trojans errorsafe et Abetear
Svp, aidez moi à les éliminers! J´ai déjà vu EvilElf en action alors je copie mon raport hijackthis:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: gebyvur - C:\WINDOWS\SYSTEM32\gebyvur.dll
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
PS, je veu pas formater
Salut,
On voudrait tout le rapport s´il te plaît.
Tu ne veux pas qu´on t´aide ?
- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://siri.geekstogo.com/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l´option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse.
[*]process.exe est détecté par certains antivirus comme étant un risktool. Il ne s´agit pas d´un virus mais d´un utilitaire destiné à mettre fin à des processus.[*]
- Ne fais l´étape 2 que si on te le demande, on doit d´abord examiner le premier rapport de SmitfraudFix
SmitFraudFix v2.246
Rapport fait à 22:42:28,76, 2007-11-02
Executé à partir de C:\Documents and Settings\Claude Ferland\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\windows\system32\ciixwauyty.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNo
tifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Claude Ferland
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Claude Ferland\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CLAUDE~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d´accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!! !Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler´s .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!! !Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!! !Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d´ordonnancement de paquets
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4027E3DE-161C-4
7EC-87F6-ED680001EFD1}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4027E3DE-161C-4
7EC-87F6-ED680001EFD1}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4027E3DE-161C-4
7EC-87F6-ED680001EFD1}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4027E3DE-161C-4
7EC-87F6-ED680001EFD1}: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Voila 
t as un antispyware???
abetear je connais pas mais mon antispyware(spybot)a suffit pour retirer errorsafe
Spybot est un bon anti spyware mains il est un peut vieux , est surtout il ne supprimer pas l´infection en entier mains refait un scan avec HijackThis mains en entier car la il manque la moitié
aprés tu téléchargera A.V.G anti spyware un très bon anti spyware il est certes payant mains après les 30 jour tu pourra encor faire des scans anti spyware ses juste que les mise a jour seront supprimer
http://www.clubic.com/telecharger-fiche27645-avg-anti-spyware.html
Logfile of HijackThis v1.99.1
Scan saved at 22:50:32, on 2007-11-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNo
tifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\lxcfcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Hijackthis\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {321F12D3-5E06-4762-9F1A-CF2C7552F50A} - C:\WINDOWS\system32\vturs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53FD0B3A-26CF-40D6-A7EB-EECAF905F8C5} - C:\WINDOWS\system32\hjsycmql.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\gebyvur.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {95D7D186-B86B-AE0E-40FF-6B2912ECBA56} - C:\DOCUME~1\CLAUDE~1\APPLIC~1\BORECR~1\Htm Tons.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw
g.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O2 - BHO: (no name) - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXCFCATS] rundll32
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim
e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"
O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [IFSplash] IFSplash.exe 0
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ciixwauyty] c:\windows\system32\ciixwauyty.exe ciixwauyty
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNo
tifier.exe
O4 - HKCU\..\Run:
[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Curu] "C:\WINDOWS\APPATC~1\dvdplay.exe" -vt yazb
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZNxmk571YYCA
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ´Tools´ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ´Tools´ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader -
http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) -
http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -
http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} -
http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) -
http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} -
http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.otoy.com/download/CAB/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) -
http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: gebyvur - C:\WINDOWS\SYSTEM32\gebyvur.dll
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
Ps:J´ai trouver errorsafe avec AVG, mais je sais pas comment supprimer
J´ai supprimé abetear avec AVG, mais il me reste ErrorSafe...Pourtant je suis certain que j´ai bien fait "supprimé" dans le rapport...J´ai fait une autre analyse et j´ai rien trouvé, bizzare.
Télécharge GenProc de jean-chretien1 et narco4 sur ton bureau et dézippe-le:
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
Puis double-clique sur GenProc.bat et poste le contenu du rapport qui s´ouvre.
Rapport GenProc 0.72 [1] effectué le 2007-11-04 à 20:21:21,23 - SystemRoot = C:\WINDOWS
- Etape 1/ Télécharge :
- CCleaner
http://www.ccleaner.com/download/builds/downloading-basic
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.
- Navipromo.zip
http://www.alt-shift-return.org/Info/Fichiers/Navipromo073.zip et décompresse-le sur ton bureau
- Brute Force Uninstaller
http://www.merijn.org/files/bfu.zip et décompresse-le dans un dossier propre à lui (C:\BFU)
- Fais un clic droit de souris sur ce lien :
http://metallica.geekstogo.com/EGDACCESS.bfu
et choisis "Enregistrer sous" (dans IE c´est "Enregistrer le lien sous..")
afin de télécharger EGDACCESS.bfu, Type "Tous les fichiers". Sauvegarde dans le dossier créé (C:\BFU).
- VundoFix.exe (par Atribune)
http://www.atribune.org/ccount/click.php?id=4 sur ton Bureau
- combofix.exe (par [b]sUBs[/b])
http://download.bleepingccomputer.com/sUBs/ComboFix.exe sur ton Bureau
- ** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici
https://www.microsoft.com/technet/prodtechnol/windowsserver2003/fr/library/ServerHelp/e14bf84d-d2f7-42c3-9fae-2af3db3f806c.mspx?mfr=true (choisis ta session courante "Claude Ferland") *****
- Etape 2/
- lance le fichier Navipromo.bat qui se trouve dans le dossier Navipromo, sur ton bureau.
- Sélectionne l´option "Recherche et suppression automatique" en appuyant sur la touche R et en validant par entrée. Patiente.
S´il trouve l´adware Navipromo, tu verras défiler des lignes dans la fenêtre de commande et au bout de quelques instants, il faudra que tu appuies sur une touche pour que le nettoyage soit lancé. Lorsqu´il a terminé, ferme le rapport qui s´est ouvert
- Relance l´outil, Sélectionne l´option "Suppression Heuristique" en appuyant sur la touche H et en validant par entrée ; patiente quelques minutes. Lorsqu´il a terminé, ferme le rapport qui s´est ouvert
- Démarre le "Brute Force Uninstaller" en double-cliquant sur BFU.exe.
Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : EGDACCESS.bfu
- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
Clique sur "Execute" et laisse-le faire son travail.
Attendre que "Complete script execution" apparaîsse et clique sur OK. Clique exit pour fermer le programme BFU.
Recommence encore une fois.
- Démarrer -> panneau de configuration -> options internet
Clique sur l´onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :
electronic-group - egroup - Montorgueil - VIP - "Sunny Day Design Ltd"
=> Supprime-les tous
- Etape 3/
- Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton "Remove Vundo"
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t´annonce que ton PC va redémarrer; clique OK
Note: Il est possible que VundoFix soit confronté à un fichier qu´il ne peut supprimer. Si tel est le cas, l´outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo
- Double clique [b]combofix.exe[/b].
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra
- Etape 4/
Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c´est tout.
- Etape 5/
Redémarre normalement et poste :
- Un nouveau rapport HijackThis, toutes fenêtres et applications fermées
http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe ;
- Le contenu du rapport situé dans C:\vundofix.txt ;
- Le contenu du rapport situé dans C:\Combofix.txt ;
- Le contenu du fichier Navipromo.txt qui se trouve dans Poste de travail C:\ ;
Précise les difficultés que tu as eu (ce que tu n´as pas pu faire...) ainsi que l´évolution de la situation.
