Sujet Précédent Sujet Suivant

Pleins de virus, trojans et pubs

marjorie -  
 marjorie -
Bonjour,

J'ai changé d'antivirus pour antivir et depuis il n'arrête pas de me détecter des trojans toutes les 2 secondes. Ce sont les mêmes qui reviennent et que je mette en quarantaine ou dénie l'accès ça ne change pas.
Quand j'ai fait le scan complet, il m'a detecté plus de 100 infections. Je ne sais pas comment faire pour me débarasser de tout ça.

Je vous met le scan d'hijack this :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:51, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\admtray.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\marion\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A4613EC-10B0-4730-84E0-C0E2697D81F1} - (no file)
O2 - BHO: (no name) - {1B271FF7-E744-43D5-A76B-E4AAA7A69397} - (no file)
O2 - BHO: {9f826714-7a2b-7b3a-5e74-ce0eab292e32} - {23e292ba-e0ec-47e5-a3b7-b2a7417628f9} - C:\WINDOWS\system32\ocdwpg.dll (file missing)
O2 - BHO: (no name) - {2a431059-5dd2-4ca9-9376-f717f75a57d9} - (no file)
O2 - BHO: (no name) - {4F4B9790-42FA-4576-A50A-478AC50D4E23} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59e918ae-5255-4045-9e3d-6d890b645367} - (no file)
O2 - BHO: (no name) - {68B2024F-EF4C-4FAD-BB42-B2BE4A385E5E} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\wvUnOGvu.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {806532FE-C24F-41ED-A14C-D06D8DE31F5A} - (no file)
O2 - BHO: (no name) - {CFF4E959-56D9-4891-BB39-7FF9B3354241} - C:\WINDOWS\system32\rqRKDtsP.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FEC3530A-7D00-47A5-8A0D-B9268509CFF7} - C:\WINDOWS\system32\jkkhghFx.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\byhxyejq.dll",b
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [Lyad] C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [yeeukug] "c:\documents and settings\marion\local settings\application data\yeeukug.exe" yeeukug
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/323/webolr/OCX/FlashAX.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O20 - AppInit_DLLs: aidbjx.dll ocdwpg.dll
O20 - Winlogon Notify: wvUnOGvu - C:\WINDOWS\SYSTEM32\wvUnOGvu.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
A voir également:

28 réponses

  • 1
  • 2
Réponse 1 / 28
Utilisateur anonyme
 
Non tu as du te tromper, refais la manoeuvre Option2 ---> cleanavi.txt

D'aprés hijackthis, tu n'as pas fais l'option 2 de Navilog, fais le Stp
et postes le bon rapport, ensuite fais Malwarebytes comme indiqué plus haut
1
Réponse 2 / 28
Utilisateur anonyme
 
Bonjour,

Telecharges Navilog1 sur ton bureau
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

* Desactives ton antivirus et la garde de ton antispyware.
*Double-cliques sur le raccourci de ton bureau et lances l'installation.
*Une fois installé, double clique sur Navilog1.exe.
---> Choisis la langue et valides par Entrée.
* Double-cliques sur Navilog1.bat( il se peut qu'il n'apparaisse pas et que tu n'aies que Navilog1)
*Une fenetre s'ouvre, presses 1 touche pour passer aux etapes suivantes.
*Le menu du Fix s'ouvre : choisis l'option 1 puis presses la touche Entrée.
* laisses le fix travailler, un rapport sera généré, postes le.

Note: le rapport se trouve egalement à la racine du disque dur...
0
Réponse 3 / 28
marjorie
 
Merci pour votre réponse. Voici le rapport :

Search Navipromo version 3.7.1 commencé le 11/01/2009 à 12:31:10,82

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) M CPU 420 @ 1.60GHz )
BIOS : Ver 1.00PARTTBL
USER : marion ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)

C:\ (Local Disk) - FAT32 - Total:34 Go (Free:13 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:35 Go)
E:\ (CD or DVD)

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

...\Instant Access trouvé !
...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\marion\applic~1" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans "C:\DOCUME~1\david\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\MARIE-~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\INVITÉ\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\marion\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\david\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\marion\menud+~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

Fichiers trouvés :

alqnjequ.exe trouvé !
dexlejlrj.exe trouvé !
egfobkhg.exe trouvé !
jfmlczb.exe trouvé !
jsdtig.exe trouvé !
mmmrree.exe trouvé !
vfwnhqpgs.exe trouvé !
vwlgxv.exe trouvé !
ykgfcqv.exe trouvé !

