Analyse Hijack
Résolu
Adrien28110
Messages postés
21
Statut
Membre
-
crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
crapoulou Messages postés 42848 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention -
Bonjour,
Je souhaiterais savoir si vous voyez des probléme dans mon analyse Hijack :)
Parce que je sens des changements dans mon ordinateur
Comme promis la voici :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:46, on 23/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\FSAUA\program\fsus.exe
C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe
C:\Program Files\Powerware\LanSafe\bin\httpserver.exe
C:\Program Files\Powerware\LanSafe\bin\status_glance.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scan.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7758F092-5B74-449B-B5CA-29EB4DFD205B}: NameServer = 85.255.112.197,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9D51EFA-7570-423C-B225-3FD7CADD2800}: NameServer = 85.255.112.197,85.255.112.183
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.215,85.255.112.94
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.197,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.197,85.255.112.183
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LanSafe Power Monitor (LanSafe PM) - Powerware - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe
O23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MySQL41 - Unknown owner - C:\MONSERVEUR\MySQL\MySQL.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe
Je souhaiterais savoir si vous voyez des probléme dans mon analyse Hijack :)
Parce que je sens des changements dans mon ordinateur
Comme promis la voici :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:46, on 23/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\FSAUA\program\fsus.exe
C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe
C:\Program Files\Powerware\LanSafe\bin\httpserver.exe
C:\Program Files\Powerware\LanSafe\bin\status_glance.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scan.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7758F092-5B74-449B-B5CA-29EB4DFD205B}: NameServer = 85.255.112.197,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9D51EFA-7570-423C-B225-3FD7CADD2800}: NameServer = 85.255.112.197,85.255.112.183
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.215,85.255.112.94
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.197,85.255.112.183
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.197,85.255.112.183
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LanSafe Power Monitor (LanSafe PM) - Powerware - C:\Program Files\Powerware\LanSafe\Bin\PowerMonitor.exe
O23 - Service: LanSafe Process Manager - Powerware - C:\Program Files\Powerware\LanSafe\bin\xyntservice.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MySQL41 - Unknown owner - C:\MONSERVEUR\MySQL\MySQL.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe
A voir également:
- Analyse Hijack
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Échec de l'analyse antivirus. ✓ - Forum Antivirus
- Analyse et réparation disque dur externe - Guide
37 réponses
/!\ Procédure réservée à Adrien28110. Ne tentez pas de la reproduire si vous avez un problème similaire sous peine de planter votre machine /!\
Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
= = = = >>> En cliquant ici <<< = = = =
Une fois installé sur le bureau, double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée
Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :
Paste Instructions for Items to be moved.
:Processes
explorer.exe
:Files
NOM DES FICHIERS !!!
:reg
[HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"001"=""
[HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5604]
"004"=""
:Commands
[purity]
[emptytemp]
[Reboot]
Clique sur MoveIt! pour lancer la suppression.
Après avoir fait Moveit!, une fenêtre s'affiche :
"The system requires a reboot to finish removing files. Do you want to reboot now ?"
Réponds Yes.
Le résultat apparaîtra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
= = = = >>> En cliquant ici <<< = = = =
Une fois installé sur le bureau, double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée
Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :
Paste Instructions for Items to be moved.
:Processes
explorer.exe
:Files
NOM DES FICHIERS !!!
:reg
[HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"001"=""
[HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5604]
"004"=""
:Commands
[purity]
[emptytemp]
[Reboot]
Clique sur MoveIt! pour lancer la suppression.
Après avoir fait Moveit!, une fenêtre s'affiche :
"The system requires a reboot to finish removing files. Do you want to reboot now ?"
Réponds Yes.
Le résultat apparaîtra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder NOM DES FICHIERS !!! not found.
========== REGISTRY ==========
Unable to set value : HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5603\\"001"|"" /E!
Unable to set value : HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5604\\"004"|"" /E!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\etilqs_3Ed2yTTeHDKgDRoQKGXz scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF5099.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF55CF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF7D37.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF7DCB.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\nvcbin.def.76167175.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_254.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05242009_190438
Files moved on Reboot...
