Pc-infecté
zenasmus
Messages postés
91
Statut
Membre
-
zenasmus Messages postés 91 Statut Membre -
zenasmus Messages postés 91 Statut Membre -
Bonjour,
je pense que mon pc à un probleme que ni kaspersky ni malwarebytes ni usbfixe n'a resoud ce probleme aidez moi svp merci ci-joint rapport hijackthis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:19, on 30/06/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\dwrcs\DWRCST.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.5.32.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.175.0.38;10.5.1.27;10.5.1.15;10.175.12.255;10.175.2.23;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
R3 - URLSearchHook: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Messenger Plus - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O3 - Toolbar: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\Windows\dwrcs\DWRCST.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MediaGet2] C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe --minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: tracker.html
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger avec Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shdpina.local
O17 - HKLM\Software\..\Telephony: DomainName = shdpina.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = shdpina.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = shdpina.local
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DameWare Mini Remote Control (dwmrcs) - DameWare Development LLC - C:\Windows\dwrcs\DWRCS.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
je pense que mon pc à un probleme que ni kaspersky ni malwarebytes ni usbfixe n'a resoud ce probleme aidez moi svp merci ci-joint rapport hijackthis.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:19, on 30/06/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\dwrcs\DWRCST.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.5.32.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.175.0.38;10.5.1.27;10.5.1.15;10.175.12.255;10.175.2.23;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
R3 - URLSearchHook: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Messenger Plus - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O3 - Toolbar: Messenger Plus Toolbar - {b760d5a4-8d24-4cb6-942e-d6bb540ad88c} - C:\Program Files\Messenger_Plus\prxtbMess.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\Windows\dwrcs\DWRCST.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MediaGet2] C:\Users\mzenasni\AppData\Local\MediaGet2\mediaget.exe --minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
O4 - Global Startup: tracker.html
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger avec Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shdpina.local
O17 - HKLM\Software\..\Telephony: DomainName = shdpina.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = shdpina.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = shdpina.local
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DameWare Mini Remote Control (dwmrcs) - DameWare Development LLC - C:\Windows\dwrcs\DWRCS.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Intel Corporation - C:\Windows\system32\IProsetMonitor.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
A voir également:
- Pc-infecté
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Test performance pc - Guide
- Double ecran pc - Guide
51 réponses
donc j'ai pas compris la procedure de quel fichier s'agit-il exactement expliquez moi pas à pas svp merci encore
apres avoir scané
File name: DWRCS.EXE
Submission date: 2011-07-01 13:45:51 (UTC)
resultat:
http://www.virustotal.com/file-scan/report.html?id=27af6b57b188467b6a4a1144a4c5d60876c20995f0d1823a688ec5938cba7b93-1305127594
File name: DWRCS.EXE
Submission date: 2011-07-01 13:45:51 (UTC)
resultat:
http://www.virustotal.com/file-scan/report.html?id=27af6b57b188467b6a4a1144a4c5d60876c20995f0d1823a688ec5938cba7b93-1305127594
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
je comprends pas pourquoi j'ai ca sur la page :
File name:
64DBA5067864CAAFF7D608E9C916E4000655F2CF.EXE
Submission date:
2011-05-11 15:26:34 (UTC)
File name:
64DBA5067864CAAFF7D608E9C916E4000655F2CF.EXE
Submission date:
2011-05-11 15:26:34 (UTC)
aucune idée j'ai scané avec kaspersky full scan et malwarebytes et toujours pc instable il vient juste de changer de theme tout seul en plus le disque local C est presque plein pourtant j'ai désinstallé plusieurs logs et des fois je l'eteint avec par exemple 11G° de libre le lendemain je trouve que 8G° de libre d'où vient la difference. voilà mon problème essayez de m'aider
ps: meme usbfixe n'a rien trouvé .
ps: meme usbfixe n'a rien trouvé .