Fichiers suspects :

eimemat.exe trouvé !
eywruwudrc.exe trouvé !
gdtzaw.exe trouvé !
inzgmwssso.exe trouvé !
sfhykqdjd.exe trouvé !

* Recherche dans "C:\Documents and Settings\marion\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\david\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf trouvé !
C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yeeukug"="\"c:\\documents and settings\\marion\\local settings\\application data\\yeeukug.exe\" yeeukug"

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

guxhpiy.dat trouvé !
guxhpiy_navps.dat trouvé !
guxhpiy_nav.dat trouvé !
qnnxgrpdz.dat trouvé !
qnnxgrpdz_navps.dat trouvé !
qnnxgrpdz_nav.dat trouvé !
zwhloiims.dat trouvé !
zwhloiims_navup.dat trouvé !
zwhloiims_navps.dat trouvé !
zwhloiims_nav.dat trouvé !

* Dans "C:\Documents and Settings\marion\locals~1\applic~1" :

yeeukug.dat trouvé !
yeeukug_navps.dat trouvé !
yeeukug_nav.dat trouvé !

* Dans "C:\DOCUME~1\david\locals~1\applic~1" :

* Dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

C:\WINDOWS\system32\PstDKRqr.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 11/01/2009 à 12:33:07,23 ***
0
Réponse 4 / 28
Utilisateur anonyme
 
Ok,

* Toujours en desactivant l'antivirus :
---> tu relances Navilog1 et tu choisis maintenant loption 2.
---> Laisses le Fix travailler, si Navilog1 a besoin de redemarrer le pc, acceptes.
* Postes le Rapport Généré ainsi qu'un nouveau rapport Hijackthis.

Note: Le rapport Cleanavi.txt se trouve aussi à la racine du disque dur.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
Utilisateur anonyme
 
Re,

* Ensuite, telecharges Malwarebytes antimalware:
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
* Mbam se met à jour automatiquement à la fin du telechargement ( important )

* Une fois telechargé et à jour, fermes tous les programmes en cours !
* Ouvres Malwarebytes et cliques sur :
---> Reherches et executes un examen Rapide.
* Laisses le scanner le pc et ne touches à rien.
* A la fin du scan, cliques sur Afficher les resultats,
* Puis cliques sur Supprimer la selection.

* Un rapport est généré à la fin de l'analyse, postes le.
0
Réponse 6 / 28
marjorie
 
Clean Navipromo version 3.7.1 commencé le 11/01/2009 à 12:59:31,67

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) M CPU 420 @ 1.60GHz )
BIOS : Ver 1.00PARTTBL
USER : marion ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)

C:\ (Local Disk) - FAT32 - Total:34 Go (Free:13 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:35 Go)
E:\ (CD or DVD)

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

C'est bien ça le rapport navilog? ça m'a l'air bien court.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:11, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\DOCUME~1\marion\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A4613EC-10B0-4730-84E0-C0E2697D81F1} - (no file)
O2 - BHO: (no name) - {1B271FF7-E744-43D5-A76B-E4AAA7A69397} - (no file)
O2 - BHO: {9f826714-7a2b-7b3a-5e74-ce0eab292e32} - {23e292ba-e0ec-47e5-a3b7-b2a7417628f9} - C:\WINDOWS\system32\ocdwpg.dll (file missing)
O2 - BHO: (no name) - {2a431059-5dd2-4ca9-9376-f717f75a57d9} - (no file)
O2 - BHO: (no name) - {4F4B9790-42FA-4576-A50A-478AC50D4E23} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59e918ae-5255-4045-9e3d-6d890b645367} - (no file)
O2 - BHO: (no name) - {6712C900-33A0-4D21-9C01-C4D79DC35F0F} - C:\WINDOWS\system32\rqRKDtsP.dll
O2 - BHO: (no name) - {68B2024F-EF4C-4FAD-BB42-B2BE4A385E5E} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\wvUnOGvu.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {806532FE-C24F-41ED-A14C-D06D8DE31F5A} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FEC3530A-7D00-47A5-8A0D-B9268509CFF7} - C:\WINDOWS\system32\jkkhghFx.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\byhxyejq.dll",b
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [Lyad] C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [yeeukug] "c:\documents and settings\marion\local settings\application data\yeeukug.exe" yeeukug
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/323/webolr/OCX/FlashAX.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O20 - AppInit_DLLs: aidbjx.dll ocdwpg.dll
O20 - Winlogon Notify: wvUnOGvu - C:\WINDOWS\SYSTEM32\wvUnOGvu.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Réponse 7 / 28
zorinho Messages postés 829 Statut Membre 51
 
