Sujet Précédent Sujet Suivant

Au secours trojan

Fermé
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008 - 16 nov. 2008 à 22:54
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008 - 18 nov. 2008 à 21:16
Bonjour,
J'ai trouvé un trojan avec malwares bytes mais impossible de le supprimer ! j'ai fait tourner ce logieciel 4 fois , mis en quarantaine , supprimé mais est toujours la !
que faire ? merci pour l'aide , Christine_1250
A voir également:

25 réponses

  • 1
  • 2
Réponse 1 / 25
Utilisateur anonyme
16 nov. 2008 à 22:55
Salut,


commences par ceci pour voir ce qu'il en est :


Télécharges et installes le logiciel HijackThis :

ici http://static.commentcamarche.net/www.commentcamarche.net/do­wnload/fichiers/HJTInstall.exe
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall­.exe
ou ici http://www.clubic.com/lancer-le-telechargement-51452-0-hijac­kthis.html

1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

tuto pour utilisation :
Regardes ici, c'est parfaitement expliqué en images (merci balltrap34),
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
( Ne fixes encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement )

2- !! Déconnectes toi et fermes toute tes applications en cours !!

Cliques sur le raccourci du bureau pour lancer le prg :
fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"

---> Postes le rapport généré pour analyse ...
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
16 nov. 2008 à 23:17
bonsoir ;
voila le rapport ,mais liens de telechargement ne marche pas , je l'avais deja! merci beaucoup pour l'aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13:19, on 16/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Antivirus\Realmon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Utilisateur\Mes documents\Telechargements\hijack_eden_rap\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Realtime Monitor.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\DKService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 2 / 25
Utilisateur anonyme
16 nov. 2008 à 23:27
te serait il possible de donner le nom du trojan decouvert si tu t en rappelles ?
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
16 nov. 2008 à 23:33
re bonsoir ,
oui c'est :trojan downloader dans file , volume information 87785 ;
merci encore , christine_1250
0
Réponse 3 / 25
Utilisateur anonyme
16 nov. 2008 à 23:50
http://siri.urz.free.fr/Fix/SmitfraudFix.php

1. Avant toute chose installer un pare-feu personnel du type ZoneAlarm ou Sunbelt Personal Firewall pour fermer la porte aux intrus sur l'ordinateur.

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html

2. Désactiver le service d'affichage des messages en ouvrant le panneau de configuration et en choisissant "Outils d'administration" (dans certains cas il sera nécessaire de cliquer sur "Basculer vers l'affichage classique" pour faire apparaître cet item). Cliquer sur "Services" puis double-cliquer sur "Affichage des messages" et enfin choisir à type de démarrage "Désactivé".

3. Désactiver la restauration système en cliquant avec le bouton droit sur le Poste de travail et en choisissant Propriétés. Dans l'onglet Restauration du système cocher "Désactiver la restauration du système sur tous les lecteurs". Cliquer sur OK pour confirmer.

4.Télécharger Smitfraudfix par S!RI :
Décompresser l'archive
Exécuter le en double cliquant sur Smitfraudfix.cmd
Appuyer sur une touche pour continuer
Arriver à l'invite de commande, saisir la lettre L afin de basculer le fix en langue française
Au menu, choisir l’option 4 puis 1 : Recherche
Poster le rapport ainsi généré dans le forum Virus/Sécurité (ou le cas échéant à la suite de votre message) :
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
16 nov. 2008 à 23:56
Télécharger Smitfraudfix par S!RI :
ou dois telecharger ce logiciel , je panique !
0
Réponse 4 / 25
Utilisateur anonyme
17 nov. 2008 à 00:03
non le lien est au debut du post 5
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 00:24
merci de me dire si je dois refaire les maneuvres dans le sens contraire , je suis paniquée ! difficile pour moi
SmitFraudFix v2.375

Rapport fait à 0:19:38,74, 17/11/2008
Executé à partir de C:\Documents and Settings\Utilisateur\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Antivirus\Realmon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Utilisateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Utilisateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet PCI 900 SiS - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{84BA45C7-A797-4A55-933E-FA2E12708A2E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{84BA45C7-A797-4A55-933E-FA2E12708A2E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{84BA45C7-A797-4A55-933E-FA2E12708A2E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
Utilisateur anonyme
17 nov. 2008 à 00:34
ok...:

