Probleme de fermetures de fenetre C:
alain_ultre
-
loloetseb Messages postés 5684 Statut Membre -
loloetseb Messages postés 5684 Statut Membre -
Bonjour,
j'ai besoin d'aide SVP.
mon PC présente les symptomes suivants :
- quand je clique droit sur le lecteur C: ou D: "ouvrir" et "explorer" n'apparaissent plus mais à la place il y a des caractères bizarres (parenthèses, lettres avec accent, point d'interrogation retourné ...)
- quand je clique sur mon C: dans le poste de travail, la fenetre de C: s'ouvre mais se referme automatiquement 1 à 2 secondes plus tard ; impossible de naviguer
- le fenêtre de mes navigateurs internet Firefox/IE se ferme de temps en temps (parfois après plusieurs minutes, parfois très rapidement)
- j'ai remarqué aussi que l'icone de Skype a changé
j'ai un anti-virus à jour (TrendMicron Office ScanNT), j'ai lancé des scans de MalwareBytes'AM et SpyBot S&D qui m'ont detecté qques intrus et les ont corrigé.
Mais mes problèmes sont toujours là.
J'ai lancé un coup de CCLeaner.
PDT_033 Je vous mets ci-après mon log HijackThis.
Merci de m'aider ...
Alain
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:41, on 01/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\BackupPC\CYGRUN~1.EXE
C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\PROGRA~1\BackupPC\rsync.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\lanwatch\lanwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBB.exe
C:\WINNT\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\Siemens\Card API\bin\siecacst.exe
C:\PROGRA~1\BackupPC\BPNotification.exe
C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
C:\WINNT\tsnp2std.exe
C:\WINNT\vsnp2std.exe
C:\Program Files\Common Files\System\nboqcey.exe
C:\Program Files\Common Files\Microsoft Shared\afdyvnr.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\fr028894\Mes Documents\truc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.siemens.net/cgi-bin/iesearch.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fpinfo.erlm.siemens.de/atd/mt/EN ... france.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fpinfo.erlm.siemens.de/atd/mt/EN ... france.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBS (CATS - Profil SAS)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.fr001.siemens.net/pacfiles/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=<proxyserver>:<Port>;https=<proxyserver>:<Port>;ftp=<proxyserver>:<Port>;gopher=localhost:1;socks=<proxyserver>:<Port>
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [USM] C:\Program Files\Siemens\USM\USM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [DirXconnect settings] C:\\PROGRA~1\SIEMENS\DIRXDI~1\dxdSetup.exe -silent -dxcsettings
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [backuppc_notif] C:\PROGRA~1\BackupPC\BPNotification.exe
O4 - HKLM\..\Run: [backupdir] "C:\PROGRA~1\BackupPC\backupdir.exe" startup /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe"
O4 - HKLM\..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe
O4 - HKLM\..\Run: [pydwhcw] C:\Program Files\Common Files\System\nboqcey.exe
O4 - HKLM\..\Run: [fhrqdpi] C:\Program Files\Common Files\Microsoft Shared\afdyvnr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://fpinfo.erlm.siemens.de/atd/mt/EN/about_us/france/mt_france.htm