Juste pour gagner du temps...Ton rapport Navilog n'est pas complet...Tu dois recoller le rapport

Tu as dû commencer à coller le début du rapport navilo et coller un rapport Hijackthis dessus...
0
Utilisateur anonyme
 
)))???
0
Réponse 8 / 28
marjorie
 
Bon alors j'avais pas vu vos messages tout de suite. Du coup j'ai déjà fait malwarebytes. Au redémarrage de l'ordinateur, il y a déjà beaucoup moins d'alertes d'antivir.

Là je viens de lancer navipromo et je ne suis pas tombée sur la même fenetre qu'avant (enfin elle est toujours bleu mais je n'ai pas eu à cliquer sur 2 j'ai l'impression que ça m'a fait un scan tout seul. Voici la fenetre que ça m'a afiché ensuite :
Clean Navipromo version 3.7.1 commencé le 11/01/2009 à 12:59:31,67

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) M CPU 420 @ 1.60GHz )
BIOS : Ver 1.00PARTTBL
USER : marion ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)

C:\ (Local Disk) - FAT32 - Total:34 Go (Free:13 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:35 Go)
E:\ (CD or DVD)

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

[b] Nettoyage executé en mode normal et non au reboot
!! Les résultats ne seront pas optimisés !! /b

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

alqnjequ.exe trouvé !
Copie alqnjequ.exe réalisée avec succès !
alqnjequ.exe supprimé !

dexlejlrj.exe trouvé !
Copie dexlejlrj.exe réalisée avec succès !
dexlejlrj.exe supprimé !

egfobkhg.exe trouvé !
Echec Copie egfobkhg.exe vers dossier Backupnavi
egfobkhg.exe non supprimé !

C:\WINDOWS\system32\egfobkhg.exe trouvé !
Echec Copie C:\WINDOWS\system32\egfobkhg.exe vers dossier Backupnavi
C:\WINDOWS\system32\egfobkhg.exe non supprimé !

jfmlczb.exe trouvé !
Copie jfmlczb.exe réalisée avec succès !
jfmlczb.exe supprimé !

jsdtig.exe trouvé !
Copie jsdtig.exe réalisée avec succès !
jsdtig.exe supprimé !

mmmrree.exe trouvé !
Copie mmmrree.exe réalisée avec succès !
mmmrree.exe supprimé !

vfwnhqpgs.exe trouvé !
Copie vfwnhqpgs.exe réalisée avec succès !
vfwnhqpgs.exe supprimé !

vwlgxv.exe trouvé !
Copie vwlgxv.exe réalisée avec succès !
vwlgxv.exe supprimé !

ykgfcqv.exe trouvé !
Copie ykgfcqv.exe réalisée avec succès !
ykgfcqv.exe supprimé !

* Suppression dans "C:\Documents and Settings\marion\locals~1\applic~1" *

C:\WINDOWS\system32\egfobkhg.exe trouvé !
Echec Copie C:\WINDOWS\system32\egfobkhg.exe vers dossier Backupnavi
C:\WINDOWS\system32\egfobkhg.exe non supprimé !

* Suppression dans "C:\DOCUME~1\david\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\marion\applic~1" ***

...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !

*** Suppression dossiers dans "C:\DOCUME~1\david\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MARIE-~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\INVITÉ\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\marion\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\david\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\marion\menud+~1\progra~1" ***

*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !
C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\marion\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

guxhpiy.dat trouvé !
Copie guxhpiy.dat réalisée avec succès !
guxhpiy.dat supprimé !

qnnxgrpdz.dat trouvé !
Copie qnnxgrpdz.dat réalisée avec succès !
qnnxgrpdz.dat supprimé !

zwhloiims.dat trouvé !
Copie zwhloiims.dat réalisée avec succès !
zwhloiims.dat supprimé !

zwhloiims_navup.dat trouvé !
Copie zwhloiims_navup.dat réalisée avec succès !
zwhloiims_navup.dat supprimé !