Imprime ces instructions car tu n'y auras pas accès durant le passage en mode sans échec.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
ça peut prendre un peu de temps. Tu verras seulement un tiret blanc qui apparaît-disparaît.
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 00:40
je suis tres inquiete ,car je ne suis pas sure de tout comprendre , je vais essayer mais je panique , merci a plus j'espere
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 00:57
jsuis a RunThis.cmd que je n'ai pas : j'ai RunThis.bat ; que faire ?
0
Réponse 6 / 25
Utilisateur anonyme
17 nov. 2008 à 01:02
oui Runthis.bat
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 01:04
SDFix has been extracted to %systemdrive%\SDFix\
(Drive that contains the Windows directory - typically C:\SDFix)

Open the SDFix folder in Safe Mode and double click the RunThis.bat file to start the fixtool
If RunThis.bat is started in Normal Mode, options to download and run Anti-Virus command line scanners are displayed

Catchme.exe Stealth Malware Detector by GMER is also included in the SDFix folder

Additional SDFix Instructions & screen shots can be found here - http://www.bleepingcomputer.com/forums/topic131299.html





SDFix a été extrait dans %systemdrive%\SDFix\
(Le disque qui contient le répertoire Windows - typiquement C:\SDFix)

Ouvrez le dossier SDFix en mode sans échec et double cliquez sur le fichier RunThis.bat pour démarrer l'outil.
Si RunThis.bat est lancé en mode normal, les options pour télécharger et lancer les scanners Antivirus en ligne de commande seront affichées

Catchme.exe Stealth Malware Detector de GMER est également inclus dans le dossier SDFix

Instructions supplémentaires pour SDFix & captures d'écran peuvent être trouvées ici - http://www.bleepingcomputer.com/forums/topic131299.html

je ne comprends pas grand chose , je me demande si il n'ya pas une mise jour .....a faire




SDFix wurde nach %systemdrive%\SDFix\ entpackt
(Das ist das laufwerk welches den Windows Ordner enthält - normalerweise c:\SDFix)

Öffe den SDFix Ordner im Abgesicherten Modus und doppelklicke zum starten die RunThis.bat Datei
Sollte die RunThis.bat im normalen Modus gestartet werden, wird einem die Möglichkeiten geboten Antivirenscanner für die Kommandozeile
(Dosbox) downzuloaden.

Das Programm Catchme Malware Detector von Gmer ist auch im SDFix Ordner enthalten.

Zusätzliche SDFix Anleitungen und Screen Shots können hier nach geschaut werden: [url="http://www.bleepingcomputer.com/forums/topic131299.html"]http://www.bleepingcomputer.com/forums/topic131299.html/url
0
Réponse 7 / 25
Utilisateur anonyme
17 nov. 2008 à 01:12
non non............;il t etait bien demande de l utiliser en mode sans echec plus haut.............
0
christine_1250
17 nov. 2008 à 01:17
est ce que je recommence ?
0
Réponse 8 / 25
Utilisateur anonyme
17 nov. 2008 à 01:23
oui en suivant bien les indications (copie colle dans un txt pour lecture en sans echec)
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 02:07
[b]SDFix: Version 1.240 [/b]
Run by Utilisateur on 17/11/2008 at 01:39

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-17 01:54:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InoRpc.exe:*:Enabled:eTrust Antivirus - RPC Server"
"C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe:*:Enabled:eTrust Antivirus - Local Scanner"
"C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"="C:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe:*:Enabled:eTrust Antivirus - Realtime monitor"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Spamihilator\\cdcc.exe"="C:\\Program Files\\Spamihilator\\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration"
"C:\\Program Files\\Spamihilator\\dccproc.exe"="C:\\Program Files\\Spamihilator\\dccproc.exe:*:Enabled:Spamihilator DCC Filter"
"C:\\Program Files\\Spamihilator\\spamihilator.exe"="C:\\Program Files\\Spamihilator\\spamihilator.exe:*:Enabled:Spamihilator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\advcheck.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\Tools.dll"
Wed 25 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 25 Jul 2007 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv16.bak"
Thu 29 Dec 2005 34,428,928 ...H. --- "C:\Documents and Settings\Utilisateur\Mes documents\LA CUISINE NATURELLE\cuisine_word\~WRL0919.tmp"

