Analyse du log Hijackthis de mon pc
Résolu
EpikWiz
Messages postés
64
Statut
Membre
-
Le sioux Messages postés 4907 Statut Contributeur sécurité -
Le sioux Messages postés 4907 Statut Contributeur sécurité -
Bonjours a tous !
J'en appelle a votre sagesse. Mon PC est, a mon avis, très sale et engorgé. A ce que j'ai lu, je ne me trompe pas et dans une autre page de CCM, on recommande de soumettre le rapport de Hijackthis ici. Je ne m'essayerais pas seul de le désinfecter car la dernière fois que je me suis aventurer dans les méandres de mon pc, ca m'a couté 56 $ CAN...
Merci de me filler un coup de main. Je suis conscient que je ne suis pas le seul a vous implorer lol
EpikWiz
-------------------------------------------------------
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NI.ERSV_0001_N91S1908] "c:\documents and settings\philippe\application data\errorsafefrspecialofferinstall[1].exe" -nag
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {5B174014-708E-44CA-B3F9-8A4333E4681F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5B174014-708E-44CA-B3F9-8A4333E4681F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtoc
J'en appelle a votre sagesse. Mon PC est, a mon avis, très sale et engorgé. A ce que j'ai lu, je ne me trompe pas et dans une autre page de CCM, on recommande de soumettre le rapport de Hijackthis ici. Je ne m'essayerais pas seul de le désinfecter car la dernière fois que je me suis aventurer dans les méandres de mon pc, ca m'a couté 56 $ CAN...
Merci de me filler un coup de main. Je suis conscient que je ne suis pas le seul a vous implorer lol
EpikWiz
-------------------------------------------------------
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NI.ERSV_0001_N91S1908] "c:\documents and settings\philippe\application data\errorsafefrspecialofferinstall[1].exe" -nag
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {5B174014-708E-44CA-B3F9-8A4333E4681F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5B174014-708E-44CA-B3F9-8A4333E4681F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtoc
A voir également:
- Analyse du log Hijackthis de mon pc
- Mon pc est lent - Guide
- Plus de son sur mon pc - Guide
- Reinitialiser pc - Guide
- Analyse composant pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
45 réponses
Bonjour epikWiz
Puis vu que ComboFix a l air de coincer , on va essayer avec OTMoveIt et un fixreg :
Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
(Note: tu n'auras pas accès à Internet à partir du moment ou te redémarreras en mode sans échec)
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection
1) Télécharge OTMoveIt (de Old_Timer)
Sur ton Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
N'y touche pas pour le moent.
2) Creation de Fix.reg
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
REGEDIT 4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CBA9C6-25A9-4C09-B2E6-4C3B92AF66F3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20983C05-5D8C-4EE9-A377-50B687138E19}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{329E3DEE-D958-4C0E-93CF-FD145318493E}]
Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : Fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
Note:
* Lors de l'enregistrement, il faut choisir pour le champ "Type": "Tous les fichiers"
* Fait bien attention que REGEDIT 4 soit sur la toute 1ere ligne
3 ) Utilisation du Fix.reg
Double clique sur regfix.reg (que tu as créé sur ton bureau)
=> tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
4) OTMoveIt (de Old_Timer)
Double clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.