* Dans "C:\Documents and Settings\marion\locals~1\applic~1" *

* Dans "C:\DOCUME~1\david\locals~1\applic~1" *

* Dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" *

* Dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Clés RUN orphelines Navipromo ***
!! Résultats temporairement non pris en charge !!
!! Les clés trouvées ne sont pas forcément infectées !!

Clés trouvés :

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yeeukug"="\"c:\\documents and settings\\marion\\local settings\\application data\\yeeukug.exe\" yeeukug"

*** Fichiers suspects non supprimés par Navilog1 ***
!! Fichiers légitimes possibles, à contrôler avant suppression !!

Fichiers suspects dans "C:\WINDOWS\system32" :

eimemat.exe trouvé !
eywruwudrc.exe trouvé !
gdtzaw.exe trouvé !
inzgmwssso.exe trouvé !
sfhykqdjd.exe trouvé !

*** Recherche autres dossiers et fichiers connus ***

*** Nettoyage terminé le 11/01/2009 à 14:03:28,96 ***
0
Réponse 9 / 28
Utilisateur anonyme
 
Impeccable, postes ensuite le rapport Mbam et un nouveau log hijackthis stp!
0
Réponse 10 / 28
marjorie
 
Clean Navipromo version 3.7.1 commencé le 11/01/2009 à 12:59:31,67

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) M CPU 420 @ 1.60GHz )
BIOS : Ver 1.00PARTTBL
USER : marion ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)

C:\ (Local Disk) - FAT32 - Total:34 Go (Free:13 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:35 Go)
E:\ (CD or DVD)

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

[b] Nettoyage executé en mode normal et non au reboot
!! Les résultats ne seront pas optimisés !! [/b]

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

alqnjequ.exe trouvé !
Copie alqnjequ.exe réalisée avec succès !
alqnjequ.exe supprimé !

dexlejlrj.exe trouvé !
Copie dexlejlrj.exe réalisée avec succès !
dexlejlrj.exe supprimé !

egfobkhg.exe trouvé !
Echec Copie egfobkhg.exe vers dossier Backupnavi
egfobkhg.exe non supprimé !

C:\WINDOWS\system32\egfobkhg.exe trouvé !
Echec Copie C:\WINDOWS\system32\egfobkhg.exe vers dossier Backupnavi
C:\WINDOWS\system32\egfobkhg.exe non supprimé !

jfmlczb.exe trouvé !
Copie jfmlczb.exe réalisée avec succès !
jfmlczb.exe supprimé !

jsdtig.exe trouvé !
Copie jsdtig.exe réalisée avec succès !
jsdtig.exe supprimé !

mmmrree.exe trouvé !
Copie mmmrree.exe réalisée avec succès !
mmmrree.exe supprimé !

vfwnhqpgs.exe trouvé !
Copie vfwnhqpgs.exe réalisée avec succès !
vfwnhqpgs.exe supprimé !

vwlgxv.exe trouvé !
Copie vwlgxv.exe réalisée avec succès !
vwlgxv.exe supprimé !

ykgfcqv.exe trouvé !
Copie ykgfcqv.exe réalisée avec succès !
ykgfcqv.exe supprimé !

* Suppression dans "C:\Documents and Settings\marion\locals~1\applic~1" *

C:\WINDOWS\system32\egfobkhg.exe trouvé !
Echec Copie C:\WINDOWS\system32\egfobkhg.exe vers dossier Backupnavi
C:\WINDOWS\system32\egfobkhg.exe non supprimé !

* Suppression dans "C:\DOCUME~1\david\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\marion\applic~1" ***

...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !

*** Suppression dossiers dans "C:\DOCUME~1\david\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MARIE-~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\INVITÉ\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\marion\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\david\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\marion\menud+~1\progra~1" ***

*** Suppression fichiers ***

C:\WINDOWS\Downloaded Program Files\IaLdr32.inf supprimé !
C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\marion\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

guxhpiy.dat trouvé !
Copie guxhpiy.dat réalisée avec succès !
guxhpiy.dat supprimé !

qnnxgrpdz.dat trouvé !
Copie qnnxgrpdz.dat réalisée avec succès !
qnnxgrpdz.dat supprimé !

zwhloiims.dat trouvé !
Copie zwhloiims.dat réalisée avec succès !
zwhloiims.dat supprimé !

zwhloiims_navup.dat trouvé !
Copie zwhloiims_navup.dat réalisée avec succès !
zwhloiims_navup.dat supprimé !