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\etilqs_3Ed2yTTeHDKgDRoQKGXz not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF5099.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF55CF.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF7D37.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF7DCB.tmp not found!
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
C:\WINDOWS\temp\nvcbin.def.76167175.TMP moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_254.dat not found!
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\XUL.mfl moved successfully.
Tien =').
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder NOM DES FICHIERS !!! not found.
========== REGISTRY ==========
Unable to set value : HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5603\\"001"|"" /E!
Unable to set value : HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5604\\"004"|"" /E!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\etilqs_3Ed2yTTeHDKgDRoQKGXz scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF5099.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF55CF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF7D37.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF7DCB.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\nvcbin.def.76167175.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_254.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05242009_190438
Files moved on Reboot...
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\etilqs_3Ed2yTTeHDKgDRoQKGXz not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF5099.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF55CF.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF7D37.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF7DCB.tmp not found!
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
C:\WINDOWS\temp\nvcbin.def.76167175.TMP moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_254.dat not found!
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\XUL.mfl moved successfully.
Tien =').
Faius ceci :
Démarrer > Exécuter > Regedit.
Déroule l'arborescence sur la colonne de gauche et cherche cette clé de registre :
HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5603
Clique une fois sur 5603.
Fichier > Exporter Nomme le 5603.reg
HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5604
De même avec cette clé en la nommant 5604.reg.
Assure-toi d'avoir correctement réalisé les opérations et dit moi quand c'est bon.
Démarrer > Exécuter > Regedit.
Déroule l'arborescence sur la colonne de gauche et cherche cette clé de registre :
HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5603
Clique une fois sur 5603.
Fichier > Exporter Nomme le 5603.reg
HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5604
De même avec cette clé en la nommant 5604.reg.
Assure-toi d'avoir correctement réalisé les opérations et dit moi quand c'est bon.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Refais Otmoveit avec ceci comme contenu :
Poste le rapport.
:processes explorer.exe :reg [HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5603] "001"=- [HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5604] "004"=- :Commands [purity] [emptytemp] [Reboot]
Poste le rapport.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5603 not found.
Registry value HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5604\\004 not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\etilqs_0nEg70Ghb1ZH2MQCXwnf scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\fla22.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF66F3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF6737.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF84C3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF850B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\nvcbin.def.76167175.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_13c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05242009_204308
Files moved on Reboot...
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\etilqs_0nEg70Ghb1ZH2MQCXwnf not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\fla22.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF66F3.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF6737.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF84C3.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF850B.tmp not found!
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\nvcbin.def.76167175.TMP scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_13c.dat not found!
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\XUL.mfl moved successfully.
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5603 not found.
Registry value HKEY_USERS\S-1-5-21-1343024091-1770027372-682003330-1005\Software\Microsoft\Search Assistant\ACMru\5604\\004 not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\etilqs_0nEg70Ghb1ZH2MQCXwnf scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\fla22.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF66F3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF6737.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF84C3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF850B.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\nvcbin.def.76167175.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_13c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05242009_204308
Files moved on Reboot...
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\etilqs_0nEg70Ghb1ZH2MQCXwnf not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\fla22.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF66F3.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF6737.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF84C3.tmp not found!
File C:\DOCUME~1\Adrien\LOCALS~1\Temp\~DF850B.tmp not found!
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\nvcbin.def.76167175.TMP scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_13c.dat not found!
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\t3g8e5ao.default\XUL.mfl moved successfully.
Ok.
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :
Télécharge toolscleaner sur ton Bureau
= = = =>>> En cliquant ici <<<= = = =
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse.
*********
Tu peux garder Malwarebytes anti malware en tant qu’anti malware, il est très efficace. (Même s’il ne résout pas tous les problèmes, bien entendu … !)
Par contre, il n’a pas de scan résident en mode gratuit ! Il faut donc pour l’utiliser le lancer, faire les mises à jour et faire un scan complet après.
*********
* Télécharge Ccleaner Slim :
= = = = >>> En cliquant ici <<< = = = =
* Installe le.
