SYSTEM DOCTOR
Dernière réponse : dans Sécurité
bonjour,
je rencontre également ce problème avec system doctor, j'ai installé F Secure Blacklight, et voici le contenu du rapport :
08/01/06 12:37:40 [Info]: BlackLight Engine 1.0.42 initialized
08/01/06 12:37:40 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/01/06 12:37:40 [Note]: 7019 4
08/01/06 12:37:40 [Note]: 7005 0
08/01/06 12:37:43 [Note]: 7006 0
08/01/06 12:37:43 [Note]: 7011 1780
08/01/06 12:37:43 [Note]: 7026 0
08/01/06 12:37:43 [Note]: 7026 0
08/01/06 12:37:43 [Note]: 7024 3
08/01/06 12:37:43 [Info]: Hidden process: C:\windows\system32\xvptyulqef.exe
08/01/06 12:37:43 [Note]: FSRAW library version 1.7.1019
08/01/06 12:40:26 [Info]: Hidden file: c:\WINDOWS\Prefetch\XVPTYULQEF.EXE-086AE61C.pf
08/01/06 12:40:26 [Note]: 10002 1
08/01/06 12:40:34 [Info]: Hidden file: c:\WINDOWS\system32\xvptyulqef_nav.dat
08/01/06 12:40:34 [Note]: 10002 1
08/01/06 12:40:34 [Info]: Hidden file: c:\WINDOWS\system32\xvptyulqef.dat
08/01/06 12:40:34 [Note]: 10002 1
08/01/06 12:40:34 [Info]: Hidden file: C:\windows\system32\xvptyulqef.exe
08/01/06 12:40:34 [Note]: 10002 1
08/01/06 12:40:35 [Info]: Hidden file: c:\WINDOWS\system32\xvptyulqef_navps.dat
08/01/06 12:40:35 [Note]: 10002 1
08/01/06 12:44:49 [Note]: 7007 0
ça donne quoi pour la suite?
merci de votre aide
je rencontre également ce problème avec system doctor, j'ai installé F Secure Blacklight, et voici le contenu du rapport :
08/01/06 12:37:40 [Info]: BlackLight Engine 1.0.42 initialized
08/01/06 12:37:40 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/01/06 12:37:40 [Note]: 7019 4
08/01/06 12:37:40 [Note]: 7005 0
08/01/06 12:37:43 [Note]: 7006 0
08/01/06 12:37:43 [Note]: 7011 1780
08/01/06 12:37:43 [Note]: 7026 0
08/01/06 12:37:43 [Note]: 7026 0
08/01/06 12:37:43 [Note]: 7024 3
08/01/06 12:37:43 [Info]: Hidden process: C:\windows\system32\xvptyulqef.exe
08/01/06 12:37:43 [Note]: FSRAW library version 1.7.1019
08/01/06 12:40:26 [Info]: Hidden file: c:\WINDOWS\Prefetch\XVPTYULQEF.EXE-086AE61C.pf
08/01/06 12:40:26 [Note]: 10002 1
08/01/06 12:40:34 [Info]: Hidden file: c:\WINDOWS\system32\xvptyulqef_nav.dat
08/01/06 12:40:34 [Note]: 10002 1
08/01/06 12:40:34 [Info]: Hidden file: c:\WINDOWS\system32\xvptyulqef.dat
08/01/06 12:40:34 [Note]: 10002 1
08/01/06 12:40:34 [Info]: Hidden file: C:\windows\system32\xvptyulqef.exe
08/01/06 12:40:34 [Note]: 10002 1
08/01/06 12:40:35 [Info]: Hidden file: c:\WINDOWS\system32\xvptyulqef_navps.dat
08/01/06 12:40:35 [Note]: 10002 1
08/01/06 12:44:49 [Note]: 7007 0
ça donne quoi pour la suite?