Logfile of HijackThis v1.99.1
Scan saved at 21:18:11, on 2007-11-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNo
tifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53FD0B3A-26CF-40D6-A7EB-EECAF905F8C5} - C:\WINDOWS\system32\hjsycmql.dll (file missing)
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
O2 - BHO: (no name) - {64174882-06E3-475D-ABF1-14D7B5712A92} - C:\WINDOWS\system32\vturs.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {95D7D186-B86B-AE0E-40FF-6B2912ECBA56} - C:\DOCUME~1\CLAUDE~1\APPLIC~1\BORECR~1\Htm Tons.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw
g.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXCFCATS] rundll32
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim
e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe"
O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [IFSplash] IFSplash.exe 0
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNo
tifier.exe
O4 - HKCU\..\Run:
[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Curu] "C:\WINDOWS\APPATC~1\dvdplay.exe" -vt yazb
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZNxmk571YYCA
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ´Tools´ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ´Tools´ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader -
http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) -
http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) -
http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} -
http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) -
http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} -
http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.otoy.com/download/CAB/OTOYAX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) -
http://www.shockwave.com/content/thinktanks/BTDownloadCtrl.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\windows\system32\aleyyove.dll
C:\windows\system32\ankcrdjp.dll
C:\windows\system32\axymgxxk.ini
C:\windows\system32\bicrdjbv.ini
C:\windows\system32\biddhfqs.dll
C:\windows\system32\bjlvhyav.dll
C:\windows\system32\bjosnqxt.exe
C:\windows\system32\bmcumxbd.exe
C:\windows\system32\caxwchsp.exe
C:\windows\system32\cgvajsvm.dll
C:\windows\system32\cheiowey.dll
C:\windows\system32\clnicgmi.dll
C:\windows\system32\cqkpiwuj.ini
C:\windows\system32\crdwgjbi.ini
C:\windows\system32\ctmhptok.ini
C:\windows\system32\dbpkular.dll
C:\windows\system32\dddyfboh.ini
C:\windows\system32\dpwuyvjh.ini
C:\windows\system32\dsmfeily.exe
C:\windows\system32\dwtkftho.ini
C:\windows\system32\dxuhfals.dll
C:\windows\system32\edmsymbt.dll
C:\windows\system32\efltdtxt.ini
C:\windows\system32\eoqiqbvl.ini
C:\windows\system32\epqvimsj.dll
C:\windows\system32\erutcyor.dll
C:\windows\system32\evoyyela.ini
C:\windows\system32\fabcusut.exe
C:\windows\system32\fjuphrpv.dll
C:\windows\system32\fruroadd.dll
C:\WINDOWS\system32\gebyvur.dll
C:\windows\system32\gijfqisl.exe
C:\windows\system32\gntssqtu.exe
C:\windows\system32\hjsycmql.dll
C:\windows\system32\hjvyuwpd.dll
C:\windows\system32\hlgyqdlj.dll
C:\windows\system32\hnagqtcb.dll
C:\windows\system32\hobfyddd.dll
C:\windows\system32\hrdlthgy.dll
C:\windows\system32\hygitayp.exe
C:\windows\system32\hykijrfw.ini
C:\windows\system32\hykijrfw.tmp
C:\windows\system32\ibjgwdrc.dll
C:\windows\system32\ijetwmpk.dll
C:\windows\system32\ijhbribm.exe
C:\windows\system32\imgcinlc.ini
C:\windows\system32\inmfdbtp.dll
C:\windows\system32\inthfjyj.dll
C:\windows\system32\isfactyd.dll
C:\windows\system32\iuyqeqml.dll
C:\windows\system32\jejuwkht.ini
C:\windows\system32\jkdpngyg.exe
C:\windows\system32\jkfasvje.exe
C:\windows\system32\jldqyglh.ini
C:\windows\system32\jpjcwqdt.ini
C:\windows\system32\juwipkqc.dll
C:\windows\system32\jyjfhtni.ini
C:\windows\system32\kanfjyin.ini
C:\windows\system32\kotphmtc.dll
C:\windows\system32\kpmwteji.ini
C:\windows\system32\kqxloapq.exe
C:\windows\system32\ktbvqgyk.dll
C:\windows\system32\kxxgmyxa.dll
C:\windows\system32\kyecamyp.ini
C:\windows\system32\kygqvbtk.ini
C:\windows\system32\lbyjdnpx.ini
C:\windows\system32\ldlpdyit.ini
C:\windows\system32\lmqeqyui.ini
C:\windows\system32\lvbqiqoe.dll
C:\windows\system32\mfbedrcy.ini
C:\windows\system32\nhlxydqp.ini
C:\windows\system32\nimoevki.dll
C:\windows\system32\nimulwkd.exe
C:\windows\system32\niyjfnak.dll
C:\windows\system32\objpidlt.ini
C:\windows\system32\ohtfktwd.dll
C:\windows\system32\opqbkxer.exe
C:\windows\system32\pjdrckna.ini
C:\windows\system32\pnhtnrws.dll
C:\windows\system32\pqdyxlhn.dll
C:\windows\system32\ptbdfmni.ini
C:\windows\system32\pufjhjrl.dll
C:\windows\system32\pymaceyk.dll
C:\windows\system32\rarhpvjt.ini
C:\windows\system32\rhawgule.dll
C:\windows\system32\rhnsadns.dll
C:\windows\system32\roycture.ini
C:\windows\system32\ruotadmg.exe
C:\windows\system32\sbmckijb.exe
C:\windows\system32\sijdbaov.dll
C:\windows\system32\slwfpjtn.dll
C:\windows\system32\sndasnhr.ini
C:\windows\system32\sqfhddib.ini
C:\windows\system32\srutv.bak1
C:\windows\system32\srutv.bak2
C:\windows\system32\srutv.ini
C:\windows\system32\tbmysmde.ini
C:\windows\system32\tdabpwxn.dll
C:\windows\system32\tdqwcjpj.dll
C:\windows\system32\thkwujej.dll
C:\windows\system32\tiydpldl.dll
C:\windows\system32\tjvphrar.dll
C:\windows\system32\tldipjbo.dll
C:\windows\system32\txtdtlfe.dll
C:\windows\system32\vayhvljb.ini
C:\windows\system32\vbjdrcib.dll
C:\windows\system32\voabdjis.ini
C:\WINDOWS\system32\vturs.dll
C:\windows\system32\vyogpmuy.exe
C:\windows\system32\wfkgmhsk.dll
C:\windows\system32\wfrjikyh.dll
C:\windows\system32\wnevlife.dll
C:\windows\system32\xgshxvsg.exe
C:\windows\system32\xhejvebf.exe
C:\windows\system32\xpndjybl.dll
C:\windows\system32\ycrdebfm.dll
C:\windows\system32\yghtldrh.ini
Beginning removal...
Attempting to delete C:\windows\system32\aleyyove.dll
C:\windows\system32\aleyyove.dll Has been deleted!
Attempting to delete C:\windows\system32\ankcrdjp.dll
C:\windows\system32\ankcrdjp.dll Has been deleted!
Attempting to delete C:\windows\system32\axymgxxk.ini
C:\windows\system32\axymgxxk.ini Has been deleted!
Attempting to delete C:\windows\system32\bicrdjbv.ini
C:\windows\system32\bicrdjbv.ini Has been deleted!
Attempting to delete C:\windows\system32\biddhfqs.dll
C:\windows\system32\biddhfqs.dll Has been deleted!
Attempting to delete C:\windows\system32\bjlvhyav.dll
C:\windows\system32\bjlvhyav.dll Has been deleted!
Attempting to delete C:\windows\system32\bjosnqxt.exe
C:\windows\system32\bjosnqxt.exe Has been deleted!
Attempting to delete C:\windows\system32\bmcumxbd.exe
C:\windows\system32\bmcumxbd.exe Has been deleted!
Attempting to delete C:\windows\system32\caxwchsp.exe
C:\windows\system32\caxwchsp.exe Has been deleted!
Attempting to delete C:\windows\system32\cgvajsvm.dll
C:\windows\system32\cgvajsvm.dll Has been deleted!
Attempting to delete C:\windows\system32\cheiowey.dll
C:\windows\system32\cheiowey.dll Has been deleted!
Attempting to delete C:\windows\system32\clnicgmi.dll
C:\windows\system32\clnicgmi.dll Has been deleted!
Attempting to delete C:\windows\system32\cqkpiwuj.ini
C:\windows\system32\cqkpiwuj.ini Has been deleted!
Attempting to delete C:\windows\system32\crdwgjbi.ini
C:\windows\system32\crdwgjbi.ini Has been deleted!