O15 - Trusted Zone: *.abp-assur.com
O15 - Trusted Zone: http://www.privilege.cofacescrl.com
O15 - Trusted Zone: *.com-training.de
O15 - Trusted Zone: *.ir.dgi.minefi.gouv.fr
O15 - Trusted Zone: tva.dgi.minefi.gouv.fr
O15 - Trusted Zone: http://www.icnfin.com
O15 - Trusted Zone: *.extra-eu.infineon.com
O15 - Trusted Zone: *.interepargne.fr
O15 - Trusted Zone: *.internet-academy.de
O15 - Trusted Zone: http://rm.kon.it
O15 - Trusted Zone: http://sumtotal.kon.it
O15 - Trusted Zone: *.livemeeting.com
O15 - Trusted Zone: *.magdebourg.com
O15 - Trusted Zone: http://*.mroa051a
O15 - Trusted Zone: http://*.nokiasiemensnetworks.com
O15 - Trusted Zone: *.sap-ag.de
O15 - Trusted Zone: *.sap.com
O15 - Trusted Zone: *.sbs.de
O15 - Trusted Zone: *.par.sbs.fr
O15 - Trusted Zone: its.par.sbs.fr
O15 - Trusted Zone: http://its.par.sbs.fr
O15 - Trusted Zone: sdso158a.par.sbs.fr
O15 - Trusted Zone: http://telecom.sbs.fr
O15 - Trusted Zone: *.sbs.fr
O15 - Trusted Zone: https://www.siemens-home.bsh-group.com/fr/
O15 - Trusted Zone: http://eci-agui.siemens.at
O15 - Trusted Zone: *.siemens.at
O15 - Trusted Zone: *.automation.siemens.com
O15 - Trusted Zone: *.siemens.com
O15 - Trusted Zone: *.siemens.de
O15 - Trusted Zone: *.mti.siemens.fr
O15 - Trusted Zone: *.par.siemens.fr
O15 - Trusted Zone: sdso158a.par.siemens.fr
O15 - Trusted Zone: http://sdso158a.par.siemens.fr
O15 - Trusted Zone: http://www.sfs.siemens.fr
O15 - Trusted Zone: *.siemens.fr
O15 - Trusted Zone: *.siemens.net
O15 - Trusted Zone: *.siemensfinance.fr
O15 - Trusted Zone: https://new.siemens.com/global/en/products/services/digital-enterprise-services/sitrain.html
O15 - Trusted Zone: *.spcnl.co.in
O15 - Trusted Zone: *.srvfr.vads.cc
O15 - Trusted Zone: *.vaifr.vads.cc
O15 - Trusted Zone: *.vai.at
O15 - Trusted Zone: nms.wan.edc
O15 - Trusted Zone: *.abp-assur.com (HKLM)
O15 - Trusted Zone: http://www.privilege.cofacescrl.com (HKLM)
O15 - Trusted Zone: *.com-training.de (HKLM)
O15 - Trusted Zone: *.ir.dgi.minefi.gouv.fr (HKLM)
O15 - Trusted Zone: tva.dgi.minefi.gouv.fr (HKLM)
O15 - Trusted Zone: http://www.icnfin.com (HKLM)
O15 - Trusted Zone: *.extra-eu.infineon.com (HKLM)
O15 - Trusted Zone: *.interepargne.fr (HKLM)
O15 - Trusted Zone: *.internet-academy.de (HKLM)
O15 - Trusted Zone: http://rm.kon.it (HKLM)
O15 - Trusted Zone: http://sumtotal.kon.it (HKLM)
O15 - Trusted Zone: *.livemeeting.com (HKLM)
O15 - Trusted Zone: *.magdebourg.com (HKLM)
O15 - Trusted Zone: http://*.mroa051a (HKLM)
O15 - Trusted Zone: http://*.nokiasiemensnetworks.com (HKLM)
O15 - Trusted Zone: *.sap-ag.de (HKLM)
O15 - Trusted Zone: *.sap.com (HKLM)
O15 - Trusted Zone: *.sbs.de (HKLM)
O15 - Trusted Zone: *.par.sbs.fr (HKLM)
O15 - Trusted Zone: its.par.sbs.fr (HKLM)
O15 - Trusted Zone: http://its.par.sbs.fr (HKLM)
O15 - Trusted Zone: sdso158a.par.sbs.fr (HKLM)
O15 - Trusted Zone: http://telecom.sbs.fr (HKLM)
O15 - Trusted Zone: *.sbs.fr (HKLM)
O15 - Trusted Zone: https://www.siemens-home.bsh-group.com/fr/ (HKLM)
O15 - Trusted Zone: http://eci-agui.siemens.at (HKLM)
O15 - Trusted Zone: *.siemens.at (HKLM)
O15 - Trusted Zone: *.automation.siemens.com (HKLM)
O15 - Trusted Zone: *.siemens.com (HKLM)
O15 - Trusted Zone: *.siemens.de (HKLM)