* Dans "C:\Documents and Settings\marion\locals~1\applic~1" *

* Dans "C:\DOCUME~1\david\locals~1\applic~1" *

* Dans "C:\DOCUME~1\MARIE-~1\locals~1\applic~1" *

* Dans "C:\DOCUME~1\INVITÉ\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Clés RUN orphelines Navipromo ***
!! Résultats temporairement non pris en charge !!
!! Les clés trouvées ne sont pas forcément infectées !!

Clés trouvés :

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yeeukug"="\"c:\\documents and settings\\marion\\local settings\\application data\\yeeukug.exe\" yeeukug"

*** Fichiers suspects non supprimés par Navilog1 ***
!! Fichiers légitimes possibles, à contrôler avant suppression !!

Fichiers suspects dans "C:\WINDOWS\system32" :

eimemat.exe trouvé !
eywruwudrc.exe trouvé !
gdtzaw.exe trouvé !
inzgmwssso.exe trouvé !
sfhykqdjd.exe trouvé !

*** Recherche autres dossiers et fichiers connus ***

*** Nettoyage terminé le 11/01/2009 à 14:03:28,96 ***

Voilà mais je l'ai fait avant de refaire navilog. Donc faut il que je le refasse une autre fois?
0
Réponse 11 / 28
Utilisateur anonyme
 
Postes le rapport Malwarebytes et hijackthis stp !
0
Réponse 12 / 28
marjorie
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:41, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\PROGRA~1\MAGENTIC\bin\MgApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\marion\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A4613EC-10B0-4730-84E0-C0E2697D81F1} - (no file)
O2 - BHO: (no name) - {1B271FF7-E744-43D5-A76B-E4AAA7A69397} - (no file)
O2 - BHO: (no name) - {23e292ba-e0ec-47e5-a3b7-b2a7417628f9} - (no file)
O2 - BHO: (no name) - {2a431059-5dd2-4ca9-9376-f717f75a57d9} - (no file)
O2 - BHO: (no name) - {4F4B9790-42FA-4576-A50A-478AC50D4E23} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59e918ae-5255-4045-9e3d-6d890b645367} - (no file)
O2 - BHO: (no name) - {68B2024F-EF4C-4FAD-BB42-B2BE4A385E5E} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {806532FE-C24F-41ED-A14C-D06D8DE31F5A} - (no file)
O2 - BHO: (no name) - {CFF4E959-56D9-4891-BB39-7FF9B3354241} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FEC3530A-7D00-47A5-8A0D-B9268509CFF7} - C:\WINDOWS\system32\jkkhghFx.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Lyad] C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/323/webolr/OCX/FlashAX.cab
O20 - AppInit_DLLs: aidbjx.dll ocdwpg.dll
O20 - Winlogon Notify: wvUnOGvu - C:\WINDOWS\
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Réponse 13 / 28
Utilisateur anonyme
 
J'attends encore le rapport Mbam !
0
Réponse 14 / 28
marjorie
 
Ah! je croyais l'avoir posté au dessus avant hijack this. Autant pour moi, le voici :
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1642
Windows 5.1.2600 Service Pack 3

11/01/2009 13:44:49
mbam-log-2009-01-11 (13-44-45).txt

Type de recherche: Examen rapide
Eléments examinés: 79169
Temps écoulé: 19 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 51

