Jubei

Bonsoir a tous, Voila mon PC est débarrassé de ce WinIK.sys A force d'insister j'ai réussi a le détruire ainsi que le dossier (wxxrsxwv) et son contenu. Voici le dernier rapport hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 18:18:21, on 05/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\a2\a2guard.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/startpage/adsl/fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe" O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {D2A8444A-4E21-4FB2-A47E-8AADAF3AEB95} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: TurboDownload - {D2A8444A-4E21-4FB2-A47E-8AADAF3AEB95} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120307121765 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6727F491-B1A6-4776-8A54-C0F5785960A1}: NameServer = 212.151.137.166 130.244.127.161 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Impossible non plus

je vais essayer les renommer comment?

Je n'arrive toujours pas a supprimer ces clés de registre

Je suis en administrateur "control total"

NTFS

Ma session est en administrateur

Mode sans echec oui bien sur. Ton message initial : "Bonsoir un winik.sys (decouvert avec avr)" qu'est-ce que c'est avr ??? En fait avr = antivir

Profile.dat: H \ P r o g r a m F i l e s \ w x x r s x w v \ e U w D F o R N . d l l H \ P r o g r a m F i l e s \ w x x r s x w v \ e U w D F o R N . e x e H \ P r o g r a m F i l e s \ w x x r s x w v \ N R o F D w U e . e x e @ \ P r o g r a m F i l e s \ w x x r s x w v \ c n m l . e x e F \ P r o g r a m F i l e s \ w x x r s x w v \ p r o f i l e . d a t F \ W I N D O W S \ s y s t e m 3 2 \ d r i v e r s \ W i n I K . s y s ? \ R E G I S T R Y \ M A C H I N E \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n \ Q A F G R 5 U x r \ R E G I S T R Y \ M A C H I N E \ S y s t e m \ C u r r e n t C o n t r o l S e t \ S e r v i c e s \ w i n i k j \ R E G I S T R Y \ M A C H I N E \ S y s t e m \ C o n t r o l S e t 0 0 1 \ S e r v i c e s \ w i n i k La réponse pour ton message 64: Quand j'essaye de supprimer les clés manuellement = message: "suppression impossible: erreur lors de la suppression de la clé"