Attempting to delete C:\windows\system32\ctmhptok.ini
C:\windows\system32\ctmhptok.ini Has been deleted!
Attempting to delete C:\windows\system32\dbpkular.dll
C:\windows\system32\dbpkular.dll Has been deleted!
Attempting to delete C:\windows\system32\dddyfboh.ini
C:\windows\system32\dddyfboh.ini Has been deleted!
Attempting to delete C:\windows\system32\dpwuyvjh.ini
C:\windows\system32\dpwuyvjh.ini Has been deleted!
Attempting to delete C:\windows\system32\dsmfeily.exe
C:\windows\system32\dsmfeily.exe Has been deleted!
Attempting to delete C:\windows\system32\dwtkftho.ini
C:\windows\system32\dwtkftho.ini Has been deleted!
Attempting to delete C:\windows\system32\dxuhfals.dll
C:\windows\system32\dxuhfals.dll Has been deleted!
Attempting to delete C:\windows\system32\edmsymbt.dll
C:\windows\system32\edmsymbt.dll Has been deleted!
Attempting to delete C:\windows\system32\efltdtxt.ini
C:\windows\system32\efltdtxt.ini Has been deleted!
Attempting to delete C:\windows\system32\eoqiqbvl.ini
C:\windows\system32\eoqiqbvl.ini Has been deleted!
Attempting to delete C:\windows\system32\epqvimsj.dll
C:\windows\system32\epqvimsj.dll Has been deleted!
Attempting to delete C:\windows\system32\erutcyor.dll
C:\windows\system32\erutcyor.dll Has been deleted!
Attempting to delete C:\windows\system32\evoyyela.ini
C:\windows\system32\evoyyela.ini Has been deleted!
Attempting to delete C:\windows\system32\fabcusut.exe
C:\windows\system32\fabcusut.exe Has been deleted!
Attempting to delete C:\windows\system32\fjuphrpv.dll
C:\windows\system32\fjuphrpv.dll Has been deleted!
Attempting to delete C:\windows\system32\fruroadd.dll
C:\windows\system32\fruroadd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebyvur.dll
C:\WINDOWS\system32\gebyvur.dll Could not be deleted.
Attempting to delete C:\windows\system32\gijfqisl.exe
C:\windows\system32\gijfqisl.exe Has been deleted!
Attempting to delete C:\windows\system32\gntssqtu.exe
C:\windows\system32\gntssqtu.exe Has been deleted!
Attempting to delete C:\windows\system32\hjsycmql.dll
C:\windows\system32\hjsycmql.dll Has been deleted!
Attempting to delete C:\windows\system32\hjvyuwpd.dll
C:\windows\system32\hjvyuwpd.dll Has been deleted!
Attempting to delete C:\windows\system32\hlgyqdlj.dll
C:\windows\system32\hlgyqdlj.dll Has been deleted!
Attempting to delete C:\windows\system32\hnagqtcb.dll
C:\windows\system32\hnagqtcb.dll Has been deleted!
Attempting to delete C:\windows\system32\hobfyddd.dll
C:\windows\system32\hobfyddd.dll Has been deleted!
Attempting to delete C:\windows\system32\hrdlthgy.dll
C:\windows\system32\hrdlthgy.dll Has been deleted!
Attempting to delete C:\windows\system32\hygitayp.exe
C:\windows\system32\hygitayp.exe Has been deleted!
Attempting to delete C:\windows\system32\hykijrfw.ini
C:\windows\system32\hykijrfw.ini Has been deleted!
Attempting to delete C:\windows\system32\hykijrfw.tmp
C:\windows\system32\hykijrfw.tmp Has been deleted!
Attempting to delete C:\windows\system32\ibjgwdrc.dll
C:\windows\system32\ibjgwdrc.dll Has been deleted!
Attempting to delete C:\windows\system32\ijetwmpk.dll
C:\windows\system32\ijetwmpk.dll Has been deleted!
Attempting to delete C:\windows\system32\ijhbribm.exe
C:\windows\system32\ijhbribm.exe Has been deleted!
Attempting to delete C:\windows\system32\imgcinlc.ini
C:\windows\system32\imgcinlc.ini Has been deleted!
Attempting to delete C:\windows\system32\inmfdbtp.dll
C:\windows\system32\inmfdbtp.dll Has been deleted!
Attempting to delete C:\windows\system32\inthfjyj.dll
C:\windows\system32\inthfjyj.dll Has been deleted!
Attempting to delete C:\windows\system32\isfactyd.dll
C:\windows\system32\isfactyd.dll Has been deleted!
Attempting to delete C:\windows\system32\iuyqeqml.dll
C:\windows\system32\iuyqeqml.dll Has been deleted!
Attempting to delete C:\windows\system32\jejuwkht.ini
C:\windows\system32\jejuwkht.ini Has been deleted!
Attempting to delete C:\windows\system32\jkdpngyg.exe
C:\windows\system32\jkdpngyg.exe Has been deleted!
Attempting to delete C:\windows\system32\jkfasvje.exe
C:\windows\system32\jkfasvje.exe Has been deleted!
Attempting to delete C:\windows\system32\jldqyglh.ini
C:\windows\system32\jldqyglh.ini Has been deleted!
Attempting to delete C:\windows\system32\jpjcwqdt.ini
C:\windows\system32\jpjcwqdt.ini Has been deleted!
Attempting to delete C:\windows\system32\juwipkqc.dll
C:\windows\system32\juwipkqc.dll Has been deleted!
Attempting to delete C:\windows\system32\jyjfhtni.ini
C:\windows\system32\jyjfhtni.ini Has been deleted!
Attempting to delete C:\windows\system32\kanfjyin.ini
C:\windows\system32\kanfjyin.ini Has been deleted!
Attempting to delete C:\windows\system32\kotphmtc.dll
C:\windows\system32\kotphmtc.dll Has been deleted!
Attempting to delete C:\windows\system32\kpmwteji.ini
C:\windows\system32\kpmwteji.ini Has been deleted!
Attempting to delete C:\windows\system32\kqxloapq.exe
C:\windows\system32\kqxloapq.exe Has been deleted!
Attempting to delete C:\windows\system32\ktbvqgyk.dll
C:\windows\system32\ktbvqgyk.dll Has been deleted!
Attempting to delete C:\windows\system32\kxxgmyxa.dll
C:\windows\system32\kxxgmyxa.dll Has been deleted!
Attempting to delete C:\windows\system32\kyecamyp.ini
C:\windows\system32\kyecamyp.ini Has been deleted!
Attempting to delete C:\windows\system32\kygqvbtk.ini
C:\windows\system32\kygqvbtk.ini Has been deleted!
Attempting to delete C:\windows\system32\lbyjdnpx.ini
C:\windows\system32\lbyjdnpx.ini Has been deleted!
Attempting to delete C:\windows\system32\ldlpdyit.ini
C:\windows\system32\ldlpdyit.ini Has been deleted!
Attempting to delete C:\windows\system32\lmqeqyui.ini
C:\windows\system32\lmqeqyui.ini Has been deleted!
Attempting to delete C:\windows\system32\lvbqiqoe.dll
C:\windows\system32\lvbqiqoe.dll Has been deleted!
Attempting to delete C:\windows\system32\mfbedrcy.ini
C:\windows\system32\mfbedrcy.ini Has been deleted!
Attempting to delete C:\windows\system32\nhlxydqp.ini
C:\windows\system32\nhlxydqp.ini Has been deleted!
Attempting to delete C:\windows\system32\nimoevki.dll
C:\windows\system32\nimoevki.dll Has been deleted!
Attempting to delete C:\windows\system32\nimulwkd.exe
C:\windows\system32\nimulwkd.exe Has been deleted!
Attempting to delete C:\windows\system32\niyjfna.dll
C:\windows\system32\niyjfnak.dll Has been deleted!