merci de votre aide
Autres pages sur : system doctor
Lassé par la pub ? Créez un compte
relancer Blacklight
Scan puis à la fin ==> Next==> remane les fichiers
pour
c:\WINDOWS\Prefetch\XVPTYULQEF.EXE-086AE61C.pf
c:\WINDOWS\system32\xvptyulqef_nav.dat
c:\WINDOWS\system32\xvptyulqef.dat
C:\windows\system32\xvptyulqef.exe
c:\WINDOWS\system32\xvptyulqef_navps.dat
Clic ==> NEXT et laisser le PC redémarrer
-------------
Tous ont maintenant une extension en .ren
en ayant accés aux fichiers cachés
Démarrer =>Poste de travail =>Outils =>Options des dossiers =>Affichage
Cocher = Afficher les fichiers et dossiers cachés
Plus bas
Décocher =Masquer les extensions des fichiers dont le type est connu
Décocher =Masquer les fichiers protégés du système d'exploitation
éliminer manuellement
xvptyulqef_nav.dat.ren
xvptyulqef.dat.ren
xvptyulqef.exe.ren
xvptyulqef_navps.dat.ren
===> le tout dans C:\windows\system32\
-----
et
XVPTYULQEF.EXE-086AE61C.pf.ren ==> dans c:\WINDOWS\Prefetch\
--------------
nettoyer le registre avec easycleaner
http://www.01net.com/telecharger/windows/Utilitaire/reg...
lancer==>registre==> trouver==> à la fin = supprimer tout
=============
pour vérifier si tout va bien
télécharger
Cleanup452.exe
le lancer
Télécharger : en anglais gratuit 30 jours
Ewido
le mettre à jour = update now
Redémarrer en mode sans échec . Attention, pas accès à internet dans ce mode
Pour demarrage sans échec : à la mise en route de l’ordi :Tapoter sur la touche F8 ou F5. Puis
En utilisant les touches du curseur, sélectionner le mode sans échec et Entrée.
Scanner , puis Complete System Scan ( c’est assez long) et Supprimer ce qu’il trouve = Apply all actions
Save Report Save report as l’enregistrer sur le bureau
copier le rapport
télécharger
hijackthis
le deziper sur le bureau
le lancer
do a scan and save the logfile.
Copier le rapport
et Coller les deux rapports ( ewido+ hijack )
Scan puis à la fin ==> Next==> remane les fichiers
pour
c:\WINDOWS\Prefetch\XVPTYULQEF.EXE-086AE61C.pf
c:\WINDOWS\system32\xvptyulqef_nav.dat
c:\WINDOWS\system32\xvptyulqef.dat
C:\windows\system32\xvptyulqef.exe
c:\WINDOWS\system32\xvptyulqef_navps.dat
Clic ==> NEXT et laisser le PC redémarrer
-------------
Tous ont maintenant une extension en .ren
en ayant accés aux fichiers cachés
Démarrer =>Poste de travail =>Outils =>Options des dossiers =>Affichage
Cocher = Afficher les fichiers et dossiers cachés
Plus bas
Décocher =Masquer les extensions des fichiers dont le type est connu
Décocher =Masquer les fichiers protégés du système d'exploitation
éliminer manuellement
xvptyulqef_nav.dat.ren
xvptyulqef.dat.ren
xvptyulqef.exe.ren
xvptyulqef_navps.dat.ren
===> le tout dans C:\windows\system32\
-----
et
XVPTYULQEF.EXE-086AE61C.pf.ren ==> dans c:\WINDOWS\Prefetch\
--------------
nettoyer le registre avec easycleaner
http://www.01net.com/telecharger/windows/Utilitaire/reg...
lancer==>registre==> trouver==> à la fin = supprimer tout
=============
pour vérifier si tout va bien
télécharger
Cleanup452.exe
le lancer
Télécharger : en anglais gratuit 30 jours
Ewido
le mettre à jour = update now
Redémarrer en mode sans échec . Attention, pas accès à internet dans ce mode
Pour demarrage sans échec : à la mise en route de l’ordi :Tapoter sur la touche F8 ou F5. Puis
En utilisant les touches du curseur, sélectionner le mode sans échec et Entrée.
Scanner , puis Complete System Scan ( c’est assez long) et Supprimer ce qu’il trouve = Apply all actions
Save Report Save report as l’enregistrer sur le bureau
copier le rapport
télécharger
hijackthis
le deziper sur le bureau
le lancer
do a scan and save the logfile.
