Précédent
- 1
- 2
-
voici le log,
ComboFix 09-01-13.04 - Propriétaire 2009-01-15 15:42:43.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.420 [GMT 1:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090115-0] *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\rnamfler\radhslib.dll
c:\program files\rnamfler\radprlib.dll
c:\program files\winvi
c:\windows\system32\ccvbvueq.ini
c:\windows\system32\cfx32.ocx
c:\windows\system32\cvvutidb.ini
c:\windows\system32\eghwynsu.ini
c:\windows\system32\ighoitqf.ini
c:\windows\system32\inmnladp.ini
c:\windows\system32\NVGgfMoq.ini
c:\windows\system32\NVGgfMoq.ini2
c:\windows\system32\PrqtsBeg.ini
c:\windows\system32\PrqtsBeg.ini2
c:\windows\system32\qdooknig.ini
c:\windows\system32\qflxnkqi.ini
c:\windows\system32\QWyFffii.ini
c:\windows\system32\QWyFffii.ini2
c:\windows\system32\tdnbyych.ini
c:\windows\system32\ttvaudhq.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-15 au 2009-01-15 ))))))))))))))))))))))))))))))))))))
.
2009-01-15 14:57 . 2009-01-15 15:19 <REP> d-------- C:\ToolBar SD
2009-01-15 13:38 . 2009-01-15 14:31 <REP> d-------- c:\program files\Navilog1
2009-01-15 13:16 . 2009-01-15 13:31 <REP> d-------- c:\program files\UsbFix
2009-01-15 11:56 . 2009-01-15 11:56 <REP> d-------- C:\rsit
2009-01-15 11:56 . 2009-01-15 11:56 <REP> d-------- c:\program files\trend micro
2009-01-15 11:13 . 2009-01-15 11:13 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Malwarebytes
2009-01-15 11:12 . 2009-01-15 11:13 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-15 11:12 . 2009-01-15 11:12 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-01-15 11:12 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-15 11:12 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-14 19:26 . 2009-01-14 19:26 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-01-14 19:26 . 2009-01-15 15:50 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\Skype
2009-01-04 16:30 . 2009-01-05 12:05 230 --a------ C:\config.xml
2009-01-04 15:58 . 2009-01-04 15:58 <REP> d-------- c:\program files\Microsoft Research
2009-01-04 14:22 . 2009-01-04 14:22 <REP> d-------- c:\program files\Windows Defender
2009-01-03 10:36 . 2009-01-03 10:36 <REP> d-------- c:\program files\PicLensIE
2009-01-01 13:33 . 2009-01-01 13:33 <REP> d-------- c:\program files\Microsoft Silverlight
2008-12-28 15:42 . 2008-12-28 15:42 <REP> d-------- c:\documents and settings\Iduna\Application Data\HiYo
2008-12-25 23:41 . 2009-01-15 09:06 <REP> d-------- c:\program files\Spyware Doctor
2008-12-25 23:41 . 2008-12-25 23:41 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\PC Tools
2008-12-25 23:41 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-25 23:41 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-25 23:41 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-25 23:41 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-12-25 21:58 . 2008-12-25 21:58 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\HiYo
2008-12-23 20:16 . 2009-01-04 15:07 <REP> d-------- c:\documents and settings\Iduna\Application Data\EoRezo
2008-12-19 22:16 . 2009-01-04 14:04 <REP> d-------- c:\documents and settings\Propriétaire\.housecall6.6
2008-12-19 22:16 . 2009-01-04 14:04 <REP> d-------- c:\documents and settings\Propriétaire\.housecall6.6
2008-12-18 21:24 . 2008-12-18 21:26 <REP> d-------- c:\program files\RegCleaner
2008-12-18 20:24 . 2009-01-04 19:58 <REP> d-------- c:\program files\EoRezo
2008-12-18 20:24 . 2009-01-04 19:58 <REP> d-------- c:\documents and settings\Propriétaire\Application Data\EoRezo
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 14:49 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-01-15 14:29 --------- d--h--r c:\program files\rnamfler
2009-01-15 07:54 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2009-01-15 07:45 --------- d-----w c:\documents and settings\Propriétaire\Application Data\skypePM
2009-01-14 21:20 --------- d-----w c:\program files\Google
2009-01-14 18:26 --------- d-----w c:\program files\Skype
2009-01-14 18:26 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2009-01-04 22:18 --------- d-----w c:\program files\DivX
2009-01-04 19:00 --------- d-----w c:\program files\Windows Live
2009-01-04 18:57 --------- d-----w c:\program files\Apple Software Update
2009-01-04 18:50 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Samsung
2009-01-04 18:47 --------- d-----w c:\program files\Fichiers communs\PrintFit Shared
2009-01-04 18:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 14:03 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-01-01 11:40 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-31 13:19 --------- d-----w c:\documents and settings\Propriétaire\Application Data\LimeWire
2008-12-31 10:29 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Comptabilité et Facturation
2008-12-31 10:08 --------- d-----w c:\program files\LimeWire
2008-12-25 11:24 --------- d-----w c:\program files\Veoh Networks
2008-12-18 21:35 --------- d-----w c:\program files\Alwil Software
2008-12-18 19:00 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-05 15:18 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\WLInstaller
2008-11-23 19:35 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-19 21:24 --------- d-----w c:\documents and settings\Propriétaire\Application Data\Leadertech
2008-11-19 20:11 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-18 21:40 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\IM
2008-11-18 21:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\IncrediMail