[b]Finished![/b]
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 02:13
re bonsoir ,
voila le dernier rapport Hijackthis; avec Runthis il est dans le precedent courrier et merci beaucoup en attendant demain car je suppose que nous allons dormir , merci encore , Christine_1250
!Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:08:56, on 17/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Utilisateur\Mes documents\Telechargements\hijack_eden_rap\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Realtime Monitor.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\DKService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 9 / 25
Utilisateur anonyme
17 nov. 2008 à 02:09
Hi,

Petite intrusion et conseil pour gene-hackman;

Fichier hosts corrompu !



▶ Télécharge [url=http://siri.urz.free.fr/RHosts.php] RHosts (de SiRi)[/url]

▶ Double clique dessus pour l'exécuter

▶ et cliques sur " Restore original Hosts "

ps : c est normal que rien ne se passe

▶ ensuire redémarre le pc


ensuite :


Option 2 - Nettoyage :


▶ redémarre le PC mode sans échec

▶ Double cliquer sur smitfraudfix

▶ Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

▶ A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

▶ Enregistre le rapport sur ton bureau


▶ Redémarrer en mode normal et poster le rapport.

Alut.
0
Réponse 10 / 25
Utilisateur anonyme
17 nov. 2008 à 02:12
merci Dr house pour tes conseils mais je les ai restoré au post 17 non ?avec sdFix..............
0
Réponse 11 / 25
Utilisateur anonyme
17 nov. 2008 à 02:14
Hi,

Le mieux et d'utiliser ce log.

Mais pour SDFIx ne pense qu'il le fasse ......

A suivre pour d'autres meilleurs conseils d'helpers confirmer.

Alut.
0
Réponse 12 / 25
Utilisateur anonyme
17 nov. 2008 à 02:25
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting

..........ca veut dire quoi ca ????c est pas les hosts restorés???ma foi....;;-)
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 03:40
bonsoir ;
je suis encore la ,
voila le rapport , mais je n'ai plus d'image sur le bureau mais tout est bleu , que faire ? dois je repasser par le panneau de config : affichage , enfin tout le contraire de la demarche du depart ! merci beaucoup , Christine
0
Réponse 13 / 25
Utilisateur anonyme
17 nov. 2008 à 03:46
retourne dans tes photos ou autre et clic droit/"definir comme fond d ecran" et ca revient tout seul

voila le rapport , mais ..........................;;il a disparu.............lol
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 03:56
c'est quoi qui a disparu le rapport ou la bestiole ? desolée d'etre aussi sotte , Christne
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 03:57
SmitFraudFix v2.375

Rapport fait à 3:23:25,17, 17/11/2008
Executé à partir de C:\Documents and Settings\Utilisateur\Mes documents\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{84BA45C7-A797-4A55-933E-FA2E12708A2E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{84BA45C7-A797-4A55-933E-FA2E12708A2E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{84BA45C7-A797-4A55-933E-FA2E12708A2E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 04:00
j'ai verifier dans la quarantaine de Malwares Bytes et mon trojan est toujours la ! OH lala
0
Réponse 14 / 25
Utilisateur anonyme
17 nov. 2008 à 04:02
bien sur vu qu il etait conseille de vider la quarantaine apres nettoyage.....lire les post comme il faut svp !
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 04:06
je n'ai pas eu la question : voulez vous corriger le fichier infecté , alors je le supprime dans Malwares bytes ?
merci pour votre gentillesse, Christine
0
Réponse 15 / 25
Utilisateur anonyme
17 nov. 2008 à 04:07
oui
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 04:13
bon et bien je vais au dodo ,en vous disant un grand merci , mais vous ne m'avez pas dis si je dois faire autre chose,
et ce que vous avez trouvé dans les rapports ! apres maintes tentatives et info sur le net , j'ai vu que mon ordi
demarre en mode sans echec avec la touche 5 et c'est pour cela que je ni arrivé pas ! merci merci beaucoup et bonne nuit , Christine
0
Réponse 16 / 25
Utilisateur anonyme
17 nov. 2008 à 04:18
et bien tu vas nous sortir un beau nouveau log hijackthis pour analyse et tu auras une reponse demain.....................good night
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 04:23
voila je croyais l'avoir fais .......sommeil , a demain
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:20:55, on 17/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Antivirus\Realmon.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Utilisateur\Mes documents\Telechargements\hijack_eden_rap\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Realtime Monitor.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\DKService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 17 / 25
Utilisateur anonyme
17 nov. 2008 à 04:29
et bien je pense que tu vas pouvoir nettoyer les nettoyeurs maintenant :

Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.


http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner

? Double clique sur ToolsCleaner2.exe >
? Clique sur .Recherche
? puis sur Suppression quand la liste est trouvée.
? Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : https://www.commentcamarche.net/list 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )
___________________
ensuite supprime toolscleaner et ensuite :

Télécharges : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "francais" en langue .
-avant de cliquer sur le bouton "installer", décoches toutes les "options supplémentaires" sauf les 2 premières.


Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnectes toi et fermes toutes applications en cours !
* vas dans "nettoyeur" : fait analyse puis nettoyage
* vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 10:56
bonjour , voila la suite
[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\SdFix.exe: trouvé !
C:\fixnavi.txt: trouvé !
C:\SDFIX: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Utilisateur\Bureau\TRAVAIL\Navilog1.lnk: trouvé !
C:\Documents and Settings\Utilisateur\Mes documents\SdFix.exe: trouvé !
C:\Documents and Settings\Utilisateur\Mes documents\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Utilisateur\Mes documents\SmitFraudfix: trouvé !
C:\Documents and Settings\Utilisateur\Mes documents\Telechargements\hijack_eden_rap\hijackthis.log: trouvé !
C:\Documents and Settings\Utilisateur\Mes documents\Telechargements\SPECIAL_infection\Navilog1.exe: trouvé !
C:\Documents and Settings\Utilisateur\Mes documents\Telechargements\SPECIAL_infection\fixnavi.txt: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\WINDOWS\Gmer.exe: trouvé !


Corbeille vidée!
---------------------------------
-->- Suppression:
C:\SdFix.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Utilisateur\Bureau\TRAVAIL\Navilog1.lnk: supprimé !
C:\Documents and Settings\Utilisateur\Mes documents\SdFix.exe: supprimé !
C:\Documents and Settings\Utilisateur\Mes documents\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\Utilisateur\Mes documents\Telechargements\SPECIAL_infection\Navilog1.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\WINDOWS\Gmer.exe: supprimé !
C:\fixnavi.txt: supprimé !
C:\Documents and Settings\Utilisateur\Mes documents\Telechargements\hijack_eden_rap\hijackthis.log: supprimé !
C:\Documents and Settings\Utilisateur\Mes documents\Telechargements\SPECIAL_infection\fixnavi.txt: supprimé !
C:\SDFIX: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\Utilisateur\Mes documents\SmitFraudfix: supprimé !
C:\Program Files\Navilog1: supprimé !

Corbeille vidée!
0
Réponse 18 / 25
Utilisateur anonyme
17 nov. 2008 à 11:04
as tu fgait ce qu il fallait avec ccleaner aussi ?

si oui :

Telecharge :
-------------

https://www.clubic.com/telecharger-fiche262022-purera.html


coche tout a droite et "clean"

ensuite :
-----------

http://www.commentcamarche.net/telecharger/cleanafterme 34056612 avis opinions.php3

meme chose tu coches tout et "clean selected items"


une fois ceci fait tu repartiras propre
0
christine_1250 Messages postés 53 Date d'inscription mercredi 25 juin 2008 Statut Membre Dernière intervention 18 novembre 2008
17 nov. 2008 à 11:40
voila tout est fait , j'ai copier le rapport ( peut etre qq mots n'ont pas etés pris ,la liste est longue ) que dois je faire pour l'avenir ? et en tout cas mille merci , la nuit a été courte mais votre gentillessse grande ! merci encore