slt GEN voici le resultat
http://www.virustotal.com/file-scan/report.html?id=27af6b57b188467b6a4a1144a4c5d60876c20995f0d1823a688ec5938cba7b93-1309527951
http://www.virustotal.com/file-scan/report.html?id=27af6b57b188467b6a4a1144a4c5d60876c20995f0d1823a688ec5938cba7b93-1309527951
merci gen voici le pre script
http://www.cijoint.fr/cjlink.php?file=cj201107/cijo7HP1O9.txt
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤
Utilisateur : mzenasni (Administrateurs)
Ordinateur : INT-HEB-5655
Système d'exploitation : Windows 7 Ultimate (32 bits)
Internet Explorer : 8.0.7600.16385
Mozilla Firefox : 5.0 (fr)
Switchs possibles :
processes:: | file:: | folder::
Registry:: | Driver:: | replace::
txt:: | Host:: | DNS:: | NsLook::
Command:: | list:: | attrib::
Script : 18:23:15
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
switchs :
file::
C:\Windows\Tasks\AutoKMS.job
C:\Windows\Tasks\AutoKMSDaily.job
C:\Windows\Tasks\Updater.job
C:\Windows\Tasks\Windows 7 Manager Live Update.job
folder::
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaGet2
C:\Users\mzenasni\AppData\Roaming\kkl
C:\Users\mzenasni\AppData\Roaming\Media Get LLC
C:\Users\mzenasni\AppData\Roaming\moovida-1
C:\ProgramData\Media Get LLC
C:\Users\mzenasni\AppData\Local\crazyloader Air
C:\Users\mzenasni\AppData\Local\Media Get LLC
C:\Users\mzenasni\AppData\Local\MediaGet2
C:\Users\mzenasni\AppData\Local\moovida Air
C:\Program Files\BitLord
C:\Program Files\Gossiper
C:\Program Files\Live_TV
C:\Program Files\Messenger_Plus
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MediaGet2"=-
"IDMan"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CURRENT_USER\Software\Avfxaug]
[-HKEY_CURRENT_USER\Software\Awcfnakk]
[-HKEY_CURRENT_USER\Software\BitLord]
[-HKEY_CURRENT_USER\Software\Kitoy Kim]
[-HKEY_CURRENT_USER\Software\kNok]
[-HKEY_CURRENT_USER\Software\ooefxzbc]
[-HKEY_LOCAL_MACHINE\Software\Gossiper]
[-HKEY_LOCAL_MACHINE\Software\MediaGet]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Windows\system32\csrss.exe=-
C:\Windows\system32\winlogon.exe=-
C:\Windows\system32\wininit.exe=-
C:\Windows\System32\svchost.exe=-
C:\Windows\system32\Dwm.exe=-
C:\Windows\system32\services.exe=-
C:\Windows\system32\LogonUI.exe=-
C:\Windows\system32\taskeng.exe=-
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe=-
C:\Windows\Explorer.EXE=-
C:\Windows\system32\atiesrxx.exe=-
attrib::
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Modification du registre effectuéé
¤
Supprimé : C:\Windows\Tasks\AutoKMS.job
Supprimé : C:\Windows\Tasks\AutoKMSDaily.job
Supprimé : C:\Windows\Tasks\Updater.job
Supprimé : C:\Windows\Tasks\Windows 7 Manager Live Update.job
¤
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaGet2
Supprimé : C:\Users\mzenasni\AppData\Roaming\kkl
Supprimé : C:\Users\mzenasni\AppData\Roaming\Media Get LLC
Supprimé : C:\Users\mzenasni\AppData\Roaming\moovida-1
Supprimé : C:\ProgramData\Media Get LLC
Supprimé : C:\Users\mzenasni\AppData\Local\crazyloader Air
non Supprimé : C:\Users\mzenasni\AppData\Local\Media Get LLC
non Supprimé : C:\Users\mzenasni\AppData\Local\MediaGet2
Supprimé : C:\Users\mzenasni\AppData\Local\moovida Air
Supprimé : C:\Program Files\BitLord
Supprimé : C:\Program Files\Gossiper
Supprimé : C:\Program Files\Live_TV
Supprimé : C:\Program Files\Messenger_Plus
¤
Disques externes : 19 Objets réattribués
Disque Local : 7 Objets réattribués
Utilisateurs : 0 Objets réattribués
ProgramFiles : 95 Objets réattribués
Music : 4 Objets réattribués
Pictures : 0 Objets réattribués
Videos : 2 Objets réattribués
Downloads : 2 Objets réattribués
Desktop : 11 Objets réattribués
Links : 0 Objets réattribués
Searches : 3 Objets réattribués
Contacts : 0 Objets réattribués
Saved Games : 0 Objets réattribués
Favorites : 0 Objets réattribués
Documents : 17 Objets réattribués
Windows : 149 Objets réattribués
StartMenu : 2 Objets réattribués
Librairies : 0 Objets réattribués
Quick Launch : 0 Objets réattribués
%AppData% : 57 Objets réattribués
¤
explorer.exe -> Processus redémarré
Fin : 18:24:50
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