Attempting to delete C:\windows\system32\objpidlt.ini
C:\windows\system32\objpidlt.ini Has been deleted!
Attempting to delete C:\windows\system32\ohtfktwd.dll
C:\windows\system32\ohtfktwd.dll Has been deleted!
Attempting to delete C:\windows\system32\opqbkxer.exe
C:\windows\system32\opqbkxer.exe Has been deleted!
Attempting to delete C:\windows\system32\pjdrckna.ini
C:\windows\system32\pjdrckna.ini Has been deleted!
Attempting to delete C:\windows\system32\pnhtnrws.dll
C:\windows\system32\pnhtnrws.dll Has been deleted!
Attempting to delete C:\windows\system32\pqdyxlhn.dll
C:\windows\system32\pqdyxlhn.dll Has been deleted!
Attempting to delete C:\windows\system32\ptbdfmni.ini
C:\windows\system32\ptbdfmni.ini Has been deleted!
Attempting to delete C:\windows\system32\pufjhjrl.dll
C:\windows\system32\pufjhjrl.dll Has been deleted!
Attempting to delete C:\windows\system32\pymaceyk.dll
C:\windows\system32\pymaceyk.dll Has been deleted!
Attempting to delete C:\windows\system32\rarhpvjt.ini
C:\windows\system32\rarhpvjt.ini Has been deleted!
Attempting to delete C:\windows\system32\rhawgule.dll
C:\windows\system32\rhawgule.dll Has been deleted!
Attempting to delete C:\windows\system32\rhnsadns.dll
C:\windows\system32\rhnsadns.dll Has been deleted!
Attempting to delete C:\windows\system32\roycture.ini
C:\windows\system32\roycture.ini Has been deleted!
Attempting to delete C:\windows\system32\ruotadmg.exe
C:\windows\system32\ruotadmg.exe Has been deleted!
Attempting to delete C:\windows\system32\sbmckijb.exe
C:\windows\system32\sbmckijb.exe Has been deleted!
Attempting to delete C:\windows\system32\sijdbaov.dll
C:\windows\system32\sijdbaov.dll Has been deleted
Attempting to delete C:\windows\system32\slwfpjtn.dll
C:\windows\system32\slwfpjtn.dll Has been deleted!
Attempting to delete C:\windows\system32\sndasnhr.ini
C:\windows\system32\sndasnhr.ini Has been deleted!
Attempting to delete C:\windows\system32\sqfhddib.ini
C:\windows\system32\sqfhddib.ini Has been deleted!
Attempting to delete C:\windows\system32\srutv.bak1
C:\windows\system32\srutv.bak1 Has been deleted!
Attempting to delete C:\windows\system32\srutv.bak2
C:\windows\system32\srutv.bak2 Has been deleted!
Attempting to delete C:\windows\system32\srutv.ini
C:\windows\system32\srutv.ini Has been deleted!
Attempting to delete C:\windows\system32\tbmysmde.ini
C:\windows\system32\tbmysmde.ini Has been deleted!
Attempting to delete C:\windows\system32\tdabpwxn.dll
C:\windows\system32\tdabpwxn.dll Has been deleted!
Attempting to delete C:\windows\system32\tdqwcjpj.dll
C:\windows\system32\tdqwcjpj.dll Has been deleted!
Attempting to delete C:\windows\system32\thkwujej.dll
C:\windows\system32\thkwujej.dll Has been deleted!
Attempting to delete C:\windows\system32\tiydpldl.dll
C:\windows\system32\tiydpldl.dll Has been deleted!
Attempting to delete C:\windows\system32\tjvphrar.dll
C:\windows\system32\tjvphrar.dll Has been deleted!
Attempting to delete C:\windows\system32\tldipjbo.dll
C:\windows\system32\tldipjbo.dll Has been deleted!
Attempting to delete C:\windows\system32\txtdtlfe.dll
C:\windows\system32\txtdtlfe.dll Has been deleted!
Attempting to delete C:\windows\system32\vayhvljb.ini
C:\windows\system32\vayhvljb.ini Has been deleted!
Attempting to delete C:\windows\system32\vbjdrcib.dll
C:\windows\system32\vbjdrcib.dll Has been deleted!
Attempting to delete C:\windows\system32\voabdjis.ini
C:\windows\system32\voabdjis.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\vturs.dll Has been deleted!
Attempting to delete C:\windows\system32\vyogpmuy.exe
C:\windows\system32\vyogpmuy.exe Has been deleted!
Attempting to delete C:\windows\system32\wfkgmhsk.dll
C:\windows\system32\wfkgmhsk.dll Has been deleted!
Attempting to delete C:\windows\system32\wfrjikyh.dll
C:\windows\system32\wfrjikyh.dll Has been deleted!
Attempting to delete C:\windows\system32\wnevlife.dll
C:\windows\system32\wnevlife.dll Has been deleted!
Attempting to delete C:\windows\system32\xgshxvsg.exe
C:\windows\system32\xgshxvsg.exe Has been deleted!
Attempting to delete C:\windows\system32\xhejvebf.exe
C:\windows\system32\xhejvebf.exe Has been deleted!
Attempting to delete C:\windows\system32\xpndjybl.dll
C:\windows\system32\xpndjybl.dll Has been deleted!
Attempting to delete C:\windows\system32\ycrdebfm.dll
C:\windows\system32\ycrdebfm.dll Has been deleted!
Attempting to delete C:\windows\system32\yghtldrh.ini
C:\windows\system32\yghtldrh.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gebyvur.dll
C:\WINDOWS\system32\gebyvur.dll Has been deleted!
Rapport Navipromo.bat 0.73 effectué le 2007-11-04 à 20:30:08,51
C:\
-- Le programme n´est pas lancé en mode sans échec par conséquent les résultats seront probablement faussés
- Recherche...
1/ ciixwauyty trouvé, recherche de ciixwauyty*
C:\WINDOWS\system32\ciixwauyty.dat
C:\WINDOWS\system32\ciixwauyty.exe
C:\WINDOWS\system32\ciixwauyty_nav.dat
C:\WINDOWS\system32\ciixwauyty_navps.dat
C:\WINDOWS\prefetch\CIIXWAUYTY.EXE-03A4F44C.pf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Run]
ciixwauyty REG_SZ c:\windows\system32\ciixwauyty.e
xe ciixwauyty
------------------
Fin du rapport de recherche
Adware Navipromo trouvé 1 fois avec cette méthode
- #############################################
- Nettoyage...