Me revoici afin Bonjour a tous J'ai comme programme de protection (Spybot et a-squared). Quand j'essaye de supprimer les clés manuellment impossible message: "suppression impossible: erreur lors de la suppression de la clé" Compte rendu d'antivir le winik.sys est toujours la et est toujours impossible de le détruire. Voici le wordpad de regsrch.vbs avec winik: REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "winik" 01/08/2005 11:50:41 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000] "Service"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000] "DeviceDesc"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000\Control] "ActiveService"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK] "DisplayName"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Enum] "0"="Root\\LEGACY_WINIK\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK\0000] "Service"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK\0000] "DeviceDesc"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinIK] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinIK] "DisplayName"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinIK\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000] "Service"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000] "DeviceDesc"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000\Control] "ActiveService"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK] "DisplayName"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Enum] "0"="Root\\LEGACY_WINIK\\0000" [HKEY_USERS\S-1-5-21-3634374741-3681855003-3820325642-1006\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit] "LastKey"="Poste de travail\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinIK" [HKEY_USERS\S-1-5-21-3634374741-3681855003-3820325642-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "c"="sc config WinIK start= disabled\\1" [HKEY_USERS\S-1-5-21-3634374741-3681855003-3820325642-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "d"="sc stop WinIK\\1" [HKEY_USERS\S-1-5-21-3634374741-3681855003-3820325642-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "e"="sc delete WinIK\\1" le contenu de winik.txt: Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 9483-7700 R‚pertoire de C:\ 28/07/2005 21:42 0 winik.txt 1 fichier(s) 0 octets R‚pertoire de C:\Documents and Settings\Herv‚ 28/07/2005 21:19 0 winik.txt 1 fichier(s) 0 octets R‚pertoire de C:\WINDOWS\system32\drivers 23/01/2005 23:55 14ÿ976 winik.sys 1 fichier(s) 14ÿ976 octets Total des fichiers list‚sÿ: 3 fichier(s) 14ÿ976 octets 0 R‚p(s) 51ÿ131ÿ019ÿ264 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 9483-7700 R‚pertoire de C:\PROGRA~1\wxxrsxwv 21/07/2005 00:32 <REP> . 21/07/2005 00:32 <REP> .. 22/10/2004 14:42 1ÿ466 babe.dat 26/12/2004 00:24 73ÿ728 cnml.exe 22/10/2004 14:42 1ÿ178 dfs.dat 22/12/2004 04:11 304 exit.dat 01/12/2004 04:57 972 obj.dat 27/01/2005 01:51 840 profile.dat 22/10/2004 14:42 78 url1.dat 26/01/2005 00:34 1ÿ498 url2.dat 22/10/2004 14:42 692 url8.dat 20/12/2004 04:16 398 url9.dat 15/01/2005 19:21 32ÿ800 urlx.dat 11 fichier(s) 113ÿ954 octets Total des fichiers list‚sÿ: 11 fichier(s) 113ÿ954 octets 2 R‚p(s) 51ÿ650ÿ875ÿ392 octets libres et un nouveau rapport HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 12:20:08, on 01/08/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVPersonal\AVGUARD.EXE C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\a2\a2guard.exe C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/startpage/adsl/fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [QAFGR5Ux] C:\PROGRA~1\wxxrsxwv\eUwDFoRN.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe" O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {D2A8444A-4E21-4FB2-A47E-8AADAF3AEB95} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: TurboDownload - {D2A8444A-4E21-4FB2-A47E-8AADAF3AEB95} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120307121765 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdcco...ad/IbmEgath.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateur/AccountHelper.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6727F491-B1A6-4776-8A54-C0F5785960A1}: NameServer = 212.151.136.254 130.244.127.161 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Bonne nuit a tous Je dois vous quitter pour ce soir mais je reviendrais pour d'autres manip., et suivre vos conseils. A bientôt

j'ai deux cd 1 cd de restauration (pilotes et utilitaires) 2 cd de restauration (fourni par unika).

voici le contenu: C:\PROGRA~1\wxxrsxwv Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 9483-7700 R‚pertoire de C:\PROGRA~1\wxxrsxwv 21/07/2005 00:32 <REP> . 21/07/2005 00:32 <REP> .. 22/10/2004 14:42 1ÿ466 babe.dat 26/12/2004 00:24 73ÿ728 cnml.exe 22/10/2004 14:42 1ÿ178 dfs.dat 22/12/2004 04:11 304 exit.dat 01/12/2004 04:57 972 obj.dat 27/01/2005 01:51 840 profile.dat 22/10/2004 14:42 78 url1.dat 26/01/2005 00:34 1ÿ498 url2.dat 22/10/2004 14:42 692 url8.dat 20/12/2004 04:16 398 url9.dat 15/01/2005 19:21 32ÿ800 urlx.dat 11 fichier(s) 113ÿ954 octets 2 R‚p(s) 51ÿ122ÿ065ÿ408 octets libres

Comment faire pour tous supprimer en même temps ?

voici le contenu de word pad après le regSrch.vbs: REGEDIT4 ; RegSrch.vbs © Bill James ; Registry search results for string "winik" 28/07/2005 23:07:06 ; NOTE: This file will be deleted when you close WordPad. ; You must manually save this file to a new location if you want to refer to it again later. ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000] "Service"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000] "DeviceDesc"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINIK\0000\Control] "ActiveService"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK] "DisplayName"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinIK\Enum] "0"="Root\\LEGACY_WINIK\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK\0000] "Service"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_WINIK\0000] "DeviceDesc"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000] "Service"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000] "DeviceDesc"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINIK\0000\Control] "ActiveService"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK] "DisplayName"="WinIK" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinIK\Enum] "0"="Root\\LEGACY_WINIK\\0000"