\Main]
      Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Delete_Temp_Files_On_Exit: yes
      Local Page: C:\WINDOWS\system32\blank.htm
      Search bar: hxxp://search.msn.com/spbasic.htm
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start Page: hxxp://fr.msn.com/

      [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
      Tabs: res://ieframe.dll/tabswelcome.htm
      Blank: res://mshtml.dll/blank.htm

      ========================================

      C:\Program Files\Ad-Remover\Quarantine: 3 Fichier(s)
      C:\Program Files\Ad-Remover\Backup: 13 Fichier(s)

      C:\Ad-Report-CLEAN[1].txt - 08/01/2011 (807 Octet(s))

      Fin à: 12:14:38, 08/01/2011

      ============== E.O.F ==============
      0
  2. verni29 Messages postés 6805 Statut Contributeur sécurité 180
     
    Bonjour,

    EDIT : mdg, bonne année.

    Bonne continuation à vous deux.

    Allez jusqu'au bout de la procédure de désinfection.
    0
  3. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    (hello verni et pareillement)
    __________

    @ clochette

    Télécharge ZHPDiag ( de Nicolas coolman ).
    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


    (outil de diagnostic)


    Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

    Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )

    Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

    Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

    Rend toi sur Cjoint : http://www.cijoint.fr/

    Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

    Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

    Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

    0
    1. clochette
       
      C'est fait...Ci-joint le lien
      http://www.cijoint.fr/cjlink.php?file=cj201101/cijfHc09RC.txt
      Merci de ton aide
      0
  4. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    vu

    Téléchargez MalwareByte's Anti-Malware (que tu pourras garder ensuite)

    https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

    . Enregistres le sur le bureau
    . Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
    . Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
    . Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
    . Une fois la mise à jour terminé
    . Rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet (examen assez long)
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . Si des malwares ont été détectés, clique sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . Rends toi dans l'onglet rapport/log
    . Tu cliques dessus pour l'afficher, une fois affiché
    . Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
    . Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . tu cliques droit dans le cadre de la reponse et coller

    Si tu as besoin d'aide regarde ces tutoriels :
    Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
    0
    1. clochette
       
      J'ai 2 rapports mais les dates sont 2009???
      ESt ce que j'ai bien fait ce qu'il fallait? Pendant le scann Lalwarebytes a détecté un fichier infecté mais je ne le vois pas dans ce rapport...
      Est ce que ces éléments t'aident?

      Malwarebytes' Anti-Malware 1.33
      Version de la base de données: 1736
      Windows 5.1.2600 Service Pack 2

      07/02/2009 22:01:07
      mbam-log-2009-02-07 (22-01-07).txt

      Type de recherche: Examen rapide
      Eléments examinés: 42456
      Temps écoulé: 2 minute(s), 27 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      Malwarebytes' Anti-Malware 1.33
      Version de la base de données: 1736
      Windows 5.1.2600 Service Pack 3

      22/02/2009 11:55:46
      mbam-log-2009-02-22 (11-55-46).txt

      Type de recherche: Examen rapide
      Eléments examinés: 1
      Temps écoulé: 8 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)J ai 2 rapport mai
      0
    2. clochette
       
      Malwarebytes' Anti-Malware 1.50.1.1100
      www.malwarebytes.org

      Version de la base de données: 5481

      Windows 5.1.2600 Service Pack 3
      Internet Explorer 7.0.5730.13

      09/01/2011 21:01:38
      mbam-log-2011-01-09 (21-01-38).txt

      Type d'examen: Examen complet (C:\|E:\|)
      Elément(s) analysé(s): 213598
      Temps écoulé: 2 heure(s), 14 minute(s), 35 seconde(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 766
      Valeur(s) du Registre infectée(s): 19
      Elément(s) de données du Registre infecté(s): 7
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 6

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\6BTOP2GA8A (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\UO8KTAT1GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File REbonsoioir moment de grace
      J'ai enfin réussi à faire ce que tu m'as dis et voilà le rapport de log .
      Merci beaucoup pour le temps que tu m'a consacré.
      Est ce que j'ai encore autre chose à faire?
      Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVer
      0
    3. clochette
       
      Voila le rapport de log, est ce que j'ai autre chose à faire?
      Encore merci de ton aide moment de grace
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    le rapport de MBAM n'est pas complet car trop long

    utilise le site "ci joint" pour le transmettre stp

    de plus

    Fais un nouveau rapport ZHPdiag stp

    Rend toi sur Cjoint : http://www.cijoint.fr/

    Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

    Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

    Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

    0
    1. clochette
       
      Alors, voilà le rapport Malware bytes pardon
      http://www.cijoint.fr/cjlink.php?file=cj201101/cijs70CIgK.txt
      Et le rapport ZH Diag
      http://www.cijoint.fr/cjlink.php?file=cj201101/cijFMdp6Co.txt

      Je suis toujours redirigée vers Gomeo par contre j'ai à nouveau accès à ma boite gmail. Il y a du mieux!
      0
  7. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    vu

    1)

    Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )

    [HKCU\Software\3]
    O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\406fe9\IA406_231.exe" [Enabled] .(.Pas de propriétaire - Pas de description.) (.not file.) --
    O64 - Services: CurCS - (.not file.) - SSHNAS (SSHNAS) .(.Pas de propriétaire - Pas de description.) - LEGACY_SSHNAS (Trojan.Dropper/Win-NV)
    O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://findgala.com/?&uid=231&q={searchTerms}


    Puis Lance ZHPFix depuis le raccourci du bureau .

    * Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

    * Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

    Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

    Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ".

    Copie/Colle le rapport à l'écran dans ton prochain message

    le rapport se trouve dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport

    ___________

    2)

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier :

    C:\Windows\System32\nvshell.xep

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.


    Copie le lien de Virus Total dans ta réponse.


    Si tu ne trouves pas le fichier alors

    Affiche tous les fichiers et dossiers :

    Pour cela :
    Clique sur démarrer/panneau de configuration/option des dossiers/affichage

    Cocher afficher les dossiers cachés

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décocher masquer les extensions dont le type est connu

    Puis fais «appliquer» pour valider les changements.

    Et OK

    _______________

    3)

    Télécharge OTL de OLDTimer

    http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

    enregistre le sur ton Bureau.

    Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

    Coche les 2 cases Lop et Purity

    Coche la case devant tous les utilisateurs

    règle age du fichier sur "60 jours"

    dans la moitié gauche , mets tout sur "tous"

    ne modifie pas ceci :

    "fichiers créés" et "fichiers Modifiés"

    Clic sur Analyse.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

    NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    Clique sur Parcourir et cherche le fichier ci-dessus.

    Clique sur Ouvrir.

    Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    Copie ce lien dans ta réponse.

    Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
    0
    1. clochette
       
      Moment de grace est toi qui m a posté le message de 16h08 du 10/01/2011?
      Je me méfie car j'ai l impression que certains s'amusent à faire faire n importe quoi...
      Quelqu un sur le forum m'adonne des marches à suivre et bizarrement les logiciels qu il m a demandé de charger se retrouvent dans le rapport malwarebytes.
      0
  8. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    en plus des consignes ci dessus, nous aurions besoin de ton aide..

    télécharge ceci sur ton bureau
    http://sd-2.archive-host.com/membres/up/135518691112296573/test.bat

    puis lance le

    Une archive Backup doit se créer sur le bureau , peux tu l'heberger ici: https://www.luanagames.com/index.fr.html

    merci
    0
    1. clochette
       
      1/ J'ai copié le rapport directement de l encadré principal de zhpfix ça te va ou pas? ( je n ai pas trouvé program files dans zhdiag.
      Rapport de ZHPFix 1.12.3236 par Nicolas Coolman, Update du 05/01/2011
      Fichier d'export Registre : C:\ZHPExportRegistry-10-01-2011-22-02-56.txt
      Run by Administrateur at 10/01/2011 22:02:55
      Windows XP Professional Service Pack 3 (Build 2600)
      Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
      Contact : nicolascoolman@yahoo.fr

      ========== Clé(s) du Registre ==========
      HKCU\Software\3 => Clé supprimée avec succès
      O64 - Services: CurCS - (.not file.) - SSHNAS (SSHNAS) .(.Pas de propriétaire - Pas de description.) - LEGACY_SSHNAS (Trojan.Dropper/Win-NV) => Clé absente
      O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://findgala.com/?&uid=231&q={searchTerms} => Clé supprimée avec succès

      ========== Valeur(s) du Registre ==========
      O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\406fe9\IA406_231.exe" [Enabled] .(.) (.not file.) -- => Valeur supprimée avec succès


      ========== Récapitulatif ==========
      3 : Clé(s) du Registre
      1 : Valeur(s) du Registre


      End of the scan

      Clé absente ça veut dire quoi? J'ai supprimé 2 logiciels (hijack et rogues qui apparaissaient justement dans la liste de malwarebytes ce serait pas ça qu'il ne trouve pas?

      2/ Ca je te le joins sous fichier word parce que j'ai pas trouvé le fichier!!!
      http://www.cijoint.fr/cjlink.php?file=cj201101/cijPZr1YQ7.doc

      3/ http://www.cijoint.fr/cjlink.php?file=cj201101/cijz5FhQ9m.txt
      http://www.cijoint.fr/cjlink.php?file=cj201101/cijAgtqSZv.txt

      Concernant ton second message, je ne trouve pas d'archive back up sur mon bureau. ça doit s'appeler comment? En plus depuis que j ai chargé test bat je n'arrive plus à ouvrir mes fichiers word, il me parle de convertisseur, je crois qu'ils apparaissent justement sous forme d'archj'ai demandé à installer un convertisseur.
      0
    2. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
       
      Hello

      Le fichier .bat est censé créer un fichier Backup.rar sur le bureau.
      Lorsque tu l'as lancé a-til mis un message d'erreur?

      PS: Il n'y a rien a voir avec les fichiers word ;)
      0
  9. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    pour zhpfix c'est bon

    _______

    pour le back up demandé je me renseigne
    ________

    as tu retrouvé tes doc word ?
    _______

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."

    sur OTL.exe pour le lancer.

    ?Copie la liste qui se trouve en gras ci-dessous,

    ? colle-la dans la zone sous "Personnalisation" :

    :processes
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe
    CToolbar.exe

    :Services
    qncmaecn
    MSPnPService
    eddrhpej

    :OTL
    DRV - [2010/11/28 20:27:59 | 000,080,816 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{340A2AD6-0679-46DA-9180-DABBD5B36FD1}\bdselfpr.sys -- (bdselfpr)
    IE - HKU\S-1-5-21-1708537768-1060284298-854245398-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25499

    :Files
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\PackageAware
    C:\Documents and Settings\All Users\Application Data\IAQMV
    C:\Documents and Settings\All Users\Application Data\406fe9
    C:\Program Files\Panda Security
    C:\WINDOWS\BDOSCAN8
    @Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Administrateur\Mes documents\Shareaza Downloads:Shareaza.GUID
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F157E3
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B13EE36

    :commands
    [emptytemp]
    [start explorer]
    [reboot]

    ? Clique sur "Correction" pour lancer la suppression.

    ? Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.


    CONTRIBUTEUR SECURITE

    Désinfection = diagnostic + traitement + finalisation
    "Restez" jusqu'au bout...merci
    0
    1. clochette
       
      Bonsoir moment de grace!

      Bon tout n'est pas terminé alors...
      Quand j'ai fait correction une première fois, j'ai eu un rapport et tout a buggé j'ai tout tout redemarrer du coup je ne sais pas si ce rapport est bon car en fait je l ai refait une deuxieme fois.
      Pour mes fichiers word, en fait ce sont ceux qui sont sur le bureau qui apparaissent en archive je comprend pas...

      ========== PROCESSES ==========
      No active process named explorer.exe was found!
      No active process named iexplore.exe was found!
      No active process named firefox.exe was found!
      No active process named msnmsgr.exe was found!
      No active process named Teatimer.exe was found!
      No active process named CToolbar.exe was found!
      ========== SERVICES/DRIVERS ==========
      Error: No service named qncmaecn was found to stop!
      No service named qncmaecn was found to delete!
      Error: No service named MSPnPService was found to stop!
      No service named MSPnPService was found to delete!
      Error: No service named eddrhpej was found to stop!
      No service named eddrhpej was found to delete!
      ========== OTL ==========
      Error: No service named bdselfpr was found to stop!
      No service named bdselfpr was found to delete!
      File C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{340A2AD6-0679-46DA-9180-DABBD5B36FD1}\bdselfpr.sys not found.
      Unable to set value : HKU\S-1-5-21-1708537768-1060284298-854245398-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E!
      ========== FILES ==========
      File\Folder C:\Documents and Settings\Administrateur\Local Settings\Application Data\PackageAware not found.
      File\Folder C:\Documents and Settings\All Users\Application Data\IAQMV not found.
      File\Folder C:\Documents and Settings\All Users\Application Data\406fe9 not found.
      File\Folder C:\Program Files\Panda Security not found.
      File\Folder C:\WINDOWS\BDOSCAN8 not found.
      Unable to delete ADS C:\Documents and Settings\Administrateur\Mes documents\Shareaza Downloads:Shareaza.GUID .
      Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D2F157E3 .
      Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B13EE36 .

      OTL by OldTimer - Version 3.2.20.1 log created on 01112011_230423
      0
  10. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    refais la manip avec ce texte là stp

    :processes
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe

    :OTL
    DRV - [2010/11/28 20:27:59 | 000,080,816 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Fichiers communs\BitDefender\SetupInformation\{340A2AD6-0679-46DA-9180-DABBD5B36FD1}\bdselfpr.sys -- (bdselfpr)
    IE - HKU\S-1-5-21-1708537768-1060284298-854245398-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25499

    :Files
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\PackageAware
    C:\Documents and Settings\All Users\Application Data\IAQMV
    C:\Documents and Settings\All Users\Application Data\406fe9
    C:\Program Files\Panda Security
    C:\WINDOWS\BDOSCAN8
    @Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Administrateur\Mes documents\Shareaza Downloads:Shareaza.GUID
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F157E3
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B13EE36

    :commands
    [emptytemp]
    [start explorer]
    [reboot]
    0
    1. clochette
       
      De pire en pire, maintenant, le pc s'éteint tout seul...je galère comme pas possible pour t envoyer les rapports! Il fait que je redemarre chaque fois...
      Alors ça donne quoi?

      User: All Users

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33170 bytes
      ->Flash cache emptied: 41 bytes

      User: LocalService
      ->Temp folder emptied: 66016 bytes
      ->Temporary Internet Files folder emptied: 710588 bytes

      User: NetworkService
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 33237 bytes

      %systemdrive% .tmp files removed: 0 bytes
      %systemroot% .tmp files removed: 2134506 bytes
      %systemroot%\System32 .tmp files removed: 3072 bytes
      %systemroot%\System32\dllcache .tmp files removed: 0 bytes
      %systemroot%\System32\drivers .tmp files removed: 0 bytes
      Windows Temp folder emptied: 530159 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 83992086 bytes
      %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
      RecycleBin emptied: 5632 bytes

      Total Files Cleaned = 174,00 mb


      OTL by OldTimer - Version 3.2.20.1 log created on 01122011_210521

      Files\Folders moved on Reboot...
      File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
      File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot.
      File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot.