C:\WINDOWS\system32\sdfixwcs.dll
C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\rtstv.bak1
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mlkkj.bak2
C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\wvvwa.bak2
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wvvwa.bak1
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\rttss.bak2
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.ini2
C:\WINDOWS\system32\rstwa.tmp
C:\WINDOWS\system32\rstwa.bak2
C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\qrutv.bak2
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qstwa.tmp
C:\WINDOWS\system32\qrutv.in
C:\WINDOWS\system32\qrutv.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\rttss.bak1
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\datenacj.ini
C:\WINDOWS\system32\qllohuje.ini
C:\WINDOWS\system32\hmhohiiw.ini
C:\WINDOWS\system32\phctnyor.ini
C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\nnsgbcyj.ini
C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\lorcweoc.ini
C:\WINDOWS\system32\kiuqfhmc.ini
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\voaicfmu.ini
C:\WINDOWS\system32\uyhnaypn.ini
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\llkkj.bak2
C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\gjkmp.bak1
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yccdd.bak2
C:\WINDOWS\system32\nqtwa.bak2
C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\imqbjahq.exe
C:\WINDOWS\system32\nxmrmcxs.exe
C:\WINDOWS\system32\monciqyy.exe
C:\WINDOWS\system32\awmsyydl.exe
C:\WINDOWS\system32\srutv.bak2
C:\WINDOWS\system32\mabncaji.exe
C:\WINDOWS\system32\srutv.bak1
C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\rmpnrcon.exe
C:\WINDOWS\system32\imkigssu.exe
C:\WINDOWS\system32\ahgsjabu.exe
C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\shwuqvna.exe
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\rdakxxmv.exe
C:\WINDOWS\system32\vpbxjmfa.exe
C:\WINDOWS\system32\ngswtxos.exe
C:\WINDOWS\system32\rgqtejml.exe
C:\WINDOWS\system32\ybeeg.bak2
C:\WINDOWS\system32\ybeeg.ini2
C:\WINDOWS\system32\iftwxakj.exe
C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\fnfcgsnf.exe
C:\WINDOWS\system32\bqsosyky.exe
C:\WINDOWS\system32\ylmnrcte.exe
C:\WINDOWS\system32\orutv.bak1
C:\WINDOWS\system32\qluiqonn.exe
C:\WINDOWS\system32\gdvtdlqw.exe
C:\WINDOWS\system32\lqeoxcay.exe
C:\WINDOWS\system32\aojvsrbo.exe
C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\iviixrfp.exe
C:\WINDOWS\system32\crpylthf.exe
C:\WINDOWS\system32\tumikccf.exe
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\pmcpqthv.exe
C:\WINDOWS\system32\iukkkvan.exe
C:\WINDOWS\system32\xaxeypea.exe
C:\WINDOWS\system32\rhcrfnoi.exe
C:\WINDOWS\system32\chcokluk.exe
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\leunpcfu.exe
C:\WINDOWS\system32\dbvxbmgp.exe
C:\WINDOWS\system32\opcyoyeg.exe
C:\WINDOWS\system32\yccdd.ini2
C:\WINDOWS\system32\lkpynlmu.exe
C:\WINDOWS\system32\qtncisdx.exe
C:\WINDOWS\system32\xlngbmhh.exe
C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\qqtss.bak1
C:\WINDOWS\system32\qqtss.bak2
C:\WINDOWS\system32\qqtss.ini2
C:\WINDOWS\Internet Logs
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
5) Rapport :
--> Poste le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)
@ suivre
Puis vu que ComboFix a l air de coincer , on va essayer avec OTMoveIt et un fixreg :
Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
(Note: tu n'auras pas accès à Internet à partir du moment ou te redémarreras en mode sans échec)
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection
1) Télécharge OTMoveIt (de Old_Timer)
Sur ton Bureau. http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
N'y touche pas pour le moent.
2) Creation de Fix.reg
Crée un nouveau document texte :
Clic droit de souris sur le bureau, "Nouveau"> "Document Texte". Ouvre-le et copie-colle dedans de ce qui est en citation ci-dessous, (copie tout d'un trait) :
REGEDIT 4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CBA9C6-25A9-4C09-B2E6-4C3B92AF66F3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20983C05-5D8C-4EE9-A377-50B687138E19}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{329E3DEE-D958-4C0E-93CF-FD145318493E}]
Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : Fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
Note:
* Lors de l'enregistrement, il faut choisir pour le champ "Type": "Tous les fichiers"
* Fait bien attention que REGEDIT 4 soit sur la toute 1ere ligne
3 ) Utilisation du Fix.reg
Double clique sur regfix.reg (que tu as créé sur ton bureau)
=> tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
4) OTMoveIt (de Old_Timer)
Double clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.
