Pc infecté :winisys.exe

Résolu/Fermé

clubland Messages postés 61 Date d'inscription vendredi 16 mars 2007 Statut Membre Dernière intervention 21 janvier 2023 - 20 juin 2009 à 15:57
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 21 juin 2009 à 16:08

Bonjour,
je crois que c'est un spyware mais j'arrive pas à le supprimé il se trouve ici C:\WINDOWS\system32\winisys.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:32, on 20/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\mFaraj DB viewer4.0.0\dbvstart.bat
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\hergli9\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.conduit.com/Default.aspx?ctid=CT1940427
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dbvstart] C:\Program Files\mFaraj DB viewer4.0.0\dbvstart.bat
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\hergli9\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Mywsystem] C:\WINDOWS\system32\winisys.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RESEAU')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9210813-78D7-490A-B28E-E80629388D6C}: NameServer = 193.95.93.77,193.95.66.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB991926-0F85-450F-9F67-EA596DF7DE5C}: NameServer = 193.95.122.40
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

A voir également:

Pc infecté :winisys.exe
Test performance pc - Guide
Reinitialiser pc - Guide
Pc lent - Guide
Whatsapp pc - Télécharger - Messagerie
Double ecran pc - Guide

26 réponses

Réponse 21 / 26

Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
20 juin 2009 à 18:54

1/

---> Lance ce fichier : C:\Program Files\Trend Micro\HijackThis\hergli9.exe

---> Choisis Do a system scan only.

---> Coche les cases qui sont devant les lignes suivantes :

R3 - URLSearchHook: (no name) - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - (no file)

O2 - BHO: (no name) - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - (no file)

O3 - Toolbar: (no name) - {88f8c352-20c7-4051-aaa1-5466cd5e5f63} - (no file)

O4 - HKCU\..\Run: [Mywsystem] C:\WINDOWS\system32\winisys.exe

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Ferme HijackThis.

2/

---> Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort.

---> Télécharge OTM (OldTimer) sur ton Bureau.

---> Double-clique sur OTM.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:services
mchInjDrv

:files
C:\WINDOWS\system32\winisys.exe
C:\WINDOWS\system32\run.bat
C:\WINDOWS\system32\Uninstall.exe
C:\WINDOWS\system32\Uninstall.ini
C:\tmp

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTM.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

clubland Messages postés 61 Date d'inscription vendredi 16 mars 2007 Statut Membre Dernière intervention 21 janvier 2023
20 juin 2009 à 19:23

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service\Driver mchInjDrv not found.
Service\Driver key mchInjDrv deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\winisys.exe moved successfully.
C:\WINDOWS\system32\run.bat moved successfully.
C:\WINDOWS\system32\Uninstall.exe moved successfully.
C:\WINDOWS\system32\Uninstall.ini moved successfully.
C:\tmp moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\burnlib.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\dsp_sps.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_aacplus.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_flac.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_flake.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_lame.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_vorbis.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_wav.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_wma.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\gen_crasher.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\gen_dropbox.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\gen_ff.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\gen_hotkeys.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\gen_ml.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\gen_tray.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_cdda.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_dshow.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_flac.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_flv.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_linein.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_midi.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_mod.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_mp3.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_mp4.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_nsv.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_swf.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_vorbis.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_wave.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_wm.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_autotag.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_bookmarks.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_dash.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_disc.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_history.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_impex.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_local.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_nowplaying.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_online.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_orb.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_playlists.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_plg.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_pmp.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_rg.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_transcode.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_wire.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\out_disk.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\out_ds.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\out_wave.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\playlist.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\pmp_activesync.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\pmp_ipod.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\pmp_njb.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\pmp_p4s.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\pmp_usb.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\tagz.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\vis_milk2.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\vis_nsfs.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\winamp.lng scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\hergli9\LOCALS~1\Temp\etilqs_xvofSgLjjfqMxZVVt5Hj scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\hergli9\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_44c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\hergli9\Local Settings\Application Data\Mozilla\Firefox\Profiles\cbttdfz0.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\hergli9\Local Settings\Application Data\Mozilla\Firefox\Profiles\cbttdfz0.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\hergli9\Local Settings\Application Data\Mozilla\Firefox\Profiles\cbttdfz0.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\hergli9\Local Settings\Application Data\Mozilla\Firefox\Profiles\cbttdfz0.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\hergli9\Local Settings\Application Data\Mozilla\Firefox\Profiles\cbttdfz0.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\hergli9\Local Settings\Application Data\Mozilla\Firefox\Profiles\cbttdfz0.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTM by OldTimer - Version 2.1.0.1 log created on 06202009_181913

Files moved on Reboot...
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\burnlib.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\dsp_sps.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_aacplus.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_flac.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_flake.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_lame.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_vorbis.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_wav.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\enc_wma.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\gen_crasher.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\gen_dropbox.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\gen_ff.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\gen_hotkeys.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\gen_ml.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\gen_tray.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_cdda.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_dshow.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_flac.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_flv.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_linein.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_midi.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_mod.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_mp3.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_mp4.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_nsv.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_swf.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_vorbis.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_wave.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\in_wm.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_autotag.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_bookmarks.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_dash.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_disc.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_history.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_impex.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_local.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_nowplaying.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_online.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_orb.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_playlists.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_plg.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_pmp.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_rg.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_transcode.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\ml_wire.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\out_disk.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\out_ds.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\out_wave.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\playlist.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\pmp_activesync.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\pmp_ipod.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\pmp_njb.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\pmp_p4s.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\pmp_usb.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\tagz.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\vis_milk2.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\vis_nsfs.lng moved successfully.
C:\DOCUME~1\hergli9\LOCALS~1\Temp\WLZF7E8.tmp\winamp.lng moved successfully.
File C:\DOCUME~1\hergli9\LOCALS~1\Temp\etilqs_xvofSgLjjfqMxZVVt5Hj not found!
File C:\WINDOWS\temp\Perflib_Perfdata_44c.dat not found!
C:\Documents and Settings\hergli9\Local Settings\Application Data\Mozilla\Firefox\Profiles\cbttdfz0.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\hergli9\Local Settings\Application Data\Mozilla\Firefox\Profiles\cbttdfz0.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\hergli9\Local Settings\Application Data\Mozilla\Firefox\Profiles\cbttdfz0.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\hergli9\Local Settings\Application Data\Mozilla\Firefox\Profiles\cbttdfz0.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\hergli9\Local Settings\Application Data\Mozilla\Firefox\Profiles\cbttdfz0.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\hergli9\Local Settings\Application Data\Mozilla\Firefox\Profiles\cbttdfz0.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Réponse 22 / 26

Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
20 juin 2009 à 19:24

Plus de souci ?

Réponse 23 / 26

clubland Messages postés 61 Date d'inscription vendredi 16 mars 2007 Statut Membre Dernière intervention 21 janvier 2023
20 juin 2009 à 19:26

je te remercie 1000 fois t vraiment un professionnel

Réponse 24 / 26

Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
20 juin 2009 à 19:28

1/

---> Désinstalle HijackThis.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2/

---> Télécharge et installe CCleaner Slim.
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.

3/

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

==Prévention==

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien

Sois plus vigilant(e) sur Internet ;)

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 26

clubland Messages postés 61 Date d'inscription vendredi 16 mars 2007 Statut Membre Dernière intervention 21 janvier 2023
21 juin 2009 à 10:04

[ Rapport ToolsCleaner version 2.3.6 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\UsbFix.txt: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\UsbFix.txt: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\_OTM: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!

Réponse 26 / 26

Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
21 juin 2009 à 16:08

Tu peux supprimer ToolsCleaner.

Newsletters