      Registry entries deleted on Reboot...
      0
  11. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    Attention, avant de commencer, lit attentivement la procédure, et imprime la

    Aide à l'utilisation
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Télécharge ComboFix de sUBs sur ton Bureau :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et <gras>DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\ </gras>

    ---> Double-clique sur ComboFix.exe
    Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

    SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
    (si il te propose de l'installer remets internet)

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt

    0
    1. clochette
       
      C est bizarre quand j ai chargé combo, le pc a siflé et il me dit que les sites web avec un eliste ne sont pas affiliés à combofix, que si j'ai acheté quelque chose, il faut que je fasse opposition a ma banque que je n ai aucune garanti sur le logiciel etc... C'est normal?
      0
    2. clochette
       
      ok j avais pas tout lu bon j y vais je continue...
      0
    3. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      non ce n'est pas normal

      attends une minute

      je vais t'en préparer un
      0
    4. clochette
       
      Moment de grace,
      Ci-joint le lien de combofix...
      Alors?
      Le pc continue à planter
      http://www.cijoint.fr/cjlink.php?file=cj201101/cijccsHm8B.txt
      0
  12. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    0
    1. clochette
       
      Zut, je me suis plantée, je t'ai pas répondu sur le bon commentaire
      Bref, le lien t'a avancé ou pas?
      Je comprend pas ton message du 12/01/2011 22h50 même procédure que quoi?
      0
    2. clochette
       
      OK j'ai essayé mais ça ne marche pas, ça me dit que combo ne fonctionne qu avec windows 2000 et xp et après que je ne peux pas renommer combo fix en clochette et puis l icone a disparu (la deuxième : clochette) j'ai encore la premiere combo fix
      0
    3. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      ok

      où en sont tes soucis de départ ?
      0
    4. clochette
       
      au début j'étais régulièrement redirigée vers gomeo ça le fait un peu moins mais je suis toujours redirigée vers d autres sites avast continue à me signaler des pages malveillantes, j'ai toujours certains documents wors affiché en archive et surtout, le pc plante assez souvent, quand il s y met c'est toutes les 10 minutes par contre j'ai à nouveau accès à ma boite .
      Voilà...
      0
  13. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    * Télécharge load_tdsskiller (de Loup Blanc) sur ton Bureau

    http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

    * Lance load_tdsskiller en faisant un double-clic dessus / Lance par un clic-droit dessus ? Exécuter en temps qu'administrateur
    * L'outil va se connecter pour télécharger une copie à jour de TDSSKiller, puis va lancer une analyse
    * Lorsque l'outil a terminé son travail d'inspection, si des nuisibles ("Malicious objects") ont été trouvés, vérifier que l'option (Cure) est sélectionnée,
    * Si des objects suspects ("Suspicious objects") ont été détectés, sur l'écran de demande de confirmation, modifier l'action à entreprendre et indiquer Quarantine (au lieu de Skip),
    * A la fin, il te sera demandé d'appuyer sur une touche, puis le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (C:\tdsskiller\report.txt)
    0
    1. clochette
       
      \HardDisk0 - will be cured after reboot
      \HardDisk1 - will be cured after reboot

      Il m a trouvé un win 32 mais j ai pas noté le nom comme une cruche
      0
    2. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      poste moi le rapport entier stp

      C:\tdsskiller\report.txt)
      0
    3. clochette
       
      Pardon j avais pas capté
      J en ai 2 c'et peut etre les memes mais dans le doute!
      http://www.cijoint.fr/cjlink.php?file=cj201101/cijzWTeY6R.txt
      http://www.cijoint.fr/cjlink.php?file=cj201101/cijVmfILWX.txt
      0
  14. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    je suppose que le pc a redemarré

    ca doit aller mieux

    Télécharge OTL de OLDTimer

    http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

    enregistre le sur ton Bureau.

    Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

    Coche les 2 cases Lop et Purity

    Coche la case devant tous les utilisateurs

    règle age du fichier sur "60 jours"

    dans la moitié gauche , mets tout sur "tous"

    ne modifie pas ceci :

    "fichiers créés" et "fichiers Modifiés"

    Clic sur Analyse.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

    NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    Clique sur Parcourir et cherche le fichier ci-dessus.

    Clique sur Ouvrir.

    Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    Copie ce lien dans ta réponse.

    Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.

    0
    1. clochette
       
      Avast vient encore de me prévenir... fichier suspect //PHYSICALDRIVE0 MBR:Win32:MBRoot
      Dans etat il met Menace rootkit hidden boot-sector et il me demande ce que je fais?
      En attendant j attend le rapport de OTL
      0
    2. clochette
       
      Voilà les 2 rapports
      http://www.cijoint.fr/cjlink.php?file=cj201101/cijXC6FZSJ.txt
      http://www.cijoint.fr/cjlink.php?file=cj201101/cij9xkacAZ.txt
      0
  15. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    * Télécharge Defogger
    http://www.jpshortstuff.247fixes.com/Defogger.exe

    => lance le
    * Une fenêtre apparait clique sur Disable
    * Redémarre le PC si demandé

    puis

    /!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\
    * Télécharge mbr.exe de Gmer ici : http://www2.gmer.net/mbr/mbr.exe et enregistre le fichier sur le Bureau.
    * Merci à Malekal pour le tutoriel
    * Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
    * Double clique sur mbr.exe
    * Un rapport sera généré : mbr.log
    * En cas d'infection, ce message "MBR rootkit code detected" va apparaitre.
    * Pour supprimer le rootkit aller dans le menu Démarrer=> Exécuter et tapez la commande en gras:

    => Sous XP : "%userprofile%\Bureau\mbr" -f

    => Sous Vista/Seven : "%userprofile%\Desktop\mbr" -f

    * (veuillez à bien respecter les guillemets)
    * Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"
    * Réactive tes protections .Poste ce rapport et supprime le ensuite.

    o Pour vérifier désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
    o Relance mbr.exe
    o Réactive tes protections.
    o Le nouveau mbr.log devrait être celui-ci :
    o Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
    o device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK
    0
    1. clochette
       
      Bonjour moment de grace
      Si j'ai tout compris à priori ça a eu l'air de fonctionner
      Voilà les 2 logs

      fogger_disable by jpshortstuff (23.02.10.1)
      Log created at 11:09 on 16/01/2011 (Administrateur)

      Checking for autostart values...
      HKCU\~\Run values retrieved.
      HKLM\~\Run values retrieved.