O15 - Trusted Zone: *.mti.siemens.fr (HKLM)
O15 - Trusted Zone: *.par.siemens.fr (HKLM)
O15 - Trusted Zone: sdso158a.par.siemens.fr (HKLM)
O15 - Trusted Zone: http://sdso158a.par.siemens.fr (HKLM)
O15 - Trusted Zone: http://www.sfs.siemens.fr (HKLM)
O15 - Trusted Zone: *.siemens.fr (HKLM)
O15 - Trusted Zone: *.siemens.net (HKLM)
O15 - Trusted Zone: *.siemensfinance.fr (HKLM)
O15 - Trusted Zone: https://new.siemens.com/global/en/products/services/digital-enterprise-services/sitrain.html (HKLM)
O15 - Trusted Zone: *.spcnl.co.in (HKLM)
O15 - Trusted Zone: *.srvfr.vads.cc (HKLM)
O15 - Trusted Zone: *.vaifr.vads.cc (HKLM)
O15 - Trusted Zone: *.vai.at (HKLM)
O15 - Trusted Zone: nms.wan.edc (HKLM)
O15 - Trusted IP range: 139.10.0.207
O15 - Trusted IP range: http://139.10.0.207
O15 - Trusted IP range: 139.10.13.22
O15 - Trusted IP range: http://141.29.248.42
O15 - Trusted IP range: 139.10.0.207 (HKLM)
O15 - Trusted IP range: http://139.10.0.207 (HKLM)
O15 - Trusted IP range: 139.10.13.22 (HKLM)
O15 - Trusted IP range: http://141.29.248.42 (HKLM)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr001.siemens.net
O17 - HKLM\Software\..\Telephony: DomainName = fr001.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr001.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fr001.siemens.net,par.siemens.fr,vaifr.vads.cc,vads.cc,ww003.siemens.net,sie.siemens.at
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr001.siemens.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = fr001.siemens.net,par.siemens.fr,vaifr.vads.cc,vads.cc,ww003.siemens.net,sie.siemens.at
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fr001.siemens.net,par.siemens.fr,vaifr.vads.cc,vads.cc,ww003.siemens.net,sie.siemens.at
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BackupPC - Unknown owner - C:\PROGRA~1\BackupPC\CYGRUN~1.EXE
O23 - Service: CatSystem (CatSystemSvc) - Siemens AG - C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
O23 - Service: CAT Bulletin Board (CBBS) - Unknown owner - C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Gene6 FTP Server (G6FTPServer) - Unknown owner - C:\Program Files\Gene6 FTP Server\G6FTPTray.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: Lan watch Service (lanwatch) - - c:\program files\lanwatch\lanwatch.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe
j'ai besoin d'aide SVP.
mon PC présente les symptomes suivants :
- quand je clique droit sur le lecteur C: ou D: "ouvrir" et "explorer" n'apparaissent plus mais à la place il y a des caractères bizarres (parenthèses, lettres avec accent, point d'interrogation retourné ...)
- quand je clique sur mon C: dans le poste de travail, la fenetre de C: s'ouvre mais se referme automatiquement 1 à 2 secondes plus tard ; impossible de naviguer
- le fenêtre de mes navigateurs internet Firefox/IE se ferme de temps en temps (parfois après plusieurs minutes, parfois très rapidement)
- j'ai remarqué aussi que l'icone de Skype a changé
j'ai un anti-virus à jour (TrendMicron Office ScanNT), j'ai lancé des scans de MalwareBytes'AM et SpyBot S&D qui m'ont detecté qques intrus et les ont corrigé.
Mais mes problèmes sont toujours là.
J'ai lancé un coup de CCLeaner.
PDT_033 Je vous mets ci-après mon log HijackThis.
Merci de m'aider ...