Copier le rapport
et Coller les deux rapports ( ewido+ hijack )
alors,
voilà le rapport ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 14:56:50 01/08/2006
+ Scan result:
HKU\S-1-5-21-299502267-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Corinne\Cookies\corinne@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@lsfnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@crbanner.casinopays[1].txt -> TrackingCookie.Casinopays : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@banner.clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@ehg-danieljouvance.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@ehg-nestlefr.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@ehg-yvesrocher.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@banner.newyorkcasino[2].txt -> TrackingCookie.Newyorkcasino : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
et voila le rapport Hijack :
Logfile of HijackThis v1.99.1
Scan saved at 15:02:36, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\Corinne\Bureau\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\Corinne\Bureau\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Corinne\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Workflow] D:\install\Workflow.exe
O4 - HKLM\..\Run: [xvptyulqef] c:\windows\system32\xvptyulqef.exe xvptyulqef
O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Corinne\Bureau\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cocoreimsfrance.spaces.msn.com//PhotoUpload/MsnP...
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt....
O17 - HKLM\System\CCS\Services\Tcpip\..\{C70682C9-99F5-42BD-88CC-84D7326AD1D2}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Corinne\Bureau\ewido anti-spyware 4.0\guard.exe
voilà le rapport ewido :
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 14:56:50 01/08/2006
+ Scan result:
HKU\S-1-5-21-299502267-606747145-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\Corinne\Cookies\corinne@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@lsfnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@crbanner.casinopays[1].txt -> TrackingCookie.Casinopays : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@www.casinotropez[2].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@banner.clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@ehg-danieljouvance.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@ehg-nestlefr.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@ehg-yvesrocher.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@banner.newyorkcasino[2].txt -> TrackingCookie.Newyorkcasino : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Corinne\Local Settings\Temp\Cookies\corinne@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Corinne\Cookies\corinne@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
et voila le rapport Hijack :
Logfile of HijackThis v1.99.1
Scan saved at 15:02:36, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\Corinne\Bureau\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\Corinne\Bureau\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Corinne\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Workflow] D:\install\Workflow.exe
O4 - HKLM\..\Run: [xvptyulqef] c:\windows\system32\xvptyulqef.exe xvptyulqef
O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Corinne\Bureau\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cocoreimsfrance.spaces.msn.com//PhotoUpload/MsnP...
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt....
O17 - HKLM\System\CCS\Services\Tcpip\..\{C70682C9-99F5-42BD-88CC-84D7326AD1D2}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Documents and Settings\Corinne\Bureau\ewido anti-spyware 4.0\guard.exe
Bonjour
Le fichier est toujours présent.
Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.
Télécharge Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
Ouvre le Bloc-note et copie-colle les lignes en bleu ci-dessous
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xvptyulqef
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|xvptyulqef
FileDelete %SYSDIR%\xvptyulqef_navps.dat
FileDelete %SYSDIR%\xvptyulqef_nav.dat
FileDelete %SYSDIR%\xvptyulqef.dat
FileDelete %SYSDIR%\xvptyulqef.exe
SystemEmptyTempFolder
SystemEmptyRecycleBin
FileDelete C:\egd.txt
SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0F8[/b]; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :
Fixme.bfu
- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Fixme.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.
Redémarre normalement.
Poste le rapport situé ici
C:\egd.txt avec un nouveau hijackThis.
Le fichier est toujours présent.
Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer.
Télécharge Brute Force Uninstaller (de Merijn)
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
Ouvre le Bloc-note et copie-colle les lignes en bleu ci-dessous
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xvptyulqef
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|xvptyulqef
FileDelete %SYSDIR%\xvptyulqef_navps.dat
FileDelete %SYSDIR%\xvptyulqef_nav.dat
FileDelete %SYSDIR%\xvptyulqef.dat
FileDelete %SYSDIR%\xvptyulqef.exe
SystemEmptyTempFolder
SystemEmptyRecycleBin
FileDelete C:\egd.txt
SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0F8[/b]; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :
Fixme.bfu
- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\Fixme.bfu
Clique sur Execute et laisse-le faire son travail.
Attendre que Complete script execution apparaîsse et clique sur OK.
Clique Exit pour fermer le programme BFU.
Redémarre normalement.
