[winik]Mémoire qui diminue +virus récalcitran
chris79
Messages postés
97
Statut
Membre
-
chris79 Messages postés 97 Statut Membre -
chris79 Messages postés 97 Statut Membre -
Bonjour a tous, j'ai beau chercher mais je n'ai pas réussi a resoudre mon problème :
-présence de win32:Adware gen et win32:trojano 1476
-mémoire réelle du disque dur qui diminue (à cause de ces virus?)
En espérant trouver de l'aide sur ce forum.Je vous remercie d'avance.Chris
-présence de win32:Adware gen et win32:trojano 1476
-mémoire réelle du disque dur qui diminue (à cause de ces virus?)
En espérant trouver de l'aide sur ce forum.Je vous remercie d'avance.Chris
A voir également:
- [winik]Mémoire qui diminue +virus récalcitran
- Mémoire vive - Guide
- RAM : type, format, CAS, vitesse, tout sur la mémoire vive - Guide
- Virus mcafee - Accueil - Piratage
- Nettoyer memoire iphone - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
35 réponses
salut je n'ai pas fait silentrunnners, j'étais deja parti (trop pressé d'essayer)
J'ai reussi a sup le fameux dossier C:\Program Files\wuuwtrpw en mode sans echec alor qu'avant je n'y arrivai,merci .
Par contre le fichier winik est encore là (peut etre que c'est un autre, sais pas)
Jte colle donc mon log:
Logfile of HijackThis v1.99.1
Scan saved at 17:36:30, on 04/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\niSvcLoc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\eDonkey2000\edonkey2000.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Eraser\eraser.exe
C:\Club-Internet\Wizard\Agent_wifi.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Mes documents\Logiciels\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/net@tous
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [aYVHV5ow] C:\PROGRA~1\wuuwtrpw\dcACD0RM.exe
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Club-Internet\Wizard\Agent_wifi.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
J'ai reussi a sup le fameux dossier C:\Program Files\wuuwtrpw en mode sans echec alor qu'avant je n'y arrivai,merci .
Par contre le fichier winik est encore là (peut etre que c'est un autre, sais pas)
Jte colle donc mon log:
Logfile of HijackThis v1.99.1
Scan saved at 17:36:30, on 04/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\niSvcLoc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\eDonkey2000\edonkey2000.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Eraser\eraser.exe
C:\Club-Internet\Wizard\Agent_wifi.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Mes documents\Logiciels\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.planetis.com/net@tous
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [aYVHV5ow] C:\PROGRA~1\wuuwtrpw\dcACD0RM.exe
O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [eDonkey2000] "C:\Program Files\eDonkey2000\edonkey2000.exe" -t
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Club-Internet\Wizard\Agent_wifi.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Salut
je viens d'effectuer silentrunners et en voici le rapport:
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Update Service" = "C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup" ["Teknum Systems AS"]
"(Default)" = (empty string)
"Eraser" = "C:\Program Files\Eraser\eraser.exe -hide" ["-"]
"TVAgent WiFi" = "C:\Club-Internet\Wizard\Agent_wifi.exe" ["Club-Internet"]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AtiPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."]
"EM_EXEC" = "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" ["Logitech Inc. "]
"ACTIVBOARD" = "C:\Apps\ActivBoard\MMKeybd.exe" ["Netropa Corp."]
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["VeNoM386 and SwENSkE"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"aYVHV5ow" = "C:\PROGRA~1\wuuwtrpw\dcACD0RM.exe" [file not found]
"MPSWiFiManager" = "C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe" ["Motive Inc."]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"eDonkey2000" = ""C:\Program Files\eDonkey2000\edonkey2000.exe" -t" [null data]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ {++}
EXECUTION UNLIKELY: "Aspi Update" = "C:\Temp\aspi32.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
EasyCryptoMenu\(Default) = "{A0752120-6D75-D111-B5B1-0800095A2318}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\tsseCryp.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
EasyCryptoMenu\(Default) = "{A0752120-6D75-D111-B5B1-0800095A2318}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\tsseCryp.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Chris" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Docteur Club Internet" -> shortcut to: "C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe -boot" ["Motive Communications, Inc."]