Alain
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:41, on 01/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\BackupPC\CYGRUN~1.EXE
C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\PROGRA~1\BackupPC\rsync.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\lanwatch\lanwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Siemens\CAT Bulletin Board\CBB.exe
C:\WINNT\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\Siemens\Card API\bin\siecacst.exe
C:\PROGRA~1\BackupPC\BPNotification.exe
C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
C:\WINNT\tsnp2std.exe
C:\WINNT\vsnp2std.exe
C:\Program Files\Common Files\System\nboqcey.exe
C:\Program Files\Common Files\Microsoft Shared\afdyvnr.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\fr028894\Mes Documents\truc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.siemens.net/cgi-bin/iesearch.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fpinfo.erlm.siemens.de/atd/mt/EN ... france.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fpinfo.erlm.siemens.de/atd/mt/EN ... france.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBS (CATS - Profil SAS)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.fr001.siemens.net/pacfiles/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=<proxyserver>:<Port>;https=<proxyserver>:<Port>;ftp=<proxyserver>:<Port>;gopher=localhost:1;socks=<proxyserver>:<Port>
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [USM] C:\Program Files\Siemens\USM\USM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [DirXconnect settings] C:\\PROGRA~1\SIEMENS\DIRXDI~1\dxdSetup.exe -silent -dxcsettings
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SIECACST] C:\Program Files\Siemens\Card API\bin\siecacst.exe
O4 - HKLM\..\Run: [backuppc_notif] C:\PROGRA~1\BackupPC\BPNotification.exe
O4 - HKLM\..\Run: [backupdir] "C:\PROGRA~1\BackupPC\backupdir.exe" startup /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe"
O4 - HKLM\..\Run: [CfgDownload] C:\Program Files\IXOS\bin\CfgDownload.exe
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINNT\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINNT\vsnp2std.exe
O4 - HKLM\..\Run: [pydwhcw] C:\Program Files\Common Files\System\nboqcey.exe
O4 - HKLM\..\Run: [fhrqdpi] C:\Program Files\Common Files\Microsoft Shared\afdyvnr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://fpinfo.erlm.siemens.de/atd/mt/EN/about_us/france/mt_france.htm
O15 - Trusted Zone: *.abp-assur.com
O15 - Trusted Zone: http://www.privilege.cofacescrl.com
O15 - Trusted Zone: *.com-training.de
O15 - Trusted Zone: *.ir.dgi.minefi.gouv.fr
O15 - Trusted Zone: tva.dgi.minefi.gouv.fr
O15 - Trusted Zone: http://www.icnfin.com
O15 - Trusted Zone: *.extra-eu.infineon.com
O15 - Trusted Zone: *.interepargne.fr
O15 - Trusted Zone: *.internet-academy.de
O15 - Trusted Zone: http://rm.kon.it
O15 - Trusted Zone: http://sumtotal.kon.it
O15 - Trusted Zone: *.livemeeting.com
O15 - Trusted Zone: *.magdebourg.com
O15 - Trusted Zone: http://*.mroa051a
O15 - Trusted Zone: http://*.nokiasiemensnetworks.com
O15 - Trusted Zone: *.sap-ag.de
O15 - Trusted Zone: *.sap.com
O15 - Trusted Zone: *.sbs.de
O15 - Trusted Zone: *.par.sbs.fr
O15 - Trusted Zone: its.par.sbs.fr
O15 - Trusted Zone: http://its.par.sbs.fr
O15 - Trusted Zone: sdso158a.par.sbs.fr
O15 - Trusted Zone: http://telecom.sbs.fr
O15 - Trusted Zone: *.sbs.fr
O15 - Trusted Zone: https://www.siemens-home.bsh-group.com/fr/
O15 - Trusted Zone: http://eci-agui.siemens.at
O15 - Trusted Zone: *.siemens.at
O15 - Trusted Zone: *.automation.siemens.com
O15 - Trusted Zone: *.siemens.com
O15 - Trusted Zone: *.siemens.de
O15 - Trusted Zone: *.mti.siemens.fr
O15 - Trusted Zone: *.par.siemens.fr
O15 - Trusted Zone: sdso158a.par.siemens.fr