Aucune entrée de registre n´a été trouvée
- Backups :
C:\Navipromo\Backups\ARPCache.reg
C:\Navipromo\Backups\HKCURun.reg
C:\Navipromo\Backups\HKLMRun.reg
C:\Navipromo\Backups\Uninstall.reg
Ajout d´extension .off aux backups
- Fin du rapport de Suppression
-------------
Rapport Navipromo.bat 0.73 effectué le 2007-11-04 à 20:35:49,54
Le programme n´est pas lancé en mode sans échec par conséquent les résultats seront probablement faussés
- Suppression Heuristique
- Backups :
C:\Navipromo\Backups\Heuristic\abdngmoc.exe
C:\Navipromo\Backups\Heuristic\acjukwup.exe
C:\Navipromo\Backups\Heuristic\agicorqs.exe
C:\Navipromo\Backups\Heuristic\akijbdjh.exe
C:\Navipromo\Backups\Heuristic\akltkagi.exe
C:\Navipromo\Backups\Heuristic\aneghful.exe
C:\Navipromo\Backups\Heuristic\aqbsuppp.exe
C:\Navipromo\Backups\Heuristic\askqsocb.exe
C:\Navipromo\Backups\Heuristic\asnklmxu.exe
C:\Navipromo\Backups\Heuristic\asnqitak.exe
C:\Navipromo\Backups\Heuristic\asqxcdbj.exe
C:\Navipromo\Backups\Heuristic\auepwyum.exe
C:\Navipromo\Backups\Heuristic\aygdfdpn.exe
C:\Navipromo\Backups\Heuristic\aygkgoid.exe
C:\Navipromo\Backups\Heuristic\bbgdcmir.exe
C:\Navipromo\Backups\Heuristic\bhlfkfll.exe
C:\Navipromo\Backups\Heuristic\bilmafjy.exe
C:\Navipromo\Backups\Heuristic\bkfbjfrx.exe
C:\Navipromo\Backups\Heuristic\bnmkunma.exe
C:\Navipromo\Backups\Heuristic\boitghok.exe
C:\Navipromo\Backups\Heuristic\bojjqtdn.exe
C:\Navipromo\Backups\Heuristic\bowcjvuq.exe
C:\Navipromo\Backups\Heuristic\bpwbcirp.exe
C:\Navipromo\Backups\Heuristic\brivqwhl.exe
C:\Navipromo\Backups\Heuristic\bttrhlvo.exe
C:\Navipromo\Backups\Heuristic\bxekvqik.exe
C:\Navipromo\Backups\Heuristic\bxtidluc.exe
C:\Navipromo\Backups\Heuristic\ccespgmi.exe
C:\Navipromo\Backups\Heuristic\ceokgwvr.exe
C:\Navipromo\Backups\Heuristic\cexeqmva.exe
C:\Navipromo\Backups\Heuristic\cglsyygu.exe
C:\Navipromo\Backups\Heuristic\chhirvkx.exe
C:\Navipromo\Backups\Heuristic\chrbrmsj.exe
C:\Navipromo\Backups\Heuristic\cikemmjf.exe
C:\Navipromo\Backups\Heuristic\cjlrxyse.exe
C:\Navipromo\Backups\Heuristic\cjueaxci.exe
C:\Navipromo\Backups\Heuristic\ckvjeutq.exe
C:\Navipromo\Backups\Heuristic\clhfigxb.exe
C:\Navipromo\Backups\Heuristic\cllaamee.exe
C:\Navipromo\Backups\Heuristic\cnkokanh.exe
C:\Navipromo\Backups\Heuristic\cnyuidgp.exe
C:\Navipromo\Backups\Heuristic\cotljfka.exe
C:\Navipromo\Backups\Heuristic\cpnebyol.exe
C:\Navipromo\Backups\Heuristic\cstacfvg.exe
C:\Navipromo\Backups\Heuristic\cuiccpuu.exe
C:\Navipromo\Backups\Heuristic\cvrblagf.exe
C:\Navipromo\Backups\Heuristic\cwacuhxk.exe
C:\Navipromo\Backups\Heuristic\cwaeemfg.exe
C:\Navipromo\Backups\Heuristic\ddenenxb.exe
C:\Navipromo\Backups\Heuristic\dglhient.exe
C:\Navipromo\Backups\Heuristic\dgrrwffo.exe
C:\Navipromo\Backups\Heuristic\ditmknfn.exe
C:\Navipromo\Backups\Heuristic\diwtsdut.exe
C:\Navipromo\Backups\Heuristic\djtfxjor.exe
C:\Navipromo\Backups\Heuristic\dlkaqouq.exe
C:\Navipromo\Backups\Heuristic\dqcudyuu.exe
C:\Navipromo\Backups\Heuristic\dtlwnpot.exe
C:\Navipromo\Backups\Heuristic\dtrjgsfa.exe
C:\Navipromo\Backups\Heuristic\dvcjoxtj.exe
C:\Navipromo\Backups\Heuristic\dwwxvjah.exe
C:\Navipromo\Backups\Heuristic\dybootig.exe
C:\Navipromo\Backups\Heuristic\ecgpgjwh.exe
C:\Navipromo\Backups\Heuristic\ediiiraj.exe
C:\Navipromo\Backups\Heuristic\efpogdcq.exe
C:\Navipromo\Backups\Heuristic\ehgsfccc.exe
C:\Navipromo\Backups\Heuristic\eiasofbg.exe
C:\Navipromo\Backups\Heuristic\eldoyadc.exe
C:\Navipromo\Backups\Heuristic\eocnnacu.exe
C:\Navipromo\Backups\Heuristic\eonugwpo.exe
C:\Navipromo\Backups\Heuristic\epxexxuv.exe
C:\Navipromo\Backups\Heuristic\erntidgi.exe
C:\Navipromo\Backups\Heuristic\eymihrxn.exe
C:\Navipromo\Backups\Heuristic\fcagptaq.exe
C:\Navipromo\Backups\Heuristic\ffdrvsrr.exe
C:\Navipromo\Backups\Heuristic\fhixuvmr.exe
C:\Navipromo\Backups\Heuristic\fhpbkbst.exe
C:\Navipromo\Backups\Heuristic\flgnymqe.exe
C:\Navipromo\Backups\Heuristic\flibrwuy.exe
C:\Navipromo\Backups\Heuristic\fnuvykek.exe
C:\Navipromo\Backups\Heuristic\fsawbrnd.exe
C:\Navipromo\Backups\Heuristic\gaowvwan.exe
C:\Navipromo\Backups\Heuristic\gbodsaqw.exe
C:\Navipromo\Backups\Heuristic\gcetjcil.exe
C:\Navipromo\Backups\Heuristic\gfvjncpt.exe
C:\Navipromo\Backups\Heuristic\ghfbcrjx.exe
C:\Navipromo\Backups\Heuristic\GoogleDesktopSearch
Setup.exe
C:\Navipromo\Backups\Heuristic\gpviffng.exe
C:\Navipromo\Backups\Heuristic\gqdjhvqp.exe
C:\Navipromo\Backups\Heuristic\gvemcrxl.exe
C:\Navipromo\Backups\Heuristic\gydblsoh.exe
C:\Navipromo\Backups\Heuristic\haluotqa.exe
C:\Navipromo\Backups\Heuristic\hcqfvvpe.exe
C:\Navipromo\Backups\Heuristic\hcxmcypf.exe
C:\Navipromo\Backups\Heuristic\hdrssptg.exe
C:\Navipromo\Backups\Heuristic\hgxahqwh.exe
C:\Navipromo\Backups\Heuristic\hpnlntpt.exe
C:\Navipromo\Backups\Heuristic\hqfmgnyx.exe
C:\Navipromo\Backups\Heuristic\hqogvoek.exe
C:\Navipromo\Backups\Heuristic\iagtijqu.exe
C:\Navipromo\Backups\Heuristic\igdyrpod.exe
C:\Navipromo\Backups\Heuristic\iharujkl.exe
C:\Navipromo\Backups\Heuristic\iiinhtpd.exe
C:\Navipromo\Backups\Heuristic\iilifvbg.exe
C:\Navipromo\Backups\Heuristic\ijwvvmux.exe
C:\Navipromo\Backups\Heuristic\ijyigodg.exe
C:\Navipromo\Backups\Heuristic\imedxysp.exe
C:\Navipromo\Backups\Heuristic\inflouva.exe
C:\Navipromo\Backups\Heuristic\inobtqpd.exe
C:\Navipromo\Backups\Heuristic\iqnlxpun.exe
C:\Navipromo\Backups\Heuristic\iwwwojhe.exe
C:\Navipromo\Backups\Heuristic\iypcfxiw.exe
C:\Navipromo\Backups\Heuristic\jciyqwfu.exe
C:\Navipromo\Backups\Heuristic\jdvupess.exe
C:\Navipromo\Backups\Heuristic\jeolssmy.exe
C:\Navipromo\Backups\Heuristic\jerkxriq.exe
C:\Navipromo\Backups\Heuristic\jjboglgk.exe