2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-25 18:19 81,920 ----a-w c:\windows\system32\W32N50.DLL
2008-10-25 18:19 17,134 ----a-w c:\windows\system32\PCANDIS5.SYS
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2007-07-30 19:26 135,680 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-01 1830128]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-13 3660848]
"Google Update"="c:\documents and settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wrna3ls"="c:\program files\rnamfler\naomf.exe" [2006-04-01 1253960]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"fssui"="c:\program files\Windows Live\Contrôle parental\fssui.exe" [2007-12-17 243240]
"SoftwareHelper"="c:\documents and settings\Propriétaire\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe" [2008-12-09 368224]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 c:\windows\system32\Hdaudpropshortcut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\Bin\w3dbsmgr.exe [2004-07-22 106546]
c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
HPAiODevice(hp officejet g series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe [2002-11-20 151552]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 12:40 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ 'autocheck autochk *'
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\explorer.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Documents and Settings\\Propriétaire\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Propriétaire\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-18 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024]
R3 PAC7311;VGA USB Camera;c:\windows\system32\drivers\PA707UCM.SYS [2008-02-14 154752]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-18 20560]
R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2008-12-05 43816]
R4 fsssvc;Windows Live OneCare Contrôle parental;c:\program files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 523816]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-25 356920]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2008-02-03 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2008-02-03 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2008-02-03 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [2008-02-03 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [2008-02-03 100008]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2008-10-25 217088]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'
2009-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1060284298-725345543-1003.job
- c:\documents and settings\Propri []
2009-01-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
URLSearchHooks-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
BHO-{12AE2025-3A9E-4640-BE1A-F30876B1A97E} - c:\windows\system32\geBstqrP.dll
WebBrowser-{2BAE58C2-79F9-45D1-A286-81F911301C3A} - (no file)
HKCU-Run-AccuWeatherDesktopAlerts - c:\program files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe
HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
HKCU-Run-Setup - c:\windows\system32\msiexeca.exe
HKLM-Run-CorelDRAW Graphics Suite 11b - (no file)
HKLM-Run-EoEngine - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 15:49:42
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\rnamfler\naofsvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\PAStiSvc.exe
c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
c:\windows\system32\hpoipm07.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2009-01-15 15:53:59 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-15 14:53:55
Avant-CF: 85 980 762 112 octets libres
Après-CF: 86,056,501,248 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
259 --- E O F --- 2009-01-14 20:02:56 -
Il me semble que la fenetre n'apparait plus. Est ce que tu as terminé?
En tout cas merci beaucoup pour ton aide et ta disponnibilitée.
Michael -
-
-
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
ok, j'ai trouvé voici le rapport rsit
Logfile of random's system information tool 1.05 (written by random/random)
Run by Propriétaire at 2009-01-15 16:58:32
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 86 GB (45%) free of 191 GB
Total RAM: 1023 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:59, on 15/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Documents and Settings\Propriétaire\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Propriétaire.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [wrna3ls] C:\program files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Propriétaire\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
-
Re,
* Telecharges Ad-Remover sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Deconnectes toi et fermes tous les programmes en cours /!\
* Double-cliques sur l'icone de ton bureau pour lancer l'installation :
--> installes le dans son emplacement par défaut : C:\Program files...
* Une fois installé, fermes le et double-cliques sur la nouvelle icone de ton bureau
--> au menu, choisis l'option A et patientes jusqu'à la fin du scan
* Postes le rapport généré -
voici le post ad R
------- Logfile of AD-Remover 1.0.9.1 | ONLY XP/VISTA -------
Updated by C_XX on 14/01/2009 at 20:00
START AT: 18:51:29 | Jeu 15/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
BOOT MODE: Normal
OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
PC: PIERREETHABITAT | USER: Propri‚taire ( Current user is an administrator)
DRIVE(S):
- C:\ (File System: NTFS)
- E:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\system32\
--- RUNNING PROCESSES: 51
+--------------------| Boonty/Boonty Games Elements found :
.