http://www.cijoint.fr/cjlink.php?file=cj201107/cijo7HP1O9.txt
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤
Utilisateur : mzenasni (Administrateurs)
Ordinateur : INT-HEB-5655
Système d'exploitation : Windows 7 Ultimate (32 bits)
Internet Explorer : 8.0.7600.16385
Mozilla Firefox : 5.0 (fr)
Switchs possibles :
processes:: | file:: | folder::
Registry:: | Driver:: | replace::
txt:: | Host:: | DNS:: | NsLook::
Command:: | list:: | attrib::
Script : 18:23:15
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
switchs :
file::
C:\Windows\Tasks\AutoKMS.job
C:\Windows\Tasks\AutoKMSDaily.job
C:\Windows\Tasks\Updater.job
C:\Windows\Tasks\Windows 7 Manager Live Update.job
folder::
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaGet2
C:\Users\mzenasni\AppData\Roaming\kkl
C:\Users\mzenasni\AppData\Roaming\Media Get LLC
C:\Users\mzenasni\AppData\Roaming\moovida-1
C:\ProgramData\Media Get LLC
C:\Users\mzenasni\AppData\Local\crazyloader Air
C:\Users\mzenasni\AppData\Local\Media Get LLC
C:\Users\mzenasni\AppData\Local\MediaGet2
C:\Users\mzenasni\AppData\Local\moovida Air
C:\Program Files\BitLord
C:\Program Files\Gossiper
C:\Program Files\Live_TV
C:\Program Files\Messenger_Plus
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MediaGet2"=-
"IDMan"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CURRENT_USER\Software\Avfxaug]
[-HKEY_CURRENT_USER\Software\Awcfnakk]
[-HKEY_CURRENT_USER\Software\BitLord]
[-HKEY_CURRENT_USER\Software\Kitoy Kim]
[-HKEY_CURRENT_USER\Software\kNok]
[-HKEY_CURRENT_USER\Software\ooefxzbc]
[-HKEY_LOCAL_MACHINE\Software\Gossiper]
[-HKEY_LOCAL_MACHINE\Software\MediaGet]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Windows\system32\csrss.exe=-
C:\Windows\system32\winlogon.exe=-
C:\Windows\system32\wininit.exe=-
C:\Windows\System32\svchost.exe=-
C:\Windows\system32\Dwm.exe=-
C:\Windows\system32\services.exe=-
C:\Windows\system32\LogonUI.exe=-
C:\Windows\system32\taskeng.exe=-
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe=-
C:\Windows\Explorer.EXE=-
C:\Windows\system32\atiesrxx.exe=-
attrib::
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Modification du registre effectuéé
¤
Supprimé : C:\Windows\Tasks\AutoKMS.job
Supprimé : C:\Windows\Tasks\AutoKMSDaily.job
Supprimé : C:\Windows\Tasks\Updater.job
Supprimé : C:\Windows\Tasks\Windows 7 Manager Live Update.job
¤
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaGet2
Supprimé : C:\Users\mzenasni\AppData\Roaming\kkl
Supprimé : C:\Users\mzenasni\AppData\Roaming\Media Get LLC
Supprimé : C:\Users\mzenasni\AppData\Roaming\moovida-1
Supprimé : C:\ProgramData\Media Get LLC
Supprimé : C:\Users\mzenasni\AppData\Local\crazyloader Air
non Supprimé : C:\Users\mzenasni\AppData\Local\Media Get LLC
non Supprimé : C:\Users\mzenasni\AppData\Local\MediaGet2
Supprimé : C:\Users\mzenasni\AppData\Local\moovida Air
Supprimé : C:\Program Files\BitLord
Supprimé : C:\Program Files\Gossiper
Supprimé : C:\Program Files\Live_TV
Supprimé : C:\Program Files\Messenger_Plus
¤
Disques externes : 19 Objets réattribués
Disque Local : 7 Objets réattribués
Utilisateurs : 0 Objets réattribués
ProgramFiles : 95 Objets réattribués
Music : 4 Objets réattribués
Pictures : 0 Objets réattribués
Videos : 2 Objets réattribués
Downloads : 2 Objets réattribués
Desktop : 11 Objets réattribués
Links : 0 Objets réattribués
Searches : 3 Objets réattribués
Contacts : 0 Objets réattribués
Saved Games : 0 Objets réattribués
Favorites : 0 Objets réattribués
Documents : 17 Objets réattribués
Windows : 149 Objets réattribués
StartMenu : 2 Objets réattribués
Librairies : 0 Objets réattribués
Quick Launch : 0 Objets réattribués
%AppData% : 57 Objets réattribués
¤
explorer.exe -> Processus redémarré
Fin : 18:24:50
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
Télécharge ici :OTL
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ => Clique ici pour voir la Configuration
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
▶ enregistre le sur ton Bureau.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶ => Clique ici pour voir la Configuration