C:\Navipromo\Backups\Heuristic\jjuoixte.exe
C:\Navipromo\Backups\Heuristic\jjxljvti.exe
C:\Navipromo\Backups\Heuristic\jktwxbgm.exe
C:\Navipromo\Backups\Heuristic\jlaonrqg.exe
C:\Navipromo\Backups\Heuristic\jlwewled.exe
C:\Navipromo\Backups\Heuristic\kgkdfhwr.exe
C:\Navipromo\Backups\Heuristic\khtghebn.exe
C:\Navipromo\Backups\Heuristic\khuuonpf.exe
C:\Navipromo\Backups\Heuristic\kisjfldm.exe
C:\Navipromo\Backups\Heuristic\koxupcgc.exe
C:\Navipromo\Backups\Heuristic\krkrqrey.exe
C:\Navipromo\Backups\Heuristic\krmsqbuq.exe
C:\Navipromo\Backups\Heuristic\ktpnrfru.exe
C:\Navipromo\Backups\Heuristic\kwstmiqi.exe
C:\Navipromo\Backups\Heuristic\kxexdlyb.exe
C:\Navipromo\Backups\Heuristic\ldhvruug.exe
C:\Navipromo\Backups\Heuristic\ldumdfgx.exe
C:\Navipromo\Backups\Heuristic\lfexenrr.exe
C:\Navipromo\Backups\Heuristic\limrxkss.exe
C:\Navipromo\Backups\Heuristic\lkntrvan.exe
C:\Navipromo\Backups\Heuristic\lquraqgj.exe
C:\Navipromo\Backups\Heuristic\ltnurtfx.exe
C:\Navipromo\Backups\Heuristic\lvevdxll.exe
C:\Navipromo\Backups\Heuristic\lwgusbig.exe
C:\Navipromo\Backups\Heuristic\mbvyxfgk.exe
C:\Navipromo\Backups\Heuristic\mchbnssn.exe
C:\Navipromo\Backups\Heuristic\mcjqxhku.exe
C:\Navipromo\Backups\Heuristic\milicjrk.exe
C:\Navipromo\Backups\Heuristic\mipwvsdy.exe
C:\Navipromo\Backups\Heuristic\moaewavj.exe
C:\Navipromo\Backups\Heuristic\moetfjrh.exe
C:\Navipromo\Backups\Heuristic\mwyrlovd.exe
C:\Navipromo\Backups\Heuristic\mxkwfllu.exe
C:\Navipromo\Backups\Heuristic\myoyfnqx.exe
C:\Navipromo\Backups\Heuristic\nbnwrttp.exe
C:\Navipromo\Backups\Heuristic\nhaeyvsr.exe
C:\Navipromo\Backups\Heuristic\nisgbfjh.exe
C:\Navipromo\Backups\Heuristic\nmdjoafy.exe
C:\Navipromo\Backups\Heuristic\nndkmqqv.exe
C:\Navipromo\Backups\Heuristic\nwgbdayq.exe
C:\Navipromo\Backups\Heuristic\nxvjbxhs.exe
C:\Navipromo\Backups\Heuristic\nyvwhmqq.exe
C:\Navipromo\Backups\Heuristic\oatwvthy.exe
C:\Navipromo\Backups\Heuristic\oferamkd.exe
C:\Navipromo\Backups\Heuristic\ofmrgevh.exe
C:\Navipromo\Backups\Heuristic\oiotsevk.exe
C:\Navipromo\Backups\Heuristic\oithuyia.exe
C:\Navipromo\Backups\Heuristic\oiwuoamj.exe
C:\Navipromo\Backups\Heuristic\omeoudla.exe
C:\Navipromo\Backups\Heuristic\ooubemmr.exe
C:\Navipromo\Backups\Heuristic\oqaemxwb.exe
C:\Navipromo\Backups\Heuristic\oqhncwaw.exe
C:\Navipromo\Backups\Heuristic\oqnpywmy.exe
C:\Navipromo\Backups\Heuristic\otfnbxhw.exe
C:\Navipromo\Backups\Heuristic\owhhlarw.exe
C:\Navipromo\Backups\Heuristic\owpbywqg.exe
C:\Navipromo\Backups\Heuristic\oycdrtdk.exe
C:\Navipromo\Backups\Heuristic\pajbhncv.exe
C:\Navipromo\Backups\Heuristic\peasgrfw.exe
C:\Navipromo\Backups\Heuristic\pknrfsca.exe
C:\Navipromo\Backups\Heuristic\plvekjyn.exe
C:\Navipromo\Backups\Heuristic\pmpbully.exe
C:\Navipromo\Backups\Heuristic\pncjqdes.exe
C:\Navipromo\Backups\Heuristic\pohimikp.exe
C:\Navipromo\Backups\Heuristic\povkphxs.exe
C:\Navipromo\Backups\Heuristic\ppohswup.exe
C:\Navipromo\Backups\Heuristic\puqadatc.exe
C:\Navipromo\Backups\Heuristic\putaycxs.exe
C:\Navipromo\Backups\Heuristic\pvsyeeyw.exe
C:\Navipromo\Backups\Heuristic\pwmndmmi.exe
C:\Navipromo\Backups\Heuristic\pxmksbyg.exe
C:\Navipromo\Backups\Heuristic\pxnxtlrt.exe
C:\Navipromo\Backups\Heuristic\pytapkhw.exe
C:\Navipromo\Backups\Heuristic\qftvorwk.exe
C:\Navipromo\Backups\Heuristic\qjdrincb.exe
C:\Navipromo\Backups\Heuristic\qmibkdom.exe
C:\Navipromo\Backups\Heuristic\qmolasnm.exe
C:\Navipromo\Backups\Heuristic\qodguuww.exe
C:\Navipromo\Backups\Heuristic\qrtbshyx.exe
C:\Navipromo\Backups\Heuristic\qtbccykf.exe
C:\Navipromo\Backups\Heuristic\qtreqhar.exe
C:\Navipromo\Backups\Heuristic\qxymlxnc.exe
C:\Navipromo\Backups\Heuristic\rccgqagw.exe
C:\Navipromo\Backups\Heuristic\rdbxwsam.exe
C:\Navipromo\Backups\Heuristic\rhnwnonk.exe
C:\Navipromo\Backups\Heuristic\rjgokuun.exe
C:\Navipromo\Backups\Heuristic\rnjimxex.exe
C:\Navipromo\Backups\Heuristic\rpdypsxp.exe
C:\Navipromo\Backups\Heuristic\rrddyjue.exe
C:\Navipromo\Backups\Heuristic\rrmhkydq.exe
C:\Navipromo\Backups\Heuristic\rtkxbxgx.exe
C:\Navipromo\Backups\Heuristic\rtvtwoqt.exe
C:\Navipromo\Backups\Heuristic\rvlsagfv.exe
C:\Navipromo\Backups\Heuristic\rxshtdpo.exe
C:\Navipromo\Backups\Heuristic\sblespfe.exe
C:\Navipromo\Backups\Heuristic\scktcwko.exe
C:\Navipromo\Backups\Heuristic\sewxktsw.exe
C:\Navipromo\Backups\Heuristic\sjrxxrjx.exe
C:\Navipromo\Backups\Heuristic\smsguwvn.exe
C:\Navipromo\Backups\Heuristic\sogjvrhy.exe
C:\Navipromo\Backups\Heuristic\sokljlws.exe
C:\Navipromo\Backups\Heuristic\spclokmp.exe
C:\Navipromo\Backups\Heuristic\sppospeq.exe
C:\Navipromo\Backups\Heuristic\sqhmqsda.exe
C:\Navipromo\Backups\Heuristic\sqylnaxv.exe
C:\Navipromo\Backups\Heuristic\svtdanvr.exe
C:\Navipromo\Backups\Heuristic\sxcppsum.exe
C:\Navipromo\Backups\Heuristic\sycqssfs.exe
C:\Navipromo\Backups\Heuristic\syfepprp.exe
C:\Navipromo\Backups\Heuristic\tbhbwkxu.exe
C:\Navipromo\Backups\Heuristic\tcadeuhu.exe
C:\Navipromo\Backups\Heuristic\tdudqunh.exe
C:\Navipromo\Backups\Heuristic\tejtvabs.exe
C:\Navipromo\Backups\Heuristic\tgopkcqc.exe
C:\Navipromo\Backups\Heuristic\thqthoae.exe
C:\Navipromo\Backups\Heuristic\tkattlge.exe
C:\Navipromo\Backups\Heuristic\tlbuedgx.exe
C:\Navipromo\Backups\Heuristic\tljomkjq.exe
C:\Navipromo\Backups\Heuristic\trvysgcu.exe
C:\Navipromo\Backups\Heuristic\tsvrbdgb.exe
C:\Navipromo\Backups\Heuristic\ttqjkldm.exe
C:\Navipromo\Backups\Heuristic\ttvpqbja.exe
C:\Navipromo\Backups\Heuristic\uajpogtr.exe
C:\Navipromo\Backups\Heuristic\ubcedsuy.exe
C:\Navipromo\Backups\Heuristic\ucjhswhg.exe
C:\Navipromo\Backups\Heuristic\udgkiplx.exe
C:\Navipromo\Backups\Heuristic\udnggrby.exe