O15 - Trusted Zone: http://sdso158a.par.siemens.fr
O15 - Trusted Zone: http://www.sfs.siemens.fr
O15 - Trusted Zone: *.siemens.fr
O15 - Trusted Zone: *.siemens.net
O15 - Trusted Zone: *.siemensfinance.fr
O15 - Trusted Zone: https://new.siemens.com/global/en/products/services/digital-enterprise-services/sitrain.html
O15 - Trusted Zone: *.spcnl.co.in
O15 - Trusted Zone: *.srvfr.vads.cc
O15 - Trusted Zone: *.vaifr.vads.cc
O15 - Trusted Zone: *.vai.at
O15 - Trusted Zone: nms.wan.edc
O15 - Trusted Zone: *.abp-assur.com (HKLM)
O15 - Trusted Zone: http://www.privilege.cofacescrl.com (HKLM)
O15 - Trusted Zone: *.com-training.de (HKLM)
O15 - Trusted Zone: *.ir.dgi.minefi.gouv.fr (HKLM)
O15 - Trusted Zone: tva.dgi.minefi.gouv.fr (HKLM)
O15 - Trusted Zone: http://www.icnfin.com (HKLM)
O15 - Trusted Zone: *.extra-eu.infineon.com (HKLM)
O15 - Trusted Zone: *.interepargne.fr (HKLM)
O15 - Trusted Zone: *.internet-academy.de (HKLM)
O15 - Trusted Zone: http://rm.kon.it (HKLM)
O15 - Trusted Zone: http://sumtotal.kon.it (HKLM)
O15 - Trusted Zone: *.livemeeting.com (HKLM)
O15 - Trusted Zone: *.magdebourg.com (HKLM)
O15 - Trusted Zone: http://*.mroa051a (HKLM)
O15 - Trusted Zone: http://*.nokiasiemensnetworks.com (HKLM)
O15 - Trusted Zone: *.sap-ag.de (HKLM)
O15 - Trusted Zone: *.sap.com (HKLM)
O15 - Trusted Zone: *.sbs.de (HKLM)
O15 - Trusted Zone: *.par.sbs.fr (HKLM)
O15 - Trusted Zone: its.par.sbs.fr (HKLM)
O15 - Trusted Zone: http://its.par.sbs.fr (HKLM)
O15 - Trusted Zone: sdso158a.par.sbs.fr (HKLM)
O15 - Trusted Zone: http://telecom.sbs.fr (HKLM)
O15 - Trusted Zone: *.sbs.fr (HKLM)
O15 - Trusted Zone: https://www.siemens-home.bsh-group.com/fr/ (HKLM)
O15 - Trusted Zone: http://eci-agui.siemens.at (HKLM)
O15 - Trusted Zone: *.siemens.at (HKLM)
O15 - Trusted Zone: *.automation.siemens.com (HKLM)
O15 - Trusted Zone: *.siemens.com (HKLM)
O15 - Trusted Zone: *.siemens.de (HKLM)
O15 - Trusted Zone: *.mti.siemens.fr (HKLM)
O15 - Trusted Zone: *.par.siemens.fr (HKLM)
O15 - Trusted Zone: sdso158a.par.siemens.fr (HKLM)
O15 - Trusted Zone: http://sdso158a.par.siemens.fr (HKLM)
O15 - Trusted Zone: http://www.sfs.siemens.fr (HKLM)
O15 - Trusted Zone: *.siemens.fr (HKLM)
O15 - Trusted Zone: *.siemens.net (HKLM)
O15 - Trusted Zone: *.siemensfinance.fr (HKLM)
O15 - Trusted Zone: https://new.siemens.com/global/en/products/services/digital-enterprise-services/sitrain.html (HKLM)
O15 - Trusted Zone: *.spcnl.co.in (HKLM)
O15 - Trusted Zone: *.srvfr.vads.cc (HKLM)
O15 - Trusted Zone: *.vaifr.vads.cc (HKLM)
O15 - Trusted Zone: *.vai.at (HKLM)
O15 - Trusted Zone: nms.wan.edc (HKLM)
O15 - Trusted IP range: 139.10.0.207
O15 - Trusted IP range: http://139.10.0.207
O15 - Trusted IP range: 139.10.13.22
O15 - Trusted IP range: http://141.29.248.42
O15 - Trusted IP range: 139.10.0.207 (HKLM)
O15 - Trusted IP range: http://139.10.0.207 (HKLM)
O15 - Trusted IP range: 139.10.13.22 (HKLM)
O15 - Trusted IP range: http://141.29.248.42 (HKLM)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/J ... tupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr001.siemens.net
O17 - HKLM\Software\..\Telephony: DomainName = fr001.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr001.siemens.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fr001.siemens.net,par.siemens.fr,vaifr.vads.cc,vads.cc,ww003.siemens.net,sie.siemens.at
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr001.siemens.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = fr001.siemens.net,par.siemens.fr,vaifr.vads.cc,vads.cc,ww003.siemens.net,sie.siemens.at
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fr001.siemens.net,par.siemens.fr,vaifr.vads.cc,vads.cc,ww003.siemens.net,sie.siemens.at