Delete file: C:\Documents and Settings\Utilisateur\Recent\purera_purera_1.1_anglais_262022.zip.lnk - Succeeded
Delete registry value: 'a' in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU - Succeeded
Delete registry value: 'MRUList' in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU - Succeeded
Delete registry value: 'b' in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU - Succeeded
Delete registry value: 'c' in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU - Succeeded
Delete registry value: 'd' in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU - Succeeded
Delete registry value: 'e' in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU - Succeeded
Delete registry value: '0' in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs - Succeeded
Delete registry value: 'MRUListEx' in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs - Succeeded
Delete registry value: '0' in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip - Succeeded
Delete registry value: 'MRUListEx' in HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip - Succeeded
Delete registry value: 'LangID' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21765' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-9227' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21779' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21791' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-9216' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31283' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31287' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31313' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31391' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31379' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31233' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31236' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31260' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31374' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31272' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-9217' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31274' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\Explorer.EXE' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@explorer.exe,-7024' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@explorer.exe,-7025' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31285' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31396' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31278' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-28996' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31352' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31242' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31244' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31246' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31248' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31370' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31252' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Fichiers communs\Microsoft Shared\PhotoEd\PHOTOED.EXE' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@explorer.exe,-7023' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@explorer.exe,-7020' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@explorer.exe,-7021' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@xpsp1res.dll,-10077' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21785' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@Shell32.dll,-12688' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31273' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31371' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31249' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31247' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31245' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31243' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-22914' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31254' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31256' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31258' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31380' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31262' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\wshext.dll,-4804' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\shimgvw.dll,-307' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\msxml3r.dll,-1' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31250' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31264' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31266' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31268' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31362' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31270' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\PROGRA~1\MICROS~2\OFFICE11\OIS.EXE' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\PROGRA~1\MOZILL~2\FIREFOX.EXE' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\system32\mspaint.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\system32\shimgvw.dll' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shimgvw.dll,-550' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31234' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9908' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Windows Media Player\wmplayer.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\VideoLAN\VLC\vlc.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Media Player Classic\mplayerc.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-22915' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31253' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31315' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31383' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31316' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\netshell.dll,-1200' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-9319' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31390' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31289' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31284' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31286' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31290' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-12704' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-12706' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Outlook Express\msimn.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Mozilla Firefox\firefox.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@xpsp2res.dll,-6100' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-8964' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@xpsp1res.dll,-11001' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@xpsp1res.dll,-11004' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22051' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22017' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22022' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\tourstart.exe,-1' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22052' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22065' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22041' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\PROGRA~1\MOVIEM~1\wmm2res.dll,-61446' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\sti_ci.dll,-11' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22019' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22054' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22069' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22016' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\mstsc.exe,-4000' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