C:\Navipromo\Backups\Heuristic\ueuconte.exe
C:\Navipromo\Backups\Heuristic\ujacvqfw.exe
C:\Navipromo\Backups\Heuristic\ujepnkbu.exe
C:\Navipromo\Backups\Heuristic\uppgmavi.exe
C:\Navipromo\Backups\Heuristic\utgedttq.exe
C:\Navipromo\Backups\Heuristic\uwgqfqwy.exe
C:\Navipromo\Backups\Heuristic\uwocxgav.exe
C:\Navipromo\Backups\Heuristic\uxachbpy.exe
C:\Navipromo\Backups\Heuristic\vfabkxyq.exe
C:\Navipromo\Backups\Heuristic\vfnpfrgy.exe
C:\Navipromo\Backups\Heuristic\vhmgedwj.exe
C:\Navipromo\Backups\Heuristic\vhruwudv.exe
C:\Navipromo\Backups\Heuristic\viplplui.exe
C:\Navipromo\Backups\Heuristic\vjfwadfy.exe
C:\Navipromo\Backups\Heuristic\vkktqjbq.exe
C:\Navipromo\Backups\Heuristic\vlxlvhwv.exe
C:\Navipromo\Backups\Heuristic\vqwbtxjj.exe
C:\Navipromo\Backups\Heuristic\vuyteqbe.exe
C:\Navipromo\Backups\Heuristic\vxvnrdjo.exe
C:\Navipromo\Backups\Heuristic\vypnfbcj.exe
C:\Navipromo\Backups\Heuristic\weeaqhfu.exe
C:\Navipromo\Backups\Heuristic\weivspqi.exe
C:\Navipromo\Backups\Heuristic\wgtejxaf.exe
C:\Navipromo\Backups\Heuristic\wkbxtbrg.exe
C:\Navipromo\Backups\Heuristic\wpthqkpy.exe
C:\Navipromo\Backups\Heuristic\wrwamnmn.exe
C:\Navipromo\Backups\Heuristic\wsxifhdp.exe
C:\Navipromo\Backups\Heuristic\wvhxpegs.exe
C:\Navipromo\Backups\Heuristic\wxjnudwc.exe
C:\Navipromo\Backups\Heuristic\xfftkhdf.exe
C:\Navipromo\Backups\Heuristic\xgincupn.exe
C:\Navipromo\Backups\Heuristic\xiewcvsn.exe
C:\Navipromo\Backups\Heuristic\xjdosryl.exe
C:\Navipromo\Backups\Heuristic\xjrxdjtu.exe
C:\Navipromo\Backups\Heuristic\xqvpbvhb.exe
C:\Navipromo\Backups\Heuristic\xswrbbgn.exe
C:\Navipromo\Backups\Heuristic\yamlmhlq.exe
C:\Navipromo\Backups\Heuristic\ycryvoyr.exe
C:\Navipromo\Backups\Heuristic\yerxrowx.exe
C:\Navipromo\Backups\Heuristic\yisytbtl.exe
C:\Navipromo\Backups\Heuristic\yljhasah.exe
C:\Navipromo\Backups\Heuristic\yslrsehb.exe
C:\Navipromo\Backups\Heuristic\yvuchlur.exe
Ajout d´extension .off aux backups
Backups exe renommés avec succès
- Fin du rapport Heuristique
ComboFix 07-11-01.1 - Claude Ferland 2007-11-04 20:58:53.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.213 [GMT -5:00]
Running from: C:\Documents and Settings\Claude Ferland\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Claude Ferland\Application Data\macromedia\Flash Player\#SharedObjects\3CBDKR8K\iforex.com
C:\Documents and Settings\Claude Ferland\Application Data\macromedia\Flash
Player\#SharedObjects\3CBDKR8K\iforex.com\Emerp\Ev
ents\flash_object.swf\user_data.sol
C:\Documents and Settings\Claude Ferland\Application Data\macromedia\Flash
Player\#SharedObjects\3CBDKR8K\www.broadcaster.com
C:\Documents and Settings\Claude Ferland\Application Data\macromedia\Flash
Player\macromedia.com\support\flashplayer\sys\#ifo
rex.com
C:\Documents and Settings\Claude Ferland\Application Data\macromedia\Flash
Player\macromedia.com\support\flashplayer\sys\#ifo
rex.com\settings.sol
C:\Documents and Settings\Claude Ferland\Application Data\macromedia\Flash
Player\macromedia.com\support\flashplayer\sys\#www
.broadcaster.com
C:\Documents and Settings\Claude Ferland\Application Data\macromedia\Flash
Player\macromedia.com\support\flashplayer\sys\#www
.broadcaster.com\settings.sol
C:\WINDOWS\appatc~1
C:\WINDOWS\appatc~1\A?pPatch\
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\adxxiygd.ini
C:\WINDOWS\system32\arkonowl.ini
C:\WINDOWS\system32\bilreqgv.ini
C:\WINDOWS\system32\buyxfxkg.dll
C:\WINDOWS\system32\ciixwauyty.dat
C:\WINDOWS\system32\ciixwauyty.exe
C:\WINDOWS\system32\ciixwauyty_nav.dat
c:\WINDOWS\system32\ciixwauyty_navps.dat
C:\WINDOWS\system32\cjlonhbs.dll
C:\WINDOWS\system32\clgdbtik.dll
C:\WINDOWS\system32\cmerfdqq.dll
C:\WINDOWS\system32\cposrupc.dll
C:\WINDOWS\system32\cpursopc.ini
C:\WINDOWS\system32\dgyixxda.dll
C:\WINDOWS\system32\didxyids.dll
C:\WINDOWS\system32\dqqvdnjf.dll
C:\WINDOWS\system32\fjndvqqd.ini
C:\WINDOWS\system32\gftcyrxy.dll
C:\WINDOWS\system32\hkcbsigp.dll
C:\WINDOWS\system32\hmmqblxt.dll
C:\WINDOWS\system32\iauyrulx.ini
C:\WINDOWS\system32\icahjodu.dll
C:\WINDOWS\system32\idmovgdm.ini
C:\WINDOWS\system32\ipmpoiaq.dll
C:\WINDOWS\system32\itdrucod.dll
C:\WINDOWS\system32\iwsxhxcv.ini
C:\WINDOWS\system32\kfhparyd.dll
C:\WINDOWS\system32\khqpplck.dll
C:\WINDOWS\system32\kihoikmd.dll
C:\WINDOWS\system32\lmaojhvl.dll
C:\WINDOWS\system32\lwonokra.dll
C:\WINDOWS\system32\mdgvomdi.dll
C:\WINDOWS\system32\mftqhpmw.dll
C:\WINDOWS\system32\mmvmhuyr.ini
C:\WINDOWS\system32\mrpniaev.dll
C:\WINDOWS\system32\nljgmjpm.dll
C:\WINDOWS\system32\ooagtmks.dll
C:\WINDOWS\system32\pdvbtfcu.dll
C:\WINDOWS\system32\pjydjvnu.dll
C:\WINDOWS\system32\pqbhpuda.dll
C:\WINDOWS\system32\pwokskgu.dll
C:\WINDOWS\system32\pyjjmqlx.dll
C:\WINDOWS\system32\qaiopmpi.ini
C:\WINDOWS\system32\qqdfremc.ini
C:\WINDOWS\system32\qrjyoljv.dll
C:\WINDOWS\system32\rgrnysus.dll
C:\WINDOWS\system32\rwpyhqpj.dll
C:\WINDOWS\system32\ryuhmvmm.dll
C:\WINDOWS\system32\sdiyxdid.ini
C:\WINDOWS\system32\sjrflfwk.dll
C:\WINDOWS\system32\slrwsntd.dll
C:\WINDOWS\system32\susynrgr.ini
C:\WINDOWS\system32\tjmpprxh.dll
C:\WINDOWS\system32\tpfpraet.dll
C:\WINDOWS\system32\uxwyettl.dll
C:\WINDOWS\system32\vcnqiewt.dll
C:\WINDOWS\system32\vcxhxswi.dll
C:\WINDOWS\system32\veainprm.ini
C:\WINDOWS\system32\vgqerlib.dll
C:\WINDOWS\system32\vkiiulfa.dll
C:\WINDOWS\system32\vqbvrexq.dll
C:\WINDOWS\system32\xluryuai.dll
C:\WINDOWS\system32\yutwyfhr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services
)))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((((((( Fichiers créés 2007-10-05 to 2007-11-05 ))))))))))))))))))))))))))))))))))))
.