      Checking for services/drivers...


      -=E.O.F=-Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
      Windows 5.1.2600 Disk: Maxtor_6E040L0 rev.NAR61590 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

      device: opened successfully
      user: MBR read successfully
      kernel: MBR read successfully
      user & kernel MBR OK
      copy of MBR has been found in sector 80276805
      0
  16. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    on refait un coup de TDSSkiller stp

    et poste moi le rapport complet stp

    * Lance load_tdsskiller en faisant un double-clic dessus / Lance par un clic-droit dessus ? Exécuter en temps qu'administrateur pour vista ou seven
    * L'outil va se connecter pour télécharger une copie à jour de TDSSKiller, puis va lancer une analyse

    * Lorsque l'outil a terminé son travail d'inspection, si des nuisibles ("Malicious objects") ont été trouvés, vérifier que l'option (Cure) est sélectionnée,
    * Si des objects suspects ("Suspicious objects") ont été détectés, sur l'écran de demande de confirmation, modifier l'action à entreprendre et indiquer Quarantine (au lieu de Skip),

    * A la fin, il te sera demandé d'appuyer sur une touche, puis le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse (C:\tdsskiller\report.txt)
    0
    1. clochette
       
      INfection non found je suppose que ça veut dire qu il n y a plus rien...
      Aurais tu réussi?!!!
      Par contre j'avais étaind complètement mon pc avant de partir et quand j ai voulu le rallumer...ll sifflait après il m'a fait l'hélicoptère!!!
      J'ai du brancher plusieurs fiois la prise à l'arrière et j'ai du mettre une heure à réussir à le rallumer...
      Les fichiers word c'est pas bien grave, j'ai les originaux ailleurs
      Enfin voilà...
      2011/01/17 20:44:08.0744 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
      2011/01/17 20:44:08.0754 ================================================================================
      2011/01/17 20:44:08.0754 SystemInfo:
      2011/01/17 20:44:08.0754
      2011/01/17 20:44:08.0754 OS Version: 5.1.2600 ServicePack: 3.0
      2011/01/17 20:44:08.0754 Product type: Workstation
      2011/01/17 20:44:08.0754 ComputerName: NAC
      2011/01/17 20:44:08.0754 UserName: Administrateur
      2011/01/17 20:44:08.0754 Windows directory: C:\WINDOWS
      2011/01/17 20:44:08.0754 System windows directory: C:\WINDOWS
      2011/01/17 20:44:08.0754 Processor architecture: Intel x86
      2011/01/17 20:44:08.0754 Number of processors: 1
      2011/01/17 20:44:08.0754 Page size: 0x1000
      2011/01/17 20:44:08.0754 Boot type: Normal boot
      2011/01/17 20:44:08.0754 ================================================================================
      2011/01/17 20:44:10.0586 Initialize success
      2011/01/17 20:44:43.0343 ================================================================================
      2011/01/17 20:44:43.0343 Scan started
      2011/01/17 20:44:43.0343 Mode: Manual;
      2011/01/17 20:44:43.0343 ================================================================================
      2011/01/17 20:44:47.0259 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
      2011/01/17 20:44:47.0670 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
      2011/01/17 20:44:47.0820 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
      2011/01/17 20:44:47.0930 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
      2011/01/17 20:44:48.0200 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
      2011/01/17 20:44:48.0350 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
      2011/01/17 20:44:48.0491 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
      2011/01/17 20:44:49.0652 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
      2011/01/17 20:44:49.0793 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
      2011/01/17 20:44:50.0053 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
      2011/01/17 20:44:50.0233 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
      2011/01/17 20:44:50.0403 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
      2011/01/17 20:44:50.0564 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
      2011/01/17 20:44:50.0754 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
      2011/01/17 20:44:51.0054 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
      2011/01/17 20:44:51.0235 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
      2011/01/17 20:44:51.0495 bdfsfltr (4c44d82e372a87b3cb439a7f14cfef03) C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys
      2011/01/17 20:44:51.0615 BdRawPr (d077f523538c9fb83b3c3fae13861579) C:\WINDOWS\system32\DRIVERS\bdrawpr.sys
      2011/01/17 20:44:51.0775 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
      2011/01/17 20:44:52.0096 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
      2011/01/17 20:44:52.0436 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
      2011/01/17 20:44:52.0567 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
      2011/01/17 20:44:52.0707 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
      2011/01/17 20:44:53.0548 CrystalSysInfo (f054744f67576a01139885173392502b) C:\LiberKey\Apps\MediaCoder\App\MediaCoder\SysInfo.sys
      2011/01/17 20:44:54.0049 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
      2011/01/17 20:44:54.0319 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
      2011/01/17 20:44:54.0549 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
      2011/01/17 20:44:54.0720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
      2011/01/17 20:44:54.0940 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
      2011/01/17 20:44:55.0170 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
      2011/01/17 20:44:55.0331 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
      2011/01/17 20:44:55.0661 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
      2011/01/17 20:44:55.0821 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
      2011/01/17 20:44:56.0132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
      2011/01/17 20:44:56.0362 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
      2011/01/17 20:44:56.0522 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
      2011/01/17 20:44:56.0692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
      2011/01/17 20:44:56.0933 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
      2011/01/17 20:44:57.0143 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
      2011/01/17 20:44:57.0313 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
      2011/01/17 20:44:57.0464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
      2011/01/17 20:44:57.0734 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
      2011/01/17 20:44:58.0155 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
      2011/01/17 20:44:58.0615 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
      2011/01/17 20:44:58.0856 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
      2011/01/17 20:44:59.0266 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
      2011/01/17 20:44:59.0466 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
      2011/01/17 20:44:59.0627 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
      2011/01/17 20:44:59.0807 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
      2011/01/17 20:44:59.0977 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