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BackupPC - Unknown owner - C:\PROGRA~1\BackupPC\CYGRUN~1.EXE
O23 - Service: CatSystem (CatSystemSvc) - Siemens AG - C:\WINNT\CatPC\CatSYS\CatSystemSvc.exe
O23 - Service: CAT Bulletin Board (CBBS) - Unknown owner - C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Gene6 FTP Server (G6FTPServer) - Unknown owner - C:\Program Files\Gene6 FTP Server\G6FTPTray.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: Lan watch Service (lanwatch) - - c:\program files\lanwatch\lanwatch.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\tmlisten.exe
A voir également:
- Probleme de fermetures de fenetre C:
- Fenetre de navigation privée - Guide
- Fenetre windows - Guide
- Fenêtre hors écran windows 11 - Guide
- Sytadin fermetures nocturnes - Télécharger - Transports & Cartes
- Forcer fermeture fenetre windows - Guide
2 réponses
sALUT
Telecharge GENPROC Ouvre ce lien d'aide < < http://www.alt-shift-return.org/Info/GenProc-HowTo.html >
, et le téléchargement est dedans < http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip > repond oui à la question à la fin et poste le rapport stp
Peux tu poster le rapport de Malwarebytes
Telecharge GENPROC Ouvre ce lien d'aide < < http://www.alt-shift-return.org/Info/GenProc-HowTo.html >
, et le téléchargement est dedans < http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip > repond oui à la question à la fin et poste le rapport stp
Peux tu poster le rapport de Malwarebytes
ci-après les 2 rapports demandés
(rq : pour info, je ne peux pas redémarrer en mode sans échec)
merci
alain
Rapport GenProc 2.351 [1] - 2009-02-01 - Windows XP
Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
# Etape 1/ Télécharge :
- SmitfraudFix http://siri.urz.free.fr/Fix/SmitfraudFix.exe (S!Ri)
Double-clique sur le fichier "smitfraudfix.exe" et choisis l'option 1 ; il va lister tous les éléments nuisibles dans un rapport : poste le maintenant.
- MSNFix http://sosvirus.changelog.fr/MSNFix.zip (!aur3n7) et décompresse-le sur le Bureau.
Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** FR028894 ***
# Etape 2/
Double-clique sur le fichier "SmitfraudFix.exe" et choisis l'option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.
# Etape 3/
Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau.
# Etape 4/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.
# Etape 5/
Redémarre normalement et poste, dans la même réponse :
- Le rapport SmitfraudFix que tu as sauvegardé sur ton bureau ;
- Le contenu du rapport MSNfix situé sur le Bureau ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
____________________________________________________________________________________________________________
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1712
Windows 5.1.2600 Service Pack 3
01/02/2009 22:04:07
mbam-log-2009-02-01 (22-04-07).txt
Type de recherche: Examen complet (C:\|V:\|)
Eléments examinés: 98058
Temps écoulé: 25 minute(s), 32 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 113
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSSTAT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCANX.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.COM (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastU3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp (Security.Hijack) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINNT\system32\sexit.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MEEX.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINNT\system32\drivers\etc\SERVICES.001 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINNT\system32\drivers\etc\SERVICES.002 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINNT\system32\drivers\etc\SERVICES.003 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.