C:\WINDOWS\system32\sdfixwcs.dll
C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\rtstv.bak1
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\pqtwa.bak1
C:\WINDOWS\system32\pqtwa.ini
C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mlkkj.bak2
C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\wvvwa.bak2
C:\WINDOWS\system32\wvvwa.ini
C:\WINDOWS\system32\wvvwa.bak1
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\rttss.bak2
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.ini2
C:\WINDOWS\system32\rstwa.tmp
C:\WINDOWS\system32\rstwa.bak2
C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\qrutv.bak2
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qstwa.tmp
C:\WINDOWS\system32\qrutv.in
C:\WINDOWS\system32\qrutv.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\rttss.bak1
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\datenacj.ini
C:\WINDOWS\system32\qllohuje.ini
C:\WINDOWS\system32\hmhohiiw.ini
C:\WINDOWS\system32\phctnyor.ini
C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\nnsgbcyj.ini
C:\WINDOWS\system32\aybeg.bak2
C:\WINDOWS\system32\lorcweoc.ini
C:\WINDOWS\system32\kiuqfhmc.ini
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\voaicfmu.ini
C:\WINDOWS\system32\uyhnaypn.ini
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\orqss.bak2
C:\WINDOWS\system32\abeeg.bak2
C:\WINDOWS\system32\llkkj.bak2
C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\gjkmp.bak1
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\aybeg.bak1
C:\WINDOWS\system32\stvwa.bak2
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yccdd.bak2
C:\WINDOWS\system32\nqtwa.bak2
C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\abeeg.bak1
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\stvwa.bak1
C:\WINDOWS\system32\ttutv.bak1
C:\WINDOWS\system32\imqbjahq.exe
C:\WINDOWS\system32\nxmrmcxs.exe
C:\WINDOWS\system32\monciqyy.exe
C:\WINDOWS\system32\awmsyydl.exe
C:\WINDOWS\system32\srutv.bak2
C:\WINDOWS\system32\mabncaji.exe
C:\WINDOWS\system32\srutv.bak1
C:\WINDOWS\system32\nqtss.bak2
C:\WINDOWS\system32\rmpnrcon.exe
C:\WINDOWS\system32\imkigssu.exe
C:\WINDOWS\system32\ahgsjabu.exe
C:\WINDOWS\system32\nqtss.bak1
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\orqss.bak1
C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\shwuqvna.exe
C:\WINDOWS\system32\llkkj.bak1
C:\WINDOWS\system32\rdakxxmv.exe
C:\WINDOWS\system32\vpbxjmfa.exe
C:\WINDOWS\system32\ngswtxos.exe
C:\WINDOWS\system32\rgqtejml.exe
C:\WINDOWS\system32\ybeeg.bak2
C:\WINDOWS\system32\ybeeg.ini2
C:\WINDOWS\system32\iftwxakj.exe
C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\fnfcgsnf.exe
C:\WINDOWS\system32\bqsosyky.exe
C:\WINDOWS\system32\ylmnrcte.exe
C:\WINDOWS\system32\orutv.bak1
C:\WINDOWS\system32\qluiqonn.exe
C:\WINDOWS\system32\gdvtdlqw.exe
C:\WINDOWS\system32\lqeoxcay.exe
C:\WINDOWS\system32\aojvsrbo.exe
C:\WINDOWS\system32\mnnmp.bak2
C:\WINDOWS\system32\iviixrfp.exe
C:\WINDOWS\system32\crpylthf.exe
C:\WINDOWS\system32\tumikccf.exe
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\pmcpqthv.exe
C:\WINDOWS\system32\iukkkvan.exe
C:\WINDOWS\system32\xaxeypea.exe
C:\WINDOWS\system32\rhcrfnoi.exe
C:\WINDOWS\system32\chcokluk.exe
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\leunpcfu.exe
C:\WINDOWS\system32\dbvxbmgp.exe
C:\WINDOWS\system32\opcyoyeg.exe
C:\WINDOWS\system32\yccdd.ini2
C:\WINDOWS\system32\lkpynlmu.exe
C:\WINDOWS\system32\qtncisdx.exe
C:\WINDOWS\system32\xlngbmhh.exe
C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\jjkkj.ini2
C:\WINDOWS\system32\qqtss.bak1
C:\WINDOWS\system32\qqtss.bak2
C:\WINDOWS\system32\qqtss.ini2
C:\WINDOWS\Internet Logs
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaîtra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
5) Rapport :
--> Poste le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure)
@ suivre
LoadLibrary failed for C:\WINDOWS\system32\sdfixwcs.dll
C:\WINDOWS\system32\sdfixwcs.dll NOT unregistered.
C:\WINDOWS\system32\sdfixwcs.dll moved successfully.
C:\WINDOWS\system32\klkkj.bak1 moved successfully.
C:\WINDOWS\system32\klkkj.ini moved successfully.