Enabled Scheduled Tasks:
------------------------
"Rappel d'enregistrement 2" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:2" [MS]
"Rappel d'enregistrement 3" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:3" [MS]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
"XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{4964E240-D53C-11D5-BDA9-444553540000}\
"ButtonText" = "PICgrabber"
"MenuText" = "PICgrabber - Movie&Image Search/Download Software"
"Exec" = "C:\Program Files\PICgrabber\PICGRABBER.EXE" ["Zero G"]
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
HIJACK WARNING! "MGINavigationCanceled" = "C:\Program Files\MGI\MGI PhotoSuite 4\Internet\NavigationCanceled.html" [null data]
HIJACK WARNING! "MGIWelcome" = "C:\Program Files\MGI\MGI PhotoSuite 4\Internet\W_Welcome.html" [null data]
HIJACK WARNING! "MGIOfflineInformation" = "C:\Program Files\MGI\MGI PhotoSuite 4\Internet\OfflineInformation.html" [null data]
HOSTS file
----------
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
HIJACK WARNING! "DataBasePath" = "%SystemRoot%\System32\drivers\etc"
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Netropa NHK Server, nhksrv, "C:\Apps\ActivBoard\nhksrv.exe" [null data]
NI Service Locator, niSvcLoc, "C:\WINDOWS\system32\niSvcLoc.exe -s" ["National Instruments"]
SmartLinkService, SLService, "slserv.exe" [" "]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Keyboard Driver Filters:
------------------------
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = INFECTION WARNING! "Lkbdflt2" ["Logitech"], INFECTION WARNING! "msikbd2k" ["Netropa Corporation"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 44 seconds, including 17 seconds for message boxes)
je viens d'effectuer silentrunners et en voici le rapport:
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Update Service" = "C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup" ["Teknum Systems AS"]
"(Default)" = (empty string)
"Eraser" = "C:\Program Files\Eraser\eraser.exe -hide" ["-"]
"TVAgent WiFi" = "C:\Club-Internet\Wizard\Agent_wifi.exe" ["Club-Internet"]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AtiPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."]
"EM_EXEC" = "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" ["Logitech Inc. "]
"ACTIVBOARD" = "C:\Apps\ActivBoard\MMKeybd.exe" ["Netropa Corp."]
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["VeNoM386 and SwENSkE"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"aYVHV5ow" = "C:\PROGRA~1\wuuwtrpw\dcACD0RM.exe" [file not found]
"MPSWiFiManager" = "C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe" ["Motive Inc."]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" ["Sun Microsystems, Inc."]
"eDonkey2000" = ""C:\Program Files\eDonkey2000\edonkey2000.exe" -t" [null data]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ {++}
EXECUTION UNLIKELY: "Aspi Update" = "C:\Temp\aspi32.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a² Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
EasyCryptoMenu\(Default) = "{A0752120-6D75-D111-B5B1-0800095A2318}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\tsseCryp.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
EasyCryptoMenu\(Default) = "{A0752120-6D75-D111-B5B1-0800095A2318}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\tsseCryp.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\A2FREE~1\A2CONT~1.DLL" [null data]
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Chris" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Docteur Club Internet" -> shortcut to: "C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe -boot" ["Motive Communications, Inc."]
Enabled Scheduled Tasks:
------------------------
"Rappel d'enregistrement 2" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:2" [MS]
"Rappel d'enregistrement 3" -> launches: "C:\WINDOWS\System32\OOBE\oobebaln.exe /sys /r /n:3" [MS]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
"XoftSpy" -> launches: "C:\Program Files\XoftSpy\XoftSpy.exe -t" [file not found]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{4964E240-D53C-11D5-BDA9-444553540000}\
"ButtonText" = "PICgrabber"
"MenuText" = "PICgrabber - Movie&Image Search/Download Software"
"Exec" = "C:\Program Files\PICgrabber\PICGRABBER.EXE" ["Zero G"]
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
HIJACK WARNING! "MGINavigationCanceled" = "C:\Program Files\MGI\MGI PhotoSuite 4\Internet\NavigationCanceled.html" [null data]
HIJACK WARNING! "MGIWelcome" = "C:\Program Files\MGI\MGI PhotoSuite 4\Internet\W_Welcome.html" [null data]
HIJACK WARNING! "MGIOfflineInformation" = "C:\Program Files\MGI\MGI PhotoSuite 4\Internet\OfflineInformation.html" [null data]
HOSTS file
----------
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\
HIJACK WARNING! "DataBasePath" = "%SystemRoot%\System32\drivers\etc"
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
Netropa NHK Server, nhksrv, "C:\Apps\ActivBoard\nhksrv.exe" [null data]
NI Service Locator, niSvcLoc, "C:\WINDOWS\system32\niSvcLoc.exe -s" ["National Instruments"]
SmartLinkService, SLService, "slserv.exe" [" "]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Keyboard Driver Filters:
------------------------
HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = INFECTION WARNING! "Lkbdflt2" ["Logitech"], INFECTION WARNING! "msikbd2k" ["Netropa Corporation"]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 44 seconds, including 17 seconds for message boxes)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
C:\Program Files\wuuwtrpw n'est plus la et jvien a l'instant de supprimer winik.sys.