      2011/01/17 20:45:00.0147 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
      2011/01/17 20:45:00.0438 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
      2011/01/17 20:45:00.0708 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
      2011/01/17 20:45:00.0969 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
      2011/01/17 20:45:01.0159 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
      2011/01/17 20:45:01.0329 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
      2011/01/17 20:45:01.0469 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
      2011/01/17 20:45:01.0950 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2011/01/17 20:45:02.0190 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
      2011/01/17 20:45:02.0391 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
      2011/01/17 20:45:02.0571 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
      2011/01/17 20:45:02.0761 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
      2011/01/17 20:45:03.0162 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
      2011/01/17 20:45:03.0472 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
      2011/01/17 20:45:03.0642 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
      2011/01/17 20:45:03.0833 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
      2011/01/17 20:45:04.0003 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
      2011/01/17 20:45:04.0163 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
      2011/01/17 20:45:04.0293 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
      2011/01/17 20:45:04.0464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
      2011/01/17 20:45:04.0574 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
      2011/01/17 20:45:04.0704 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
      2011/01/17 20:45:04.0914 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
      2011/01/17 20:45:05.0085 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
      2011/01/17 20:45:05.0265 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
      2011/01/17 20:45:05.0475 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
      2011/01/17 20:45:05.0866 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
      2011/01/17 20:45:06.0076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
      2011/01/17 20:45:06.0376 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
      2011/01/17 20:45:06.0677 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
      2011/01/17 20:45:07.0067 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
      2011/01/17 20:45:07.0228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
      2011/01/17 20:45:07.0468 P3 (cecb679633523ac5eb7eb85f92dcd806) C:\WINDOWS\system32\DRIVERS\p3.sys
      2011/01/17 20:45:07.0678 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
      2011/01/17 20:45:07.0899 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
      2011/01/17 20:45:08.0089 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
      2011/01/17 20:45:08.0309 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
      2011/01/17 20:45:08.0489 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
      2011/01/17 20:45:08.0970 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
      2011/01/17 20:45:10.0142 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
      2011/01/17 20:45:10.0382 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
      2011/01/17 20:45:10.0532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
      2011/01/17 20:45:11.0554 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
      2011/01/17 20:45:11.0834 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
      2011/01/17 20:45:12.0085 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
      2011/01/17 20:45:12.0295 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
      2011/01/17 20:45:12.0505 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
      2011/01/17 20:45:12.0726 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
      2011/01/17 20:45:13.0076 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
      2011/01/17 20:45:13.0306 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
      2011/01/17 20:45:13.0527 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
      2011/01/17 20:45:14.0067 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
      2011/01/17 20:45:14.0348 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
      2011/01/17 20:45:14.0498 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
      2011/01/17 20:45:14.0718 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
      2011/01/17 20:45:15.0219 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
      2011/01/17 20:45:15.0429 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
      2011/01/17 20:45:15.0670 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
      2011/01/17 20:45:16.0010 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
      2011/01/17 20:45:16.0170 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
      2011/01/17 20:45:16.0841 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
      2011/01/17 20:45:17.0132 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
      2011/01/17 20:45:17.0382 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
      2011/01/17 20:45:17.0522 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
      2011/01/17 20:45:17.0643 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
      2011/01/17 20:45:18.0193 Trufos (4110efd1649e0f276e061fe06d0fca36) C:\WINDOWS\system32\DRIVERS\Trufos.sys
      2011/01/17 20:45:18.0454 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
      2011/01/17 20:45:18.0784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
      2011/01/17 20:45:19.0065 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
      2011/01/17 20:45:19.0265 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
      2011/01/17 20:45:19.0475 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
      2011/01/17 20:45:19.0645 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
      2011/01/17 20:45:19.0846 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
      2011/01/17 20:45:20.0156 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
      2011/01/17 20:45:20.0437 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
      2011/01/17 20:45:20.0737 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
      2011/01/17 20:45:21.0428 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
      2011/01/17 20:45:21.0578 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
      2011/01/17 20:45:22.0550 ================================================================================
      2011/01/17 20:45:22.0550 Scan finished
      2011/01/17 20:45:22.0550 ================================================================================
      0
    2. clochette
       
      http://www.cijoint.fr/cjlink.php?file=cj201101/cij7HzB5YN.txt
      Voilà le rapport je suppose que c'est k
      Par contre j'ai eu un gros problème j'ai éteint le pc en partant et quand j ai voulu le rallumer il s est mis à siffler après il m'a fait l hélicoptère, !
      J'ai mis une heure à le redémarrer en enlevant la prise d'alimentation.
      C'est grave docteur?!
      0
  17. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    au point de vue infection on doit être pas mal, mais au point de vue matériel, il doit y avoir un blem....