▶Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier ci-dessus.
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
juste au niveau du bouton , en fin de chargement du fichier , Un lien de cette forme apparaitra :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
▶ Copie ce lien dans ta réponse.
▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
bonjour Gen
voici le rapport otl.txt :
http://www.cijoint.fr/cjlink.php?file=cj201107/cij1U0EM2e.txt
voici le rapport otl.txt :
http://www.cijoint.fr/cjlink.php?file=cj201107/cij1U0EM2e.txt
bonjour Gen
voici le rapport extra.txt :
http://www.cijoint.fr/cjlink.php?file=cj201107/cijjtP8aeG.txt
voici le rapport extra.txt :
http://www.cijoint.fr/cjlink.php?file=cj201107/cijjtP8aeG.txt
refais nettoyer avec Ad-Remover en mode sans echec
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
bonjour Gen
j'ai nettoyer en mode sans echec et voilà le resultat:
http://www.cijoint.fr/cjlink.php?file=cj201107/cij4C8Atw3.txt
j'ai nettoyer en mode sans echec et voilà le resultat:
http://www.cijoint.fr/cjlink.php?file=cj201107/cij4C8Atw3.txt
voici les deux rapports:
otl.txt
http://www.cijoint.fr/cjlink.php?file=cj201107/cij3cUcx24.txt
extra.txt
http://www.cijoint.fr/cjlink.php?file=cj201107/cijIqWv9LH.txt
otl.txt
http://www.cijoint.fr/cjlink.php?file=cj201107/cij3cUcx24.txt
extra.txt
http://www.cijoint.fr/cjlink.php?file=cj201107/cijIqWv9LH.txt
desinstalle adobe reader 9
desinstalle torrentman toolba
==========================================
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :
C:\Windows\System32\drivers\hmfs.sys
C:\Windows\System32\drivers\nskbfltr.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
=
=======================================
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:Services
gcbbzzez
ewksrlfu
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.175.0.38;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.5.32.3:8080
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg, = http://www.megauploaded.org/index.php?t=search&sourceid=www.freeware-alternative.uni.cc&w=%s
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg, = +
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,# = %23
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,& = %26
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,? = %3F
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,+ = %2B
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,= = %3D
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs, = http://www.rapidshared.org/index.php?t=search&sourceid=www.freeware-alternative.uni.cc&w=%s
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs, = +
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs,# = %23
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs,& = %26
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs,? = %3F
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs,+ = %2B
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs,= = %3D
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.5.32.3:8080
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Customized Web Search"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.5.1
FF - prefs.js..network.proxy.backup.ftp: "10.5.32.3"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.5.32.3"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.5.32.3"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "10.5.32.3"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "10.5.32.3"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "10.5.32.3"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "10.175.0.38,localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.5.32.3"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "10.5.32.3"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 1
FF - user.js..keyword.enabled: 1
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