* Choisis l’onglet Nettoyeur
Quitte ton navigateur Internet avant de le lancer, décoche la dernière case (Avancé si elle est cochée) puis clique sur "lancer le nettoyage" quand il aura terminé le scan cliques en bas à droite sur "lancer le nettoyage" et accepte par oui.
Attention, il risque de vider ta corbeille : si tu veux récupérer des fichiers effacés par erreur, mieux vaut le faire maintenant.
* Choisis l’onglet Registre
- Clique sur Chercher des erreurs
- Une fois la recherche terminée, clic sur Réparer les erreurs sélectionnées (par défaut, tout est sélectionné, laisse comme ça)
- Au message Voulez-vous sauvegarder les changements faits dans le registre, réponds Oui et enregistre le fichier au format « .reg » en le nommant par la date par exemple en le mettant sur le bureau. Puis continue.
- A la fenêtre qui s’ouvre ensuite, clique sur Corriger toutes les erreurs sélectionnées puis OK
- Recommence jusqu’à ce qu’aucune erreur n’apparaisse (ou une seule récurrente).
- Ferme Ccleaner.
* Tutoriel en images ICI si besoin.
Note : La sauvegarde utilisée permet de remettre tel que la base était avant la manipulation au cas où il y aurait des soucis mais cela ne m’est jamais arrivé ! Il vaut mieux prendre des précautions, c’est tout. ;-)
Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :
Télécharge toolscleaner sur ton Bureau
= = = =>>> En cliquant ici <<<= = = =
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse.
*********
Tu peux garder Malwarebytes anti malware en tant qu’anti malware, il est très efficace. (Même s’il ne résout pas tous les problèmes, bien entendu … !)
Par contre, il n’a pas de scan résident en mode gratuit ! Il faut donc pour l’utiliser le lancer, faire les mises à jour et faire un scan complet après.
*********
* Télécharge Ccleaner Slim :
= = = = >>> En cliquant ici <<< = = = =
* Installe le.
* Choisis l’onglet Nettoyeur
Quitte ton navigateur Internet avant de le lancer, décoche la dernière case (Avancé si elle est cochée) puis clique sur "lancer le nettoyage" quand il aura terminé le scan cliques en bas à droite sur "lancer le nettoyage" et accepte par oui.
Attention, il risque de vider ta corbeille : si tu veux récupérer des fichiers effacés par erreur, mieux vaut le faire maintenant.
* Choisis l’onglet Registre
- Clique sur Chercher des erreurs
- Une fois la recherche terminée, clic sur Réparer les erreurs sélectionnées (par défaut, tout est sélectionné, laisse comme ça)
- Au message Voulez-vous sauvegarder les changements faits dans le registre, réponds Oui et enregistre le fichier au format « .reg » en le nommant par la date par exemple en le mettant sur le bureau. Puis continue.
- A la fenêtre qui s’ouvre ensuite, clique sur Corriger toutes les erreurs sélectionnées puis OK
- Recommence jusqu’à ce qu’aucune erreur n’apparaisse (ou une seule récurrente).
- Ferme Ccleaner.
* Tutoriel en images ICI si besoin.
Note : La sauvegarde utilisée permet de remettre tel que la base était avant la manipulation au cas où il y aurait des soucis mais cela ne m’est jamais arrivé ! Il vaut mieux prendre des précautions, c’est tout. ;-)
[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\Adrien\Bureau\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Adrien\Bureau\OAD.exe: trouvé !
C:\Documents and Settings\Adrien\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Mozilla Firefox\SmitFraudfix: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\Adrien\Bureau\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Adrien\Bureau\OAD.exe: supprimé !
C:\Documents and Settings\Adrien\Bureau\OTMoveIt3.exe: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Mozilla Firefox\SmitFraudfix: supprimé !
--> Recherche:
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\Adrien\Bureau\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Adrien\Bureau\OAD.exe: trouvé !
C:\Documents and Settings\Adrien\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Mozilla Firefox\SmitFraudfix: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\Adrien\Bureau\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Adrien\Bureau\OAD.exe: supprimé !
C:\Documents and Settings\Adrien\Bureau\OTMoveIt3.exe: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Mozilla Firefox\SmitFraudfix: supprimé !