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\rqRKDtsP.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\aidbjx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvUnOGvu.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23e292ba-e0ec-47e5-a3b7-b2a7417628f9} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{23e292ba-e0ec-47e5-a3b7-b2a7417628f9} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6712c900-33a0-4d21-9c01-c4d79dc35f0f} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6712c900-33a0-4d21-9c01-c4d79dc35f0f} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvunogvu (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{be5a6dcc-62a8-49e5-9b28-ee0e2dbee26f} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ed7d3de-6dbe-4516-8712-01b1b64b7057} (Adware.SmartShopper) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6712c900-33a0-4d21-9c01-c4d79dc35f0f} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\320d18a1 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ErrorSafeFree (Rogue.Errorsafe) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\rqrkdtsp -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrkdtsp -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\Instant Access (Trojan.Dialer) -> No action taken.
C:\Program Files\Instant Access\Multi (Trojan.Dialer) -> No action taken.
C:\Program Files\Instant Access\Multi\20071224001216 (Trojan.Dialer) -> No action taken.
C:\Program Files\Instant Access\Multi\20071224001216\Common (Trojan.Dialer) -> No action taken.
C:\Program Files\Instant Access\Multi\20071224001216\medias (Trojan.Dialer) -> No action taken.
C:\Program Files\Instant Access\Multi\20071224001216\js (Trojan.Dialer) -> No action taken.
C:\Program Files\MessengerSkinner (Rogue.MessengerSkinner) -> No action taken.
C:\Program Files\DriveCleaner Free (Rogue.DriveCleaner) -> No action taken.
C:\Program Files\DriveCleaner Free\Download (Rogue.DriveCleaner) -> No action taken.
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> No action taken.
C:\Documents and Settings\marion\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\marion\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ocdwpg.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rqRKDtsP.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\PstDKRqr.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\PstDKRqr.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wvUnOGvu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\moetbnqf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fqnbteom.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mjuivihf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\fhiviujm.ini (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\marion\Local Settings\Application Data\yeeukug_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\marion\Local Settings\Application Data\yeeukug_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\marion\Local Settings\Application Data\yeeukug.dat (Adware.Navipromo.H) -> No action taken.
C:\WINDOWS\system32\aidbjx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vaecrtyw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uwabuxdb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ernayo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sxjbys.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yxxphket.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\abjtvvpn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pbdlvz.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xgwhgoax.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ezcjdj.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\marion\Local Settings\Temporary Internet Files\Content.IE5\0HT0PGJG\index[1] (Trojan.Vundo) -> No action taken.
C:\Program Files\Instant Access\Multi\20071224001216\Common\module.php (Trojan.Dialer) -> No action taken.
C:\Program Files\Instant Access\Multi\20071224001216\medias\button1.gif (Trojan.Dialer) -> No action taken.
C:\Program Files\Instant Access\Multi\20071224001216\medias\button4.gif (Trojan.Dialer) -> No action taken.
C:\Program Files\Instant Access\Multi\20071224001216\medias\button2.gif (Trojan.Dialer) -> No action taken.
C:\Program Files\Instant Access\Multi\20071224001216\medias\button3.gif (Trojan.Dialer) -> No action taken.
C:\Program Files\Instant Access\Multi\20071224001216\medias\4309_dialer.ico (Trojan.Dialer) -> No action taken.
C:\Program Files\Instant Access\Multi\20071224001216\js\js_api_dialer.php (Trojan.Dialer) -> No action taken.
C:\Documents and Settings\marion\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> No action taken.
C:\WINDOWS\system32\qoMfgEWm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\cbXNEUMe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\geBULbxx.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnnmKEX.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\awtuvwWp.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\efcYRJca.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hgGwXQGX.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iifedeCv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayyYSll.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ssqPfeFY.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\khfCttrr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUmJBTK.dll (Trojan.vundo) -> No action taken.
C:\Program Files\setup.exe (Rogue.Installer) -> No action taken.
C:\WINDOWS\system32\guxhpiy_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\qnnxgrpdz_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\zwhloiims_navps.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\qnnxgrpdz_nav.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\zwhloiims_nav.dat (Adware.NaviPromo) -> No action taken.
C:\WINDOWS\system32\guxhpiy_nav.dat (Adware.NaviPromo) -> No action taken.
C:\Program Files\EoRezo (Rogue.Eorezo) -> No action taken.
0
Réponse 15 / 28
Utilisateur anonyme
 
Tu as supprimé la selection ? >>> No action taken<<< Regardes dans la quarantaine de Malwarebytes
* Ouvres Mbam --> cliques sur quarantaine et supprime tout
---> si Mbam a besoin de redemarrer le pc pour finir la
desinfection, fais le..
* Postes moi le rapport Mbam avec suppressions + un nouveau rapport Hijackthis.
0
Réponse 16 / 28
marjorie
 
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1642
Windows 5.1.2600 Service Pack 3

11/01/2009 13:45:45
mbam-log-2009-01-11 (13-45-45).txt

Type de recherche: Examen rapide
Eléments examinés: 79169
Temps écoulé: 19 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 51