Quant a ma memoire il m'en reste 83Mo!
Merci Moe31 pour ton aide,jte le dirai jamais assez je crois.lol
Quant a ma memoire il m'en reste 83Mo!
Merci Moe31 pour ton aide,jte le dirai jamais assez je crois.lol
il reste cette ligne dans hijackthis:
O4 - HKLM\..\Run: [aYVHV5ow] C:\PROGRA~1\wuuwtrpw\dcACD0RM.exe
supprime la
ensuite redemarre ton pc et reposte un hijackthis (verifie aussi si winik et le dossier dans program files ne sont pas revenus)
telecharge Registry Search Tool
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
dezippe le et lance le
dans la fenetre du prog tape wuuwtrpw
et valide
sauvegarde le rapport
refais pareil en tapant winik
poste les 2 rapports
a+
O4 - HKLM\..\Run: [aYVHV5ow] C:\PROGRA~1\wuuwtrpw\dcACD0RM.exe
supprime la
ensuite redemarre ton pc et reposte un hijackthis (verifie aussi si winik et le dossier dans program files ne sont pas revenus)
telecharge Registry Search Tool
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
dezippe le et lance le
dans la fenetre du prog tape wuuwtrpw
et valide
sauvegarde le rapport
refais pareil en tapant winik
poste les 2 rapports
a+
salut,
la fameuse ligne
O4 - HKLM\..\Run: [aYVHV5ow] C:\PROGRA~1\wuuwtrpw\dcACD0RM.exe dans hijackthis a disparu.
De même le dossier dans program files a disparu.
Idem pour le winik.
Ensuite avec Registry Search Tool il m'a rien trouvé pour wuuwtrpw
mais pour winik jte colle le rapport.
(ps:tjs memoire qui diminue)
Merci.
rapport pour winik:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "winik" 04/10/2005 18:36:16
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000]
"Service"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000]
"DeviceDesc"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK]
"DisplayName"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Enum]
"0"="Root\\LEGACY_WINIK\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK\0000]
"Service"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK\0000]
"DeviceDesc"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK]
"DisplayName"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000]
"Service"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000]
"DeviceDesc"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK]
"DisplayName"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Enum]
"0"="Root\\LEGACY_WINIK\\0000"
[HKEY_USERS\S-1-5-21-854245398-115176313-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\WINDOWS\\system32\\drivers\\winik.sys"
[HKEY_USERS\S-1-5-21-854245398-115176313-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys]
"a"="C:\\WINDOWS\\system32\\drivers\\winik.sys"
la fameuse ligne
O4 - HKLM\..\Run: [aYVHV5ow] C:\PROGRA~1\wuuwtrpw\dcACD0RM.exe dans hijackthis a disparu.
De même le dossier dans program files a disparu.
Idem pour le winik.
Ensuite avec Registry Search Tool il m'a rien trouvé pour wuuwtrpw
mais pour winik jte colle le rapport.
(ps:tjs memoire qui diminue)
Merci.
rapport pour winik:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "winik" 04/10/2005 18:36:16
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000]
"Service"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000]
"DeviceDesc"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK]
"DisplayName"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Enum]
"0"="Root\\LEGACY_WINIK\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK\0000]
"Service"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK\0000]
"DeviceDesc"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK]
"DisplayName"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000]
"Service"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000]
"DeviceDesc"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK]
"DisplayName"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Enum]
"0"="Root\\LEGACY_WINIK\\0000"
[HKEY_USERS\S-1-5-21-854245398-115176313-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\WINDOWS\\system32\\drivers\\winik.sys"
[HKEY_USERS\S-1-5-21-854245398-115176313-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys]
"a"="C:\\WINDOWS\\system32\\drivers\\winik.sys"
winik, crée un service, il faudrait virer les entrées dans le registre de ce service.