2007-11-04 20:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-04 20:45 <REP> d-------- C:\VundoFix Backups
2007-11-04 20:30 <REP> d-------- C:\Navipromo
2007-11-04 20:27 <REP> d-------- C:\BFU
2007-11-04 20:25 <REP> d-------- C:\Program Files\PC Registry Cleaner
2007-11-04 20:24 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-03 21:55 <REP> d-------- C:\Documents and Settings\Claude Ferland\Application Data\Grisoft
2007-11-03 21:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-03
21:54 10,872 --a------ C:\WINDOWS\system32\drivers
\AvgAsCln.sys
2007-11-02
21:42 289,144 --a------ C:\WINDOWS\system32\VCCLSI
D.exe
2007-11-02
21:42 288,417 --a------ C:\WINDOWS\system32\SrchST
S.exe
2007-11-02
21:42 53,248 --a------ C:\WINDOWS\system32\Process
.exe
2007-11-02
21:42 51,200 --a------ C:\WINDOWS\system32\dumphiv
e.exe
2007-11-02
21:42 25,600 --a------ C:\WINDOWS\system32\WS2Fix.
exe
2007-11-02
21:42 2,514 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-16 17:16 <REP> d-------- C:\Documents and Settings\All Users\SonicStage
2007-10-16 17:02 90,112 --------- C:\WINDOWS\snymsico.dll
2007-10-16
17:02 38,951 --------- C:\WINDOWS\system32\drivers
\NETMDUSB.sys
2007-10-16
17:02 36,679 --------- C:\WINDOWS\system32\drivers
\NETMD052.sys
2007-10-16
17:02 36,232 --------- C:\WINDOWS\system32\drivers
\NETMD033.sys
2007-10-16
17:02 35,319 --------- C:\WINDOWS\system32\drivers
\NETMD031.sys
2007-10-16 16:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-10-16 16:52 <REP> d-------- C:\Program Files\Sony
2007-10-16 16:39 <REP> d-------- C:\Program Files\Fichiers communs\Sony Shared
2007-10-16 16:39 <REP> d-------- C:\Documents and Settings\Claude Ferland\Application Data\Sony Corporation
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-04
21:55 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB
.exe
2007-11-04 18:31 --------- d-----w C:\Program Files\Morpheus
2007-10-30 19:46 --------- d-----w C:\Program Files\Fichiers communs\PestPatrol
2007-10-16 22:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-16 20:46 --------- d-----w C:\Documents and Settings\Claude Ferland\Application Data\AdobeUM
2007-10-08
01:33 22,328 ----a-w C:\WINDOWS\system32\drivers\P
nkBstrK.sys
2007-10-01 20:44 --------- d-----w C:\Program Files\Fichiers communs\SunnComm Shared
2007-08-25
16:31 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.
exe
2007-08-21
06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm
.dll
2007-05-08 23:38 283,648 ----a-w C:\Documents and Settings\Claude Ferland\bbb.exe
2007-05-08 23:38 12,374 ----a-w C:\Documents and Settings\Claude Ferland\ma.exe
2005-11-22 16:14 32 -c--a-r C:\Documents and Settings\All Users\hash.dat
2000-12-12 05:47 274,452 -c--a-w C:\Documents and Settings\Claude Ferland\Metroid level03.exe
2000-11-28 01:58 286,228 -c--a-w C:\Documents and Settings\Claude Ferland\Metroid arrivée.exe
2000-11-21 03:49 286,228 -c--a-w C:\Documents and Settings\Claude Ferland\Metroid level01.exe
2000-11-21 02:44 286,228 -c--a-w C:\Documents and Settings\Claude Ferland\Metroid level02.exe
2000-11-21 01:42 286,228 -c--a-w C:\Documents and Settings\Claude Ferland\Metroid Béta Démo.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
- Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53FD0B3A-26CF-40D6-A7EB-EECAF905F8C5}]
C:\WINDOWS\system32\hjsycmql.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64174882-06E3-475D-ABF1-14D7B5712A92}]
C:\WINDOWS\system32\vturs.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95D7D186-B86B-AE0E-40FF-6B2912ECBA56}]
C:\DOCUME~1\CLAUDE~1\APPLIC~1\BORECR~1\Htm Tons.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-29 17:53]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22]
"nwiz"="nwiz.exe" [2006-06-01 16:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll"
[2006-06-01 16:22]
"LXCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X
86\3\LXCFtime.dll" [2005-07-20 12:47]
"SSA.exe"="C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" [2006-05-15 09:41]
"Gestionnaire de sécurité"="C:\Program Files\Bell\Gestionnaire de securite\Rps.exe" [2006-06-20 13:36]
"IFSplash"="IFSplash.exe" []
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curr
entVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00]
"swg"="C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNo
tifier.exe" [2007-07-25 20:21]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49]
"Curu"="C:\WINDOWS\APPATC~1\dvdplay.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\curr
entversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GStartup.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Claude Ferland^Menu Démarrer^Programmes^Démarrage^Morpheus.lnk]
path=C:\Documents and Settings\Claude Ferland\Menu Démarrer\Programmes\Démarrage\Morpheus.lnk
backup=C:\WINDOWS\pss\Morpheus.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Claude Ferland^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Claude Ferland\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blubster]
C:\Program Files\Blubster\Blubster.exe SILENT
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
"C:\Program Files\Fichiers communs\CMEII\CMESys.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates]
"C:\Program Files\WebRebates4\webrebates.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 imhidusb;Immersion´s HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys
S3
jatmlano;jatmlano;\??\C:\DOCUME~1\CLAUDE~1\LOCALS~
1\Temp\jatmlano.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
.
- ***********************************************
- *********************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-04 21:07:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
- ***********************************************
- *********************
.
Completion time: 2007-11-04 21:10:21 - machine was rebooted
.
--- E O F ---
J´ai pas réussi pour BFU et le line de CCleaner marche pas.
Salut,
Pour BFU ressaye la manip c´est important. Suis bien les consignes c´est pas sorcier.
Pour Ccleaner télécharge le sur ce site alors :
http://www.01net.com/telecharger/
Est-ce qu´il faut tout recommencer? Car j´ai réessayer pour BFU et ca a marche. J´ai aussi fait le truc du CCleaner.
ErrorSafe est toujours la
- Aide à l'achat Mac
- Création de sites web
- Création de Jeux
- Linux
- Programmation
- Internet
- Steam Deck
- Macintosh
- Hardware