C:\WINDOWS\system32\rtstv.bak1 moved successfully.
C:\WINDOWS\system32\rtstv.ini moved successfully.
C:\WINDOWS\system32\pqtwa.bak1 moved successfully.
C:\WINDOWS\system32\pqtwa.ini moved successfully.
C:\WINDOWS\system32\vyadd.bak2 moved successfully.
C:\WINDOWS\system32\vyadd.bak1 moved successfully.
C:\WINDOWS\system32\vyadd.ini moved successfully.
C:\WINDOWS\system32\mmllm.bak2 moved successfully.
C:\WINDOWS\system32\mmllm.ini moved successfully.
C:\WINDOWS\system32\mlkkj.bak2 moved successfully.
C:\WINDOWS\system32\mlkkj.bak1 moved successfully.
C:\WINDOWS\system32\mlkkj.ini moved successfully.
C:\WINDOWS\system32\wvvwa.bak2 moved successfully.
C:\WINDOWS\system32\wvvwa.ini moved successfully.
C:\WINDOWS\system32\wvvwa.bak1 moved successfully.
C:\WINDOWS\system32\ututv.bak2 moved successfully.
C:\WINDOWS\system32\bbeeg.ini moved successfully.
C:\WINDOWS\system32\bbeeg.bak1 moved successfully.
C:\WINDOWS\system32\rttss.bak2 moved successfully.
C:\WINDOWS\system32\rqtss.ini moved successfully.
C:\WINDOWS\system32\rqtss.ini2 moved successfully.
C:\WINDOWS\system32\rstwa.ini moved successfully.
C:\WINDOWS\system32\rstwa.ini2 moved successfully.
C:\WINDOWS\system32\rstwa.tmp moved successfully.
C:\WINDOWS\system32\rstwa.bak2 moved successfully.
C:\WINDOWS\system32\rstwa.bak1 moved successfully.
C:\WINDOWS\system32\qrutv.bak2 moved successfully.
C:\WINDOWS\system32\qtvwa.bak2 moved successfully.
C:\WINDOWS\system32\qtvwa.ini moved successfully.
C:\WINDOWS\system32\qtvwa.bak1 moved successfully.
C:\WINDOWS\system32\qstwa.tmp moved successfully.
File/Folder C:\WINDOWS\system32\qrutv.in not found.
C:\WINDOWS\system32\qrutv.bak1 moved successfully.
C:\WINDOWS\system32\edeeg.bak2 moved successfully.
C:\WINDOWS\system32\edeeg.bak1 moved successfully.
C:\WINDOWS\system32\edeeg.ini moved successfully.
C:\WINDOWS\system32\rttss.bak1 moved successfully.
C:\WINDOWS\system32\rttss.ini moved successfully.
C:\WINDOWS\system32\datenacj.ini moved successfully.
C:\WINDOWS\system32\qllohuje.ini moved successfully.
C:\WINDOWS\system32\hmhohiiw.ini moved successfully.
C:\WINDOWS\system32\phctnyor.ini moved successfully.
C:\WINDOWS\system32\onnmp.bak1 moved successfully.
C:\WINDOWS\system32\onnmp.ini moved successfully.
C:\WINDOWS\system32\nnsgbcyj.ini moved successfully.
C:\WINDOWS\system32\aybeg.bak2 moved successfully.
C:\WINDOWS\system32\lorcweoc.ini moved successfully.
C:\WINDOWS\system32\kiuqfhmc.ini moved successfully.
C:\WINDOWS\system32\rqtwa.bak2 moved successfully.
C:\WINDOWS\system32\voaicfmu.ini moved successfully.
C:\WINDOWS\system32\uyhnaypn.ini moved successfully.
C:\WINDOWS\system32\rqtwa.bak1 moved successfully.
C:\WINDOWS\system32\rqtwa.ini moved successfully.
C:\WINDOWS\system32\bcbeg.bak2 moved successfully.
C:\WINDOWS\system32\orqss.bak2 moved successfully.
C:\WINDOWS\system32\abeeg.bak2 moved successfully.
C:\WINDOWS\system32\llkkj.bak2 moved successfully.
C:\WINDOWS\system32\yycdd.bak2 moved successfully.
C:\WINDOWS\system32\ututv.bak1 moved successfully.