il y a plusieurs methodes
on va commencer par la plus simple:
demarrer > executer et tape cmd
dans la fenêtre qui s'ouvre tape ou copie et colle:
sc stop winik
et valide
ensuite tape ou copie et colle:
sc delete winik
et valide
dis moi si tu as un message d'erreur ou de succes
ensuite refais une recherche sur winik avec regsrch et poste le rapport
a+
il y a plusieurs methodes
on va commencer par la plus simple:
demarrer > executer et tape cmd
dans la fenêtre qui s'ouvre tape ou copie et colle:
sc stop winik
et valide
ensuite tape ou copie et colle:
sc delete winik
et valide
dis moi si tu as un message d'erreur ou de succes
ensuite refais une recherche sur winik avec regsrch et poste le rapport
a+
Salut,
avec sc stop winik: j'ai un message d'erreur
ensuite avec sc delete winik: message de succes
voici donc le rapport pour winik:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "winik" 04/10/2005 18:58:36
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK\0000]
"Service"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK\0000]
"DeviceDesc"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK]
"DisplayName"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK\Security]
[HKEY_USERS\S-1-5-21-854245398-115176313-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\WINDOWS\\system32\\drivers\\winik.sys"
[HKEY_USERS\S-1-5-21-854245398-115176313-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys]
"a"="C:\\WINDOWS\\system32\\drivers\\winik.sys"
avec sc stop winik: j'ai un message d'erreur
ensuite avec sc delete winik: message de succes
voici donc le rapport pour winik:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "winik" 04/10/2005 18:58:36
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK\0000]
"Service"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK\0000]
"DeviceDesc"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK]
"DisplayName"="WinIK"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK\Security]
[HKEY_USERS\S-1-5-21-854245398-115176313-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\\WINDOWS\\system32\\drivers\\winik.sys"
[HKEY_USERS\S-1-5-21-854245398-115176313-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys]
"a"="C:\\WINDOWS\\system32\\drivers\\winik.sys"
y a du mieux, plus que 2 clés à supprimer
demarrer > executer et tape regedit
rend toi sur ces clés:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK
ne supprime que la valeur en gras et rien d'autre (clic droit dessus >supprimer)
si elles resistent, fais un clic droit dessus > autorisations et coche le controle total pour ton compte.
valide et reessaye de les supprimer
ensuite, reposte un regsrch pour verifier
a+
demarrer > executer et tape regedit
rend toi sur ces clés:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINIK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinIK
ne supprime que la valeur en gras et rien d'autre (clic droit dessus >supprimer)
si elles resistent, fais un clic droit dessus > autorisations et coche le controle total pour ton compte.
valide et reessaye de les supprimer
ensuite, reposte un regsrch pour verifier
a+
salut moe
enfin le moment que j'attendai tant: plus de winik détecté par regsrch.Donc je crois que c'est bon.Je vais lancé avast et vérifier si ma mémoire ne diminue plus.D'ailleurs où est donc passé cette espace disparu,ya t'il moyen de le récupérer?
Bref dans tous les cas jte remercie et continue comme ça, ça fait franchement plaisir de trouver du monde dans ces moments là où tout va mal...
Je te tiens au courant des avancement.A+ Chris.(et encore merci)
enfin le moment que j'attendai tant: plus de winik détecté par regsrch.Donc je crois que c'est bon.Je vais lancé avast et vérifier si ma mémoire ne diminue plus.D'ailleurs où est donc passé cette espace disparu,ya t'il moyen de le récupérer?
Bref dans tous les cas jte remercie et continue comme ça, ça fait franchement plaisir de trouver du monde dans ces moments là où tout va mal...
Je te tiens au courant des avancement.A+ Chris.(et encore merci)
content pour toi ;-)
tu peux faire un scan ici si tu as un peu de temps:
http://webscanner.kaspersky.fr/
apres le chargement du control active X, clic sur suivant
puis clic sur configuration et choisis "étendue"
Choisis l'analyse répertoire et choisis ton ou tes disques durs
supprime aussi le dossier C:\!Submit, crée par killbox (c'est un dossier de sauvegarde en cas de mauvaise manip)
a++
tu peux faire un scan ici si tu as un peu de temps:
http://webscanner.kaspersky.fr/
apres le chargement du control active X, clic sur suivant
puis clic sur configuration et choisis "étendue"
Choisis l'analyse répertoire et choisis ton ou tes disques durs
supprime aussi le dossier C:\!Submit, crée par killbox (c'est un dossier de sauvegarde en cas de mauvaise manip)
a++