22031' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22061' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\usmt\migwiz.exe,-202' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22027' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22063' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22026' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\restore\rstrui.exe,-2048' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22021' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\PROGRA~1\MSNGAM~1\Windows\shvlres.dll,-1212' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\PROGRA~1\MSNGAM~1\Windows\bckgres.dll,-1212' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\mshearts.exe,-413' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\PROGRA~1\MSNGAM~1\Windows\hrtzres.dll,-1212' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22045' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22030' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\PROGRA~1\MSNGAM~1\Windows\chkrres.dll,-1212' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22057' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\PROGRA~1\MSNGAM~1\Windows\rvseres.dll,-1212' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22060' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\spider.exe,-56' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22023' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22029' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22055' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22059' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\comres.dll,-661' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22025' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21761' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21787' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21762' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21772' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21760' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\compatUI.dll,-115' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22067' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22062' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21773' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21768' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21788' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\xpsp2res.dll,-16201' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\netshell.dll,-1010' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\hnetwiz.dll,-3085' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22066' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\oobe\msoobe.exe,-2000' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\xpsp2res.dll,-6103' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-22058' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\system32\RunDll32.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\PROGRA~1\CA\ETRUST~1\realmon.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Microsoft Works\WksSb.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Logitech\ImageStudio\ISStart.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Logitech\ImageStudio\LogiTray.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\ScanSoft\OmniPageSE\opware32.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Spamihilator\spamihilator.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\system32\ctfmon.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\CA\eTrust Antivirus\Realmon.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\ime\sptip.dll,-600' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Logitech\ImageStudio\LowLight.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@%SystemRoot%\system32\shell32.dll,-22579' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-12691' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@Shell32.dll,-12690' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9902' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Microsoft Office\PowerPoint Viewer\PPTVIEW.EXE' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31329' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31331' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31333' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31334' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31335' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Microsoft Office\Office10\WINWORD.EXE' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\system32\NOTEPAD.EXE' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31275' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@%SystemRoot%\inf\unregmp2.exe,-155' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9914' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Windows Media Player\setup_wm.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\PROGRA~1\FOXITR~1\FOXITR~1.EXE' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31397' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\system32\mmc.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\mmcbase.dll,-13349' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\mmcbase.dll,-13351' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\mmcbase.dll,-13350' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@mmcbase.dll,-14008' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\ShowHtml.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-8503' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\mycomput.dll,-400' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31232' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31294' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31327' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31312' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-22913' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31317' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31321' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31292' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\system32\cleanmgr.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@explorer.exe,-7000' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\Ahead\nero\nero.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Documents and Settings\Utilisateur\Mes documents\Telechargements\autobackup-win\AutoBackup-Win.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31318' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\notepad.exe,-469' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31325' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31322' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31326' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@xpsp1res.dll,-10078' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31361' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31328' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-31361' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-32517' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\Audiodev.dll,-510' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-22985' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-22981' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-22982' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\mstask.dll,-3408' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\wiashext.dll,-331' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31295' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-12695' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31288' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31314' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21786' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-12693' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31251' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31237' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31375' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9905' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\ESTsoft\ALZip\ALZip.