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\rqRKDtsP.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\aidbjx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUnOGvu.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23e292ba-e0ec-47e5-a3b7-b2a7417628f9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{23e292ba-e0ec-47e5-a3b7-b2a7417628f9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6712c900-33a0-4d21-9c01-c4d79dc35f0f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6712c900-33a0-4d21-9c01-c4d79dc35f0f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvunogvu (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{be5a6dcc-62a8-49e5-9b28-ee0e2dbee26f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ed7d3de-6dbe-4516-8712-01b1b64b7057} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6712c900-33a0-4d21-9c01-c4d79dc35f0f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\320d18a1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ErrorSafeFree (Rogue.Errorsafe) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\rqrkdtsp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrkdtsp -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\Instant Access (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20071224001216 (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20071224001216\Common (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20071224001216\medias (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20071224001216\js (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\DriveCleaner Free\Download (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
C:\Documents and Settings\marion\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\marion\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ocdwpg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRKDtsP.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\PstDKRqr.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PstDKRqr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUnOGvu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\moetbnqf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqnbteom.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mjuivihf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fhiviujm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\marion\Local Settings\Application Data\yeeukug_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\marion\Local Settings\Application Data\yeeukug_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\marion\Local Settings\Application Data\yeeukug.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aidbjx.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vaecrtyw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwabuxdb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ernayo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sxjbys.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yxxphket.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abjtvvpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pbdlvz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xgwhgoax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ezcjdj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\marion\Local Settings\Temporary Internet Files\Content.IE5\0HT0PGJG\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20071224001216\Common\module.php (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20071224001216\medias\button1.gif (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20071224001216\medias\button4.gif (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20071224001216\medias\button2.gif (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20071224001216\medias\button3.gif (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20071224001216\medias\4309_dialer.ico (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20071224001216\js\js_api_dialer.php (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Documents and Settings\marion\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMfgEWm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNEUMe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBULbxx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnnmKEX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtuvwWp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcYRJca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwXQGX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifedeCv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayyYSll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqPfeFY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfCttrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUmJBTK.dll (Trojan.vundo) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\guxhpiy_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qnnxgrpdz_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zwhloiims_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qnnxgrpdz_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zwhloiims_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\guxhpiy_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:01, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\PROGRA~1\MAGENTIC\bin\MgApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\marion\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A4613EC-10B0-4730-84E0-C0E2697D81F1} - (no file)
O2 - BHO: (no name) - {1B271FF7-E744-43D5-A76B-E4AAA7A69397} - (no file)
O2 - BHO: (no name) - {23e292ba-e0ec-47e5-a3b7-b2a7417628f9} - (no file)
O2 - BHO: (no name) - {2a431059-5dd2-4ca9-9376-f717f75a57d9} - (no file)
O2 - BHO: (no name) - {4F4B9790-42FA-4576-A50A-478AC50D4E23} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59e918ae-5255-4045-9e3d-6d890b645367} - (no file)
O2 - BHO: (no name) - {68B2024F-EF4C-4FAD-BB42-B2BE4A385E5E} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {806532FE-C24F-41ED-A14C-D06D8DE31F5A} - (no file)
O2 - BHO: (no name) - {CFF4E959-56D9-4891-BB39-7FF9B3354241} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FEC3530A-7D00-47A5-8A0D-B9268509CFF7} - C:\WINDOWS\system32\jkkhghFx.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Lyad] C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/323/webolr/OCX/FlashAX.cab
O20 - AppInit_DLLs: aidbjx.dll ocdwpg.dll
O20 - Winlogon Notify: wvUnOGvu - C:\WINDOWS\
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Réponse 17 / 28
Utilisateur anonyme
 
Re,

* Telecharges ComboFix sur ton bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Desactives ton Antivirus et le Tea-timer de Spybot/!\.

* Pour Spybot :
---> Cliques sur Mode avancé
----> Outils
----> Resident
----> et decoches le tea-timer.
/!\ Deconnectes toi du net et fermes toutes les applications en cours./!\

* Double-cliques sur ComboFix.exe.
---> Un pop-up apparait ---> cliques sur oui.
---> Combofix etant un outil trés puissant, il est conseillé d'installer la console de recuperations.
---> Choisis la langue et tapes sur la touche 1 Yes pour demarrer le scan.
/!\ Ne touche ni à ta souris ni à ton clavier
pendant la durèe du scan, au risque de figer l'ordi /!\.

* En fin de scan, il est possible que ComboFix ait besoin de redemarrer le pc
pour finir la desinfection, laisses faire.

* Une fois le scan terminé, un rapport s'affiche, postes son contenu.