C:\WINDOWS\system32\gjkmp.bak1 moved successfully.
C:\WINDOWS\system32\ycbeg.bak2 moved successfully.
C:\WINDOWS\system32\aybeg.bak1 moved successfully.
C:\WINDOWS\system32\stvwa.bak2 moved successfully.
C:\WINDOWS\system32\yycdd.bak1 moved successfully.
C:\WINDOWS\system32\yccdd.bak2 moved successfully.
C:\WINDOWS\system32\nqtwa.bak2 moved successfully.
C:\WINDOWS\system32\nqtwa.bak1 moved successfully.
C:\WINDOWS\system32\abeeg.bak1 moved successfully.
C:\WINDOWS\system32\bcbeg.bak1 moved successfully.
C:\WINDOWS\system32\stvwa.bak1 moved successfully.
C:\WINDOWS\system32\ttutv.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\imqbjahq.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\nxmrmcxs.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\monciqyy.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\awmsyydl.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\srutv.bak2 moved successfully.
File move failed. C:\WINDOWS\system32\mabncaji.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\srutv.bak1 moved successfully.
C:\WINDOWS\system32\nqtss.bak2 moved successfully.
File move failed. C:\WINDOWS\system32\rmpnrcon.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\imkigssu.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ahgsjabu.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\nqtss.bak1 moved successfully.
C:\WINDOWS\system32\orqss.ini2 moved successfully.
C:\WINDOWS\system32\orqss.bak1 moved successfully.
C:\WINDOWS\system32\ddeeg.bak1 moved successfully.
C:\WINDOWS\system32\srqss.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\shwuqvna.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\llkkj.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\rdakxxmv.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\vpbxjmfa.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ngswtxos.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\rgqtejml.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\ybeeg.bak2 moved successfully.
C:\WINDOWS\system32\ybeeg.ini2 moved successfully.
File move failed. C:\WINDOWS\system32\iftwxakj.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\ybeeg.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\fnfcgsnf.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\bqsosyky.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ylmnrcte.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\orutv.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\qluiqonn.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\gdvtdlqw.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\lqeoxcay.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\aojvsrbo.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\mnnmp.bak2 moved successfully.
File move failed. C:\WINDOWS\system32\iviixrfp.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\crpylthf.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\tumikccf.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\mnnmp.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\pmcpqthv.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\iukkkvan.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\xaxeypea.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\rhcrfnoi.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\chcokluk.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\ihkmp.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\leunpcfu.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\dbvxbmgp.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\opcyoyeg.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\yccdd.ini2 moved successfully.
File move failed. C:\WINDOWS\system32\lkpynlmu.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\qtncisdx.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\xlngbmhh.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\yccdd.bak1 moved successfully.
C:\WINDOWS\system32\rtutv.bak1 moved successfully.
C:\WINDOWS\system32\jjkkj.bak1 moved successfully.
C:\WINDOWS\system32\jjkkj.bak2 moved successfully.
C:\WINDOWS\system32\jjkkj.ini2 moved successfully.
C:\WINDOWS\system32\qqtss.bak1 moved successfully.
C:\WINDOWS\system32\qqtss.bak2 moved successfully.
C:\WINDOWS\system32\qqtss.ini2 moved successfully.
C:\WINDOWS\Internet Logs moved successfully.
Created on 12-17-2007 11:15:45
C:\WINDOWS\system32\sdfixwcs.dll NOT unregistered.
C:\WINDOWS\system32\sdfixwcs.dll moved successfully.
C:\WINDOWS\system32\klkkj.bak1 moved successfully.
C:\WINDOWS\system32\klkkj.ini moved successfully.
C:\WINDOWS\system32\rtstv.bak1 moved successfully.
C:\WINDOWS\system32\rtstv.ini moved successfully.
C:\WINDOWS\system32\pqtwa.bak1 moved successfully.
C:\WINDOWS\system32\pqtwa.ini moved successfully.
C:\WINDOWS\system32\vyadd.bak2 moved successfully.
C:\WINDOWS\system32\vyadd.bak1 moved successfully.
C:\WINDOWS\system32\vyadd.ini moved successfully.
C:\WINDOWS\system32\mmllm.bak2 moved successfully.
C:\WINDOWS\system32\mmllm.ini moved successfully.