Poste le rapport situé ici
C:\egd.txt avec un nouveau hijackThis.
quand j'ai relancé blachight je n'ai pas eu de fichier a "remaner",
mais voici quand meme le fichier hijackthis*
Logfile of HijackThis v1.99.1
Scan saved at 19:34:49, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Corinne\Bureau\pd spywares\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Workflow] D:\install\Workflow.exe
O4 - HKLM\..\Run: [xvptyulqef] c:\windows\system32\xvptyulqef.exe xvptyulqef
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cocoreimsfrance.spaces.msn.com//PhotoUpload/MsnP...
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt....
O17 - HKLM\System\CCS\Services\Tcpip\..\{C70682C9-99F5-42BD-88CC-84D7326AD1D2}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Documents and Settings\Corinne\Bureau\ewido anti-spyware 4.0\guard.exe (file missing)
mais voici quand meme le fichier hijackthis*
Logfile of HijackThis v1.99.1
Scan saved at 19:34:49, on 01/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Corinne\Bureau\pd spywares\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Workflow] D:\install\Workflow.exe
O4 - HKLM\..\Run: [xvptyulqef] c:\windows\system32\xvptyulqef.exe xvptyulqef
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader....
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://cocoreimsfrance.spaces.msn.com//PhotoUpload/MsnP...
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt....
O17 - HKLM\System\CCS\Services\Tcpip\..\{C70682C9-99F5-42BD-88CC-84D7326AD1D2}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Documents and Settings\Corinne\Bureau\ewido anti-spyware 4.0\guard.exe (file missing)
Bonjour
Il y a de la résistance , là , non plus, cela n'a pas marché..
On va esssayer cette méthode qui a déjà donnée des résultats
Télécharger et installer
RegCleaner
Redémarrer en mode sans échec
lancer hijack
cocher et fix checked
O4 - HKLM\..\Run: [xvptyulqef] c:\windows\system32\xvptyulqef.exe xvptyulqef
-----------
reechercher, en ayant accés aux fichiers et dossiers cachés,
et supprimer, si présent, tout ce qui commence par xvptyulqef
dans C:\windows\system32
xvptyulqef_nav.dat
xvptyulqef.dat
xvptyulqef.exe.
xvptyulqef_navps.dat
et dans c:\WINDOWS\Prefetch\
XVPTYULQEF.EXE-086AE61C.pf
vérifier qu'il ne reste rien en faisant
démarrer==> rechercher==> tous les fichiers et tous les dossiers
ecrire:xvptyulqef
clic ==> options avancées et cocher les 3 premiers " rechercher dans etc.."
clic : rechercher
A la fin supprimer si trouvé
-----------
lancer Regcleaner
Faire :
tools ==> registry cleanup==> do them all
------
refaire un hijack en mode normal
Il y a de la résistance , là , non plus, cela n'a pas marché..
On va esssayer cette méthode qui a déjà donnée des résultats
Télécharger et installer
RegCleaner
Redémarrer en mode sans échec
lancer hijack
cocher et fix checked
O4 - HKLM\..\Run: [xvptyulqef] c:\windows\system32\xvptyulqef.exe xvptyulqef
-----------
reechercher, en ayant accés aux fichiers et dossiers cachés,
et supprimer, si présent, tout ce qui commence par xvptyulqef
dans C:\windows\system32
xvptyulqef_nav.dat
xvptyulqef.dat
xvptyulqef.exe.
xvptyulqef_navps.dat
et dans c:\WINDOWS\Prefetch\
XVPTYULQEF.EXE-086AE61C.pf
vérifier qu'il ne reste rien en faisant
démarrer==> rechercher==> tous les fichiers et tous les dossiers
ecrire:xvptyulqef
clic ==> options avancées et cocher les 3 premiers " rechercher dans etc.."
clic : rechercher
A la fin supprimer si trouvé
-----------
lancer Regcleaner
Faire :
tools ==> registry cleanup==> do them all
------
refaire un hijack en mode normal
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumAide pour system doctor et autres virus
- ForumTelecharger winmend system doctor
- ForumVirus infecte par system doctor
- ForumVirus system doctor
- ForumPubs casino , system doctor .
- ForumProbleme virus protect system doctor
- ForumVirus pubs s'affichent system doctor, .
- ForumAlerte intrusion norton system doctor
- ForumVirus infecte par le celebre system doctor
- ForumGros soucis de pubs system doctor, etc.
- Voir plus