.
+--------------------| Eorezo Elements found :
Process: "SoftwareUpdateHP.exe" [PID:~412]
.
HKCU\SOFTWARE\EoRezo
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\SoftwareHelper
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoAdv\atl90.dll
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
C:\Program Files\EoRezo\EoAdv\mfc90.dll
C:\Program Files\EoRezo\EoAdv\msvcr90.dll
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\cache
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\cmhost.cyp
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\ConfMedia.cyp
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\db
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\eoStats
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\host.cyp
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\SoftwareUpdate
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\user.cyp
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\db\cat.cyp
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\eoDesktop\config.xml
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\eoDesktop\userConfig.xml
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\eoStats\eoStats.txt
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\SoftwareUpdate\user_config.cyp
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo\SoftwareUpdate\user_profil.cyp
C:\Documents and Settings\Propri‚taire\Cookies\propri‚taire@eorezo[1].txt
+--------------------| Everest Casino/Everest Poker Elements found :
.
.
+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
.
+--------------------| It's TV Elements found :
.
+--------------------| Sweetim Elements found :
.
.
+--------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
..\smwaqqzo.default\prefs.js :
~~~~ Mozilla FireFox version [Unable to get version] ~~~~
* Browser Search Default Engine: "Yahoo"
* Browser Search Selected Engine: "Yahoo"
* Browser Search Default Url: "https://fr.search.yahoo.com/web?fr=ytff-"
* Browser Startup HomePage: "http://lo.st#home"
.
FOUND - user_pref("browser.startup.homepage", "http://lo.st#home");
+---------------------------------------------------------------------------+
~~~~ Internet Explorer version 7.0.5730.13 ~~~~
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.google.com/
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://www.msn.com/
+---------------------------------------------------------------------------+
[~3866 bytes] - "C:\AD-report-Scan-15.01.2009.log"
END AT: 18:52:46 | 15/01/2009 - Time elapsed: 76.9 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 77 lines ]
+---------------------------------------------------------------------------+ -
Re,
* Relances AD-Remover et choisis l'option B
* à l'ecran selectionnes ce qui est a supprimer A, 1, 2, 3.....
* S pour lancer la suppression
* Postes le rapport généré. -
voici le rapport
------- Logfile of AD-Remover 1.0.9.1 | ONLY XP/VISTA -------
Updated by C_XX on 14/01/2009 at 20:00
*** Limited to ***
Boonty/BoontyGames
Eorezo
Everest Casino/Everest Poker
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim
******************
START AT: 19:08:09 | Jeu 15/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
BOOT MODE: Normal
OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
PC: PIERREETHABITAT | USER: Propri‚taire ( Current user is an administrator)
DRIVE(S):
- C:\ (File System: NTFS)
- E:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\system32\
--- RUNNING PROCESSES: 54
(!) ---- IE start pages reset
+--------------------| Boonty/Boonty Games Elements Deleted :
.
.
+--------------------| Eorezo Elements Deleted :
Process: "SoftwareUpdateHP.exe" [PID:~412]
.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\SoftwareHelper
HKCU\SOFTWARE\EoRezo
HKLM\SOFTWARE\EoRezo
.
C:\Program Files\EoRezo
C:\Documents and Settings\Propri‚taire\Application Data\EoRezo
C:\Documents and Settings\Propri‚taire\Cookies\propri‚taire@eorezo[1].txt
+--------------------| Everest Casino/Everest Poker Elements Deleted :
.
.
+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
.
+--------------------| It's TV Elements Deleted :
.
+--------------------| Sweetim Elements Deleted :
.
.
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+--------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
..\smwaqqzo.default\prefs.js :
~~~~ Mozilla FireFox version [Unable to get version] ~~~~
* Browser Search Default Engine: "Yahoo"
* Browser Search Selected Engine: "Yahoo"
* Browser Search Default Url: "https://fr.search.yahoo.com/web?fr=ytff-"
* Browser Startup HomePage: "http://lo.st#home"
.