    Télécharger Eset Nod32 :
    http://download.eset.com/special/eos/esetsmartinstaller_fra.exe
    * Lancer le fichier
    * Accepter les conditions
    * Autoriser le programme à accéder à Internet
    * Cliquer sur paramètre avancées pour ouvrir le menu et sélectionner les options (par défaut le scanner analyse votre ordinateur entièrement)
    * Téléchargement des signatures

    Il est recommander de désactiver votre antivirus afin de ne pas ralentir le scan et d'afficher des message d'alerte !

    * Le scan débute dés la fin du téléchargement
    * Générer le rapport
    * Cliquer sur liste des menaces détectées puis sur exporter dans un fichier texte...

    Vous pouvez l'enregistrer sur le bureau en lui donnant un nom. Poster le rapport sur le forum.
    Si le rapport n'est pas sur le bureau regarde ici ==> C:\Program Files\EsetOnlineScanner\log.txt

    Pour vous aider voici un tuto rédigé par dorgane :
    https://www.commentcamarche.net/faq/29643-scanner-en-ligne-avec-eset-nod32
    0
    1. clochette
       
      Bonsoir,
      Voilà ce que tu m'a demandé ...
      C:\Documents and Settings\Administrateur\Application Data\Sun\Java\Deployment\cache\6.0\10\4c562fca-4c8bb1ec une variante de Java/TrojanDownloader.OpenStream.NAS cheval de troie supprimé - mis en quarantaine
      C:\Documents and Settings\Administrateur\Application Data\Sun\Java\Deployment\cache\6.0\50\170b44f2-3483e1c0 menaces multiples supprimé - mis en quarantaine
      ESt ce que ça veut dire que j'avais encore un virus???
      0
  18. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    où en sont tes soucis, comment se comporte le pc ?
    0
    1. clochette
       
      Bah écoutes, il est beaucoup plus rapide, j'ai pas osé l'éteindre de peur qu il ne se rallume plus... j'essaie?
      0
    2. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      faudrait bien oui

      de plus en espérant que c'est bon

      Fais un nouveau rapport ZHPdiag stp

      Rend toi sur Cjoint : http://www.cijoint.fr/

      Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

      Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

      Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
      0
    3. clochette
       
      J ai éteint et rallumer RAS tout fonctionne!!!!
      Voila le rapport ZH Diag
      http://www.cijoint.fr/cjlink.php?file=cj201101/cijgQR3C0J.txt
      Alors?
      En tout cas t es trop fort!
      Une autre question tu ne saurai pas comment héberger mes fichiers photos et petites vidéos pour au cas ou ça recommence et que tu serai plus là?!
      Comment puis je te remercier de ton aide?
      0
  19. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    Une autre question tu ne saurai pas comment héberger mes fichiers photos et petites vidéos pour au cas ou ça recommence et que tu serai plus là?!

    => je serai là ou d'autres sur CCM néanmoins graver sur cd ou dvd reste une bonne idée

    Comment puis je te remercier de ton aide?


    => un (sourire)

    ______________

    pour finir

    1)
    Lances ZHPFix depuis le raccourci du Bureau (en mode administrateur si Vista/W7),
    Cliques sur le bouton 'ProxyFix' situé dans la partie droite de l'écran,
    Cliques sur 'Non' au message qui s'affiche à l'écran,
    Laisses travailler l'outil,
    A la fin du traitement, un rapport s'affiche
    Copie ce rapport
    Redémarre le pc pour prendre en compte les modifications.
    ..........................

    2)

    Mettre à jour internet explorer (même si tu ne l'utlises pas)
    https://support.microsoft.com/fr-fr/allproducts

    .....................................

    3)

    Mettre à jour la Console Java ? :
    https://www.java.com/fr/download/uninstalltool.jsp

    et installer la nouvelle version si besoin est (dans ce cas désinstalle avant l'ancienne version).

    voici pour desinstaller :

    JavaRa
    http://raproducts.org/click/click.php?id=1

    Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
    * Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur le répertoire JavaRa.
    * Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
    * Choisis Français puis clique sur Select.
    * Clique sur Recherche de mises à jour.
    * Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher.
    * Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes.
    * L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
    * Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK.
    * Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
    * Ferme l'application.

    Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.

    .............

    4)

    Mets à jour Adobe Reader (désinstalle avant la version antérieure)
    https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

    ....................

    5)
    IMPORTANT

    Purger les points de restauration système:

    Télécharge OneClick2RestorePoint

    http://www.multifa7.be/Laddy/OneClick2RP.exe

    Mirroirs si non accessible :
    http://batchdhelus.open-web.fr/Laddy/OneClick2RP.exe
    https://app.box.com/s/cqcsz5m0oz

    * Double clic sur OneClick2RP pour l'exécuter (Clic-droit choisir Executer en tant qu'administrateur sous Vista/Seven)
    * Clic sur le bouton "Purger", l'outil de nettoyage de windows va s'ouvrir
    * Choisis ton disque dur principal en général (C:\) ... Patiente pendant le scan...
    * </gras>Rends toi dans l'onglet "Autres options"</gras>
    * Dans la zone restauration système, clic sur le bouton nettoyer puis sur le bouton Supprimer.
    * Les points de restauration système seront purgés sauf le dernier créé.