[-HKEY_CLASSES_ROOT\CLSID\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[-HKEY_CLASSES_ROOT\CLSID\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[-HKEY_CLASSES_ROOT\CLSID\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[-HKEY_CLASSES_ROOT\CLSID\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[-HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
:Files
C:\Users\mzenasni\AppData\Roaming\Media Get LLC
C:\Users\mzenasni\AppData\Local\{*}
C:\Windows\KMSEmulator.exe
C:\ProgramData\Media Get LLC
C:\Windows\System32\avs.dll
C:\Windows\Uninstal.exe
:commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
desinstalle torrentman toolba
==========================================
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :
C:\Windows\System32\drivers\hmfs.sys
C:\Windows\System32\drivers\nskbfltr.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
=
=======================================
ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur OTL.exe pour le lancer.
▶Copie la liste qui se trouve en gras ci-dessous,
▶ colle-la dans la zone sous "Personnalisation" :
:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
:Services
gcbbzzez
ewksrlfu
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.175.0.38;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.5.32.3:8080
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg, = http://www.megauploaded.org/index.php?t=search&sourceid=www.freeware-alternative.uni.cc&w=%s
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg, = +
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,# = %23
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,& = %26
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,? = %3F
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,+ = %2B
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\mg,= = %3D
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs, = http://www.rapidshared.org/index.php?t=search&sourceid=www.freeware-alternative.uni.cc&w=%s
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs, = +
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs,# = %23
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs,& = %26
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs,? = %3F
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs,+ = %2B
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Internet Explorer\SearchURL\rs,= = %3D
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3028403037-2726206162-3131094494-1650\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.5.32.3:8080
FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Customized Web Search"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.5.1
FF - prefs.js..network.proxy.backup.ftp: "10.5.32.3"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "10.5.32.3"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "10.5.32.3"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "10.5.32.3"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "10.5.32.3"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "10.5.32.3"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "10.175.0.38,localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.5.32.3"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "10.5.32.3"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 1
FF - user.js..keyword.enabled: 1
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
[-HKEY_CLASSES_ROOT\CLSID\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
[-HKEY_CLASSES_ROOT\CLSID\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"=-
[-HKEY_CLASSES_ROOT\CLSID\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{b69a9db4-d0a1-4722-b56b-f20757a29cdf}"=-
[-HKEY_CLASSES_ROOT\CLSID\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{b760d5a4-8d24-4cb6-942e-d6bb540ad88c}"=-
[-HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
:Files
C:\Users\mzenasni\AppData\Roaming\Media Get LLC
C:\Users\mzenasni\AppData\Local\{*}
C:\Windows\KMSEmulator.exe
C:\ProgramData\Media Get LLC
C:\Windows\System32\avs.dll
C:\Windows\Uninstal.exe
:commands
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[reboot]
▶ Clique sur "Correction" pour lancer la suppression.
▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.