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Documents and Settings\Utilisateur\Mes documents\Telechargements\hijack_eden_rap\eden.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-12708' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31366' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-30520' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\Program Files\NetMeeting\conf.exe,-12345' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\accwiz.exe,-16' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9903' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\main.cpl,-2000' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9904' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-22978' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\cryptext.dll,-6145' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9918' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\cdfview.dll,-4610' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\cryptext.dll,-6108' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\Program Files\NetMeeting\conf.exe,-12346' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\cryptext.dll,-6110' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\Program Files\Fichiers communs\System\Ole DB\msdasqlr.dll,-2323' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\netshell.dll,-1300' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9927' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\shimgvw.dll,-301' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\icmui.dll,-45' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\Program Files\NetMeeting\conf.exe,-12347' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\setupapi.dll,-2000' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\Program Files\Internet Explorer\Connection Wizard\icwres.dll,-20003' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\wshext.dll,-4805' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9907' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9925' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\mmcbase.dll,-130' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\msi.dll,-34' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\msi.dll,-35' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\RCBdyctl.dll,-150' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\Program Files\Movie Maker\wmm2res.dll,-63097' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\PCHealth\HelpCtr\Binaries\msinfo.dll,-391' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\Program Files\NetMeeting\nmwb.dll,-1234' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\cryptext.dll,-6148' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\cryptext.dll,-6111' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\mstsc.exe,-4004' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\scrobj.dll,-8192' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\shscrap.dll,-258' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\cryptext.dll,-6109' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\wshext.dll,-4803' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\wshext.dll,-4802' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9911' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9909' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9912' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9924' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9915' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9910' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9916' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@"C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE",-208' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\wshext.dll,-4801' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\System32\wshext.dll,-4800' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-9913' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\msxml3r.dll,-2' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-28995' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-28997' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-161' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\inf\unregmp2.exe,-162' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21774' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-21782' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@sendmail.dll,-21' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@sendmail.dll,-4' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@zipfldr.dll,-10148' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\rcbdyctl.dll,-152' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-22921' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\comres.dll,-662' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@%SystemRoot%\system32\shell32.dll,-22571' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\filemgmt.dll,-3502' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\servdeps.dll,-1' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@explorer.exe,-7003' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\system32\cmd.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\NOTEPAD.EXE' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsmya.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\CA\eTrust Antivirus\ShellScn.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-12589' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-12590' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31293' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-22912' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@xpsp1res.dll,-11002' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Documents and Settings\Utilisateur\Mes documents\RHosts.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\regedit.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\SHELL32.dll,-30348' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\system32\shell32.dll' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\Program Files\Internet Explorer\iexplore.exe,-702' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@themeui.dll,-2037' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@themeui.dll,-2038' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@themeui.dll,-2039' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@themeui.dll,-2040' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@themeui.dll,-2041' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@themeui.dll,-2042' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@themeui.dll,-2017' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@themeui.dll,-2016' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@themeui.dll,-2015' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\shimgvw.dll,-303' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\wiashext.dll,-330' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@C:\WINDOWS\system32\netshell.dll,-1201' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\aoxppr\aoxppr.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@shell32.dll,-31291' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: '@xpob2res.dll,-41519' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Documents and Settings\Utilisateur\Mes documents\ccsetup213.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Program Files\CCleaner\CCleaner.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\WINDOWS\system32\zipfldr.dll' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Documents and Settings\Utilisateur\Mes documents\purera_purera_1.1_anglais_262022\PureRa.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'C:\Documents and Settings\Utilisateur\Mes documents\cleanafterme.exe' in HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache - Succeeded