C:\WINDOWS\system32\mlkkj.bak2 moved successfully.
C:\WINDOWS\system32\mlkkj.bak1 moved successfully.
C:\WINDOWS\system32\mlkkj.ini moved successfully.
C:\WINDOWS\system32\wvvwa.bak2 moved successfully.
C:\WINDOWS\system32\wvvwa.ini moved successfully.
C:\WINDOWS\system32\wvvwa.bak1 moved successfully.
C:\WINDOWS\system32\ututv.bak2 moved successfully.
C:\WINDOWS\system32\bbeeg.ini moved successfully.
C:\WINDOWS\system32\bbeeg.bak1 moved successfully.
C:\WINDOWS\system32\rttss.bak2 moved successfully.
C:\WINDOWS\system32\rqtss.ini moved successfully.
C:\WINDOWS\system32\rqtss.ini2 moved successfully.
C:\WINDOWS\system32\rstwa.ini moved successfully.
C:\WINDOWS\system32\rstwa.ini2 moved successfully.
C:\WINDOWS\system32\rstwa.tmp moved successfully.
C:\WINDOWS\system32\rstwa.bak2 moved successfully.
C:\WINDOWS\system32\rstwa.bak1 moved successfully.
C:\WINDOWS\system32\qrutv.bak2 moved successfully.
C:\WINDOWS\system32\qtvwa.bak2 moved successfully.
C:\WINDOWS\system32\qtvwa.ini moved successfully.
C:\WINDOWS\system32\qtvwa.bak1 moved successfully.
C:\WINDOWS\system32\qstwa.tmp moved successfully.
File/Folder C:\WINDOWS\system32\qrutv.in not found.
C:\WINDOWS\system32\qrutv.bak1 moved successfully.
C:\WINDOWS\system32\edeeg.bak2 moved successfully.
C:\WINDOWS\system32\edeeg.bak1 moved successfully.
C:\WINDOWS\system32\edeeg.ini moved successfully.
C:\WINDOWS\system32\rttss.bak1 moved successfully.
C:\WINDOWS\system32\rttss.ini moved successfully.
C:\WINDOWS\system32\datenacj.ini moved successfully.
C:\WINDOWS\system32\qllohuje.ini moved successfully.
C:\WINDOWS\system32\hmhohiiw.ini moved successfully.
C:\WINDOWS\system32\phctnyor.ini moved successfully.
C:\WINDOWS\system32\onnmp.bak1 moved successfully.
C:\WINDOWS\system32\onnmp.ini moved successfully.
C:\WINDOWS\system32\nnsgbcyj.ini moved successfully.
C:\WINDOWS\system32\aybeg.bak2 moved successfully.
C:\WINDOWS\system32\lorcweoc.ini moved successfully.
C:\WINDOWS\system32\kiuqfhmc.ini moved successfully.
C:\WINDOWS\system32\rqtwa.bak2 moved successfully.
C:\WINDOWS\system32\voaicfmu.ini moved successfully.
C:\WINDOWS\system32\uyhnaypn.ini moved successfully.
C:\WINDOWS\system32\rqtwa.bak1 moved successfully.
C:\WINDOWS\system32\rqtwa.ini moved successfully.
C:\WINDOWS\system32\bcbeg.bak2 moved successfully.
C:\WINDOWS\system32\orqss.bak2 moved successfully.
C:\WINDOWS\system32\abeeg.bak2 moved successfully.
C:\WINDOWS\system32\llkkj.bak2 moved successfully.
C:\WINDOWS\system32\yycdd.bak2 moved successfully.
C:\WINDOWS\system32\ututv.bak1 moved successfully.
C:\WINDOWS\system32\gjkmp.bak1 moved successfully.
C:\WINDOWS\system32\ycbeg.bak2 moved successfully.
C:\WINDOWS\system32\aybeg.bak1 moved successfully.
C:\WINDOWS\system32\stvwa.bak2 moved successfully.
C:\WINDOWS\system32\yycdd.bak1 moved successfully.
C:\WINDOWS\system32\yccdd.bak2 moved successfully.
C:\WINDOWS\system32\nqtwa.bak2 moved successfully.
C:\WINDOWS\system32\nqtwa.bak1 moved successfully.
C:\WINDOWS\system32\abeeg.bak1 moved successfully.