    Ensuite avec le même outil
    Créer un nouveau point de restauration reconnaissable
    .................

    6)
    pour supprimer les outils de désinfection :

    télécharge Delfix de Xplode

    http://www.teamxscript.org/too/Xplode/DelFix.exe

    choisis SUPPRESSION

    poste son rapport
    .............................................

    Recommandations pour l'avenir

    Tu es la meilleure protection pour ton pc que tout autre antivirus, si tu admets un minimum de rigueur dans son utilisation...Les virus sont vigilants et pénètrent ta machine par toutes les portes que tu laisseras ouvertes...
    - logiciels non à jour (windows, internet explorer, java, adobe reader etc)
    - installation de toolbar
    - fréquentation de sites piégés
    - P2P
    - Application de cracks
    - Supports usb

    Pour t'aider dans cette tâche, voici quelques pistes

    Pour naviguer sur internet plus en sécurité et à l'abri des publicités, je te conseille vivement d'installer et d'utiliser le navigateur firefox
    http://www.mozilla-europe.org/fr/firefox/

    Une fois que c'est fait, lances le et installe l'extension de sécurité adblock plus
    pour bloquer les publicités
    http://www.clubic.com/telecharger-fiche45912-adblock-plus.html

    ............................

    WOT - Extension pour ton navigateur internet :
    Voici une extension à télécharger qui te permettra, en faisant tes recherches sur google, de savoir si le site proposé lors de tes recherches est un site de confiance ou un site à éviter car il pourrait infecter ton PC :
    Pour Firefox : https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/
    Pour internet explorer : https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp

    ........................

    Pour éviter une infection toolbar, il faut tout lire attentivement lorsque tu installes un programme gratuit, et décocher tous les programmes additionnels qui sont proposés, en particulier les barres d'outils !

    ..........................

    Vaccines tes disques amovibles à l'aide de USBFix (de Chiquitine29 et C_XX)
    http://www.teamxscript.org/too/UsbFix.exe
    Au menu principal, choisis l'option 3 (Vaccination).
    ............................

    garder Malwarebytes et faire un examen de temps en temps ton PC, avec mise à jour avant chaque scan
    .......................

    Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
    https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

    * Lance-le.(clic droit "en tant qu'administrateur" pour Vista) Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
    * Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
    * Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse

    ..........................
    utilitaire pour défragmenter , utilises pour ce faire Defraggler https://www.clubic.com/telecharger-fiche44314-defraggler.html

    ........................
    A lire pour mieux comprendre l'environnement qui t'entoure
    http://assiste.com.free.fr/p/abc/a/zombies_et_botnets.html
    https://www.malekal.com/fichiers/projetantimalwares/ProjetAntiMalware-courte.pdf

    http://www.libellules.ch/...

    0
    1. clochette
       
      Voilà pour le rapport ZHP FIX
      J'ai une mauvaise nouvelle il rame comme pas permis et j'ai de nouveau de gros soucis à l'allumage c est pour ça que je poste maintenant parce que si j'étaeinds après comme tu me le dis je ne suis pas sûre de rallumer
      Je te tiens au courant
      PS: Je souris!!!!
      Rapport de ZHPFix 1.12.3236 par Nicolas Coolman, Update du 05/01/2011
      Fichier d'export Registre :
      Run by Administrateur at 19/01/2011 19:02:01
      Windows XP Professional Service Pack 3 (Build 2600)
      Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
      Contact : nicolascoolman@yahoo.fr

      ========== Valeur(s) du Registre ==========
      ProxyFix : Configuration proxy supprimée avec succès


      ========== Récapitulatif ==========
      1 : Valeur(s) du Registre


      End of the scan
      0
    2. clochette
       
      Jai donc fait le 1 et le 2
      Pour le 3 ça se complique...
      J'essaie de désinstaller Java mais il me dit que windows ne peut pas ouvrir le fichier et il propose soit d'utiliser le service web soit de sélectionner un programme pour trouver le programme approprié et ça c'est quand je choisis français
      JavaRa
      http://raproducts.org/click/click.php?id=1

      Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
      * Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur le répertoire JavaRa.
      * Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
      * Choisis Français puis clique sur Select.
      0
    3. clochette
       
      Ah autre question en fait pour le 2/ J'ai téléchargé Internet 8 Est ce que je dois l'installer? J'ai juste l'icone sur mon bureau.
      0
    4. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
       
      oui installer Internet 8

      le reste j'ai pas capté

      tu as d'autres soucis ?
      0
    5. clochette
       
      Me revoilà...
      J'ai absolument tout fait....
      Je vais éteindre et redémarrer voir et je te tiens au courant demain parce que là j en peux plus!!!
      0
  20. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    regarde ca

    Sous Internet Explorer :

    Lancez Internet explorer
    Allez dans le menu Outils d'Internet Explorer
    Cliquez sur Options Internet, puis sur l'onglet Connexions, puis sur Paramètres réseau.
    Cochez : ne pas activer de Serveur proxy...

    Sous Firefox :

    Lancez Firefox
    Allez dans Outils
    Puis Options
    Activez l'onglet Réseau
    Cliquez sur Paramètres
    Et choisissez l'option: Pas de proxy
    Cliquez sur Ok
    0