Delete registry value: 'HRZR_PGYFRFFVBA' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count - Succeeded
Delete registry value: 'HRZR_PGYPHNPbhag:pgbe' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count - Succeeded
Delete registry value: 'HRZR_HVGBBYONE' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count - Succeeded
Delete registry value: 'HRZR_HVGBBYONE:0k1,120' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count - Succeeded
Delete registry value: 'HRZR_HVGBBYONE:0k1,121' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count - Succeeded
Delete registry value: 'HRZR_HVGBBYONE:0k4,7031' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count - Succeeded
Delete registry value: 'HRZR_HVGBBYONE:0k1,130' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count - Succeeded
Delete registry value: 'HRZR_HVGBBYONE:0k1,133' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count - Succeeded
Delete registry value: 'HRZR_HVGBBYONE:0k1,123' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count - Succeeded
Delete registry value: 'HRZR_HVGBBYONE:0k1,125' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count - Succeeded
Delete registry value: 'HRZR_HVGBBYONE:0k1,124' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count - Succeeded
Delete registry value: 'HRZR_HVGBBYONE:0k1,126' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count - Succeeded
Delete registry value: 'HRZR_PGYFRFFVBA' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:%pfvqy2%\Jvaqbjf Zrffratre.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_PGYPHNPbhag:pgbe' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHAPCY' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHAPCY:ahfezte.pcy ,vavgvnyGnfx=PunatrCvpgher' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHAPCY:qrfx.pcy' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:P:\Cebtenz Svyrf\ZFA\ZFAPberSvyrf\Vafgnyy\zfafhfvv.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHAPCY:"P:\JVAQBJF\flfgrz32\nccjvm.pcy",Nwbhg/Fhccerffvba qr cebtenzzrf' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:P:\JVAQBJF\flfgrz32\hfzg\zvtjvm.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Nyy Hfref\Zrah Qézneere\Jvaqbjf Hcqngr.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Nyy Hfref\Zrah Qézneere\Pbasvthere yrf cebtenzzrf cne qésnhg.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Nyy Hfref\Zrah Qézneere\Pngnybthr Jvaqbjf.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:%pfvqy2%\Jvaqbjf AG 4.0 Bcgvba Cnpx\Zvpebfbsg Vaqrk Freire' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_HVFPHG' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:::{20Q04SR0-3NRN-1069-N2Q8-08002O30309Q}' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHAPCY:FLFQZ.PCY' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:%pfvqy2%\Npprffbverf\Bhgvyf flfgèzr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:Q:\frghc.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:S:\ohssre\Bhgcbfg\BhgcbfgVafgnyy.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:S:\FRPHEVGR\· qviref\· Zvpebfbsg Senzrjbex (.ARG)\qbgargsk2.0.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:S:\FRPHEVGR\· qviref\· Jvaqbjf Vafgnyyre 3.1\JvaqbjfVafgnyyre3.1-XO893803-i2-k86.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:(ahyy)' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:rZhyr Arkg Ribyhgvba.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:S:\FRPHEVGR\· qviref\Synfu & Fubpxjnir\Fubpxjnir_Vafgnyyre_Fyvz.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:S:\FRPHEVGR\· qviref\Synfu & Fubpxjnir\Synfu 9.0.28.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:NIT Nagv-Fcljner.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:Zrqvn Cynlre Pynffvp.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:::{2559N1S4-21Q7-11Q4-OQNS-00P04S60O9S0}' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Hgvyvfngrhe\Ohernh\Sversbk Frghc 2.0.0.2.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:Zbmvyyn Sversbk.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Hgvyvfngrhe\Ohernh\· FcljnerOynfgre\fcljneroynfgre.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:Enppbhepv iref fnhirtneqr.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:Zbmvyyn Guhaqreoveq.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:Q:\NHGBEHA\NHGBEHA.RKR' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:Q:\vafgnyy.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:%pfvqy2%\Zvpebfbsg Rapnegn' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:S:\ohssre\Sbkvg Ernqre\SbkvgErnqre.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_HVDPHG' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:P:\CEBTEN~1\PN\RGEHFG~1\ernyzba.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:S:\FRPHEVGR\· Zbmvyyn GuhaqreOveq\Guhaqreoveq Frghc 2.0 Orgn 2.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:S:\FRPHEVGR\· Zbmvyyn GuhaqreOveq\Guhaqreoveq Frghc 1.5.0.10.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:P:\JVAQBJF\ertrqvg.pbz' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:P:\Cebtenz Svyrf\Zbmvyyn Guhaqreoveq\havafgnyy\havafgnyy.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:::{645SS040-5081-101O-9S08-00NN002S954R}' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Nyy Hfref\Zrah Qézneere\Bhieve ha qbphzrag Bssvpr.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Nyy Hfref\Zrah Qézneere\Abhirnh qbphzrag Bssvpr.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:%pfvqy2%\pbqrpf' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:%pfvqy2%\Abhirnh qbffvre' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:%pfvqy2%\pbqrpf\NP3Svygre' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:%pfvqy2%\pbqrpf\Unnyv Zrqvn Fcyvggre' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:%pfvqy2%\Zbmvyyn Guhaqreoveq\Cebsvyr Znantre.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Hgvyvfngrhe\Ohernh\SbkvgErnqre.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Nyy Hfref\Ohernh\Zrqvn Cynlre Pynffvp.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Nyy Hfref\Ohernh\NIT Nagv-Fcljner.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\Hgvyvfngrhe\Ohernh\rZhyr.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:P:\CEBTEN~1\ZBMVYY~2\SVERSBK.RKR' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:Pbheevre éyrpgebavdhr.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:Abgvbaf VZCBEGNAGRF qr féphevgé fhe Vagr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:rZhyr.yax' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:P:\Cebtenz Svyrf\rZhyr Arkg Ribyhgvba 4.4o\ar4.4o.rkr' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count - Succeeded
Delete registry value: 'HRZR_EHACNGU:::{450Q8SON-NQ25-11Q0-98N8-0800361O1103}' in HKCU\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVers
0
Réponse 19 / 25
Utilisateur anonyme
17 nov. 2008 à 11:54
je peux avoir le rapport de purera ? :

C:\PureRa.txt
0
Réponse 20 / 25
Utilisateur anonyme
17 nov. 2008 à 11:56
de plus il faut que tu ouvres Ccleaner et que tu ailles dans les options et que tu le fasses demarrer avec Windows ,effacement securise 35 Passes (Guttmann)+ decocher la case plus vieux de 48 h
0

Discussions similaires

Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
[Virus] Trojan ou virus dans csrss.exe et spo
Igor -
Igor -

5 réponses