REMOVED - user_pref("browser.startup.homepage", "http://lo.st#home");
+---------------------------------------------------------------------------+
~~~~ Internet Explorer version 7.0.5730.13 ~~~~
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.google.com/
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
[~2475 bytes] - "C:\AD-report-Clean-15.01.2009.log"
[~4198 bytes] - "C:\AD-report-Scan-15.01.2009.log"
END AT: 19:11:30 | 15/01/2009 - Time elapsed: 3 minutes, 20 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 65 lines ]
+---------------------------------------------------------------------------+ -
Re,
* Telecharges ToolsCleaner 2 sur ton bureau :
* double cliques sur l'icone pour le lancer
---> cliques sur Recherche et laisses le scanner le pc
---> à la fin clique sur Suppression pour finaliser
* Postes le rapport généré
PS: je dois m'absenter et serais de retour vers 21h pour finaliser !
A+ -
-
ok, a toute a l'heure
[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\TB.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Bureau\Navilog1.lnk: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\UsbFix.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Recent\HijackThis.lnk: trouvé !
C:\Program Files\HijackThis: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\Hijackthis\hijackthis.log: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users.WINDOWS\Bureau\Navilog1.lnk: supprimé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Propriétaire\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\TB.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\UsbFix.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\Rsit.exe: supprimé !
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: supprimé !
C:\Program Files\Hijackthis\hijackthis.log: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\SmitFraudfix: supprimé !
C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\UsbFix: supprimé !
C:\Program Files\HijackThis: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\UsbFix: supprimé ! -
*Mets Adobe à jour là et supprimes l'(es) ancienne(s) versions si presentes :
( decoche la casse proposant la Toolbar Google )
https://get2.adobe.com/reader/otherversions/
* Installe la dernière version de Java ici :
https://www.java.com/fr/download/manual.jsp
* Une fois à jour, telecharges JavaRa.zip
http://raproducts.org/click/click.php?id=1
* Decompresses le fichier sur ton bureau ( clic droit ---> extraire tout)
* Double-cliques sur le fichier obtenu ---> JavaRa.exe
( le " exe " peut ne pas s'afficher )
* Cliques sur Search For Updates
---> selectionnes Using junch.exe
----> puis cliques sur Search
* Autorises le processus a se connecter si il te le demande
---> cliques sur Install et suis les instructions...
* Quand l'installation est terminée :
---> revient à l'écran de JavaRa.exe
---> cliques sur Remove Old Versions
---> Cliques sur oui et laisses l'outil travailler
---> cliques ensuite sur Ok et à nouveau sur Ok
* Un rapport va s'ouvrir, postes le stp
Si tu as besoin de FlashPlayer tu peux le prendre ici :
https://get.adobe.com/flashplayer/?loc=fr
( Decoche la case proposant la Toolbar google )
* Ensuite, telecharges CCleaner ( exellent soft )
https://www.ccleaner.com/ccleaner/download
( Decoches la case proposant la Toolbar Yahoo
* Une fois installé, ouvres CCleaner :
--> cliques sur options--> avancé et decoche la case devant :
( effacer les fichiers plus vieux que 48 h)
* fermes ensuite tous les programmes en cours, lances CCleaner :
---> cliques sur Nettoyeur et lances l'analyse
---> puis lances le nettoyage, plusieurs fois si il le faut
* Refermes CCleaner, on s'en servira aprés...
* Si je peux te conseiller, changes d'antivirus :
-- Avast n'est plus l'antivirus qu'il était et je te conseillerais de changer pour Avira antivir.
( tu as le libre-choix de ne pas changer si tu veux...)
* Sinon pour supprimer Avast proprement :
https://www.avast.com/fr-fr/uninstall-utility
* Pout telecharger Avira Antivir :
https://www.avira.com/
* Si tu as choisis avira, fais un scan de ton pc en mode sans echec
---> au redemarrage en mode normal, avira scannera a nouveau le pc,
laisses le faire
* Postes le rapport généré
* Si tu gardes avast, fais un scan en ligne avec Kaspersky :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
( avec Internet Explorer )
* Tu dois accepter l'activex en cliquant sur la barre
* Tu dois d'abord attendre qu'il mette à jour les definitions virales
* Une fois fait, tu peux lancer le scan
* Postes le rapport généré
-
ok je fais tout ca demain matin.
Je te tent au courant,
a bientot -
JavaRa 1.13 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Jan 16 12:16:03 2009
Found and removed: C:\Program Files\Java\j2re1.4.2_05
Found and removed: C:\Program Files\Java\jre1.5.0_11
Found and removed: C:\Program Files\Java\jre1.6.0_01
Could not delete: C:\Program Files\Java\jre1.6.0_07
Asking Windows to delete (null) on reboot.Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142050}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\
------------------------------------
Finished reporting.
Précédent
- 1
- 2