C:\WINDOWS\system32\bcbeg.bak1 moved successfully.
C:\WINDOWS\system32\stvwa.bak1 moved successfully.
C:\WINDOWS\system32\ttutv.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\imqbjahq.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\nxmrmcxs.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\monciqyy.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\awmsyydl.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\srutv.bak2 moved successfully.
File move failed. C:\WINDOWS\system32\mabncaji.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\srutv.bak1 moved successfully.
C:\WINDOWS\system32\nqtss.bak2 moved successfully.
File move failed. C:\WINDOWS\system32\rmpnrcon.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\imkigssu.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ahgsjabu.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\nqtss.bak1 moved successfully.
C:\WINDOWS\system32\orqss.ini2 moved successfully.
C:\WINDOWS\system32\orqss.bak1 moved successfully.
C:\WINDOWS\system32\ddeeg.bak1 moved successfully.
C:\WINDOWS\system32\srqss.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\shwuqvna.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\llkkj.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\rdakxxmv.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\vpbxjmfa.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ngswtxos.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\rgqtejml.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\ybeeg.bak2 moved successfully.
C:\WINDOWS\system32\ybeeg.ini2 moved successfully.
File move failed. C:\WINDOWS\system32\iftwxakj.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\ybeeg.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\fnfcgsnf.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\bqsosyky.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\ylmnrcte.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\orutv.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\qluiqonn.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\gdvtdlqw.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\lqeoxcay.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\aojvsrbo.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\mnnmp.bak2 moved successfully.
File move failed. C:\WINDOWS\system32\iviixrfp.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\crpylthf.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\tumikccf.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\mnnmp.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\pmcpqthv.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\iukkkvan.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\xaxeypea.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\rhcrfnoi.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\chcokluk.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\ihkmp.bak1 moved successfully.
File move failed. C:\WINDOWS\system32\leunpcfu.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\dbvxbmgp.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\opcyoyeg.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\yccdd.ini2 moved successfully.
File move failed. C:\WINDOWS\system32\lkpynlmu.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\qtncisdx.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\xlngbmhh.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\yccdd.bak1 moved successfully.
C:\WINDOWS\system32\rtutv.bak1 moved successfully.
C:\WINDOWS\system32\jjkkj.bak1 moved successfully.
C:\WINDOWS\system32\jjkkj.bak2 moved successfully.
C:\WINDOWS\system32\jjkkj.ini2 moved successfully.
C:\WINDOWS\system32\qqtss.bak1 moved successfully.
C:\WINDOWS\system32\qqtss.bak2 moved successfully.
C:\WINDOWS\system32\qqtss.ini2 moved successfully.
C:\WINDOWS\Internet Logs moved successfully.
Created on 12-17-2007 11:15:45
Je dois avouer que la vitesse a augmenter considérablement ! Merci a ta patience !
Et pour répondre a une de tes questions précédentes: Oui j'ai déja eu ZoneAlarm sur mon pc mais vraiment pas longtemps. Je l'ai suprimer le jour ou il a décidé de barrer l'accès a des sites web que je fréquente quotidiennement, a bloquer msn et d'autres cossins fatiguant du genre. Je sais que tout ces problèmes devaient se règler dans les paramètres mais après avoir quelques peu regarder, je n'ai rien trouver...
Voila le log hijackthis:
___________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:38, on 2007-12-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1417001333-1972579041-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1417001333-1972579041-725345543-1004\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime (User '?')
O4 - HKUS\S-1-5-21-1417001333-1972579041-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
Et pour répondre a une de tes questions précédentes: Oui j'ai déja eu ZoneAlarm sur mon pc mais vraiment pas longtemps. Je l'ai suprimer le jour ou il a décidé de barrer l'accès a des sites web que je fréquente quotidiennement, a bloquer msn et d'autres cossins fatiguant du genre. Je sais que tout ces problèmes devaient se règler dans les paramètres mais après avoir quelques peu regarder, je n'ai rien trouver...
Voila le log hijackthis:
___________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:38, on 2007-12-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1417001333-1972579041-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1417001333-1972579041-725345543-1004\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime (User '?')
O4 - HKUS\S-1-5-21-1417001333-1972579041-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: awvvs - C:\WINDOWS\system32\awvvs.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question