Note : le rapport se trouve egalement à C:\Combofix.txt
Ne reactives que ton antivirus avant de revenir sur le net, laisses Spybot comme cela.
0
Réponse 18 / 28
marjorie
 
ComboFix 09-01-10.03 - marion 2009-01-11 17:18:13.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1014.528 [GMT 1:00]
Lancé depuis: c:\documents and settings\marion\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ardvbwpg.dll
c:\windows\system32\cnfjpx.dll
c:\windows\system32\fqwgvnmt.ini
c:\windows\system32\hcbulimj.ini
c:\windows\system32\hrdmadlk.dll
c:\windows\system32\jniyjidq.dll
c:\windows\system32\kmksgc.dll
c:\windows\system32\kolufqdb.dll
c:\windows\system32\oatdcifv.dll
c:\windows\system32\pmtnbupj.ini
c:\windows\system32\pwqhamuo.dll
c:\windows\system32\qjeyxhyb.ini
c:\windows\system32\sedlyiqn.ini
c:\windows\system32\shnojqnw.dll
c:\windows\system32\srgcnv.dll
c:\windows\system32\suvkykom.dll
c:\windows\system32\vczobf.dll
c:\windows\system32\vndrbn.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.

2009-01-11 13:24 . 2009-01-11 13:24 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 13:24 . 2009-01-11 13:24 <REP> d-------- c:\documents and settings\marion\Application Data\Malwarebytes
2009-01-11 13:24 . 2009-01-11 13:24 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-11 13:24 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-11 13:24 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-11 12:29 . 2009-01-11 12:29 <REP> d-------- c:\program files\Navilog1
2009-01-04 16:43 . 2009-01-04 16:45 8,028 --a------ c:\windows\wininit.ini
2009-01-04 14:43 . 2009-01-04 14:43 <REP> d--hs---- C:\FOUND.002
2009-01-04 13:54 . 2009-01-04 13:54 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-01-04 13:54 . 2009-01-04 13:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-04 02:23 . 2009-01-04 02:23 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-31 14:27 . 2008-12-31 14:27 <REP> d-------- c:\program files\Trend Micro
2008-12-31 13:37 . 2008-12-31 13:37 <REP> d-------- c:\program files\Avira
2008-12-31 13:37 . 2008-12-31 13:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-31 00:42 . 2008-12-31 00:42 <REP> d-------- c:\program files\EoRezo
2008-12-31 00:42 . 2008-12-31 00:42 <REP> d-------- c:\documents and settings\marion\Application Data\EoRezo
2008-12-28 01:12 . 2008-12-28 01:12 <REP> d-------- c:\program files\Songbeat Player
2008-12-28 01:12 . 2008-12-28 01:12 <REP> d-------- c:\documents and settings\All Users\Application Data\RapidSolution
2008-12-28 00:54 . 2008-12-28 00:54 <REP> d-------- c:\documents and settings\marion_2\dwhelper
2008-12-28 00:39 . 2008-12-28 00:39 <REP> d-------- c:\documents and settings\marion_2\Incomplete
2008-12-20 00:55 . 2008-12-20 00:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Awem

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-09 00:02 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzy2
2008-12-08 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\Playrix Entertainment
2008-12-03 22:40 --------- d-----w c:\documents and settings\marion\Application Data\PlayFirst
2008-12-03 22:40 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-03 21:24 --------- d-----w c:\documents and settings\marion\Application Data\iWin
2008-12-02 01:51 --------- d-----w c:\documents and settings\marion\Application Data\Ancient Quest of Saqqarah__gamehouse
2008-11-28 23:02 --------- d-----w c:\documents and settings\All Users\Application Data\MythPeople
2008-11-24 04:12 --------- d-----w c:\documents and settings\marion\Application Data\Playrix Entertainment
2008-11-22 23:09 --------- d-----w c:\documents and settings\marion\Application Data\Meridian93
2008-11-21 01:55 --------- d-----w c:\documents and settings\All Users\Application Data\GameHouse
2008-11-20 20:57 --------- d-----w c:\documents and settings\marion\Application Data\OpenOffice.org2
2008-11-17 15:16 --------- d-----w c:\program files\Labtec
2008-11-17 15:13 62,592 ----a-w c:\windows\system32\drivers\moufiltr.sys
2008-11-17 13:19 --------- d-----w c:\documents and settings\marion_2\Application Data\OpenOffice.org2
2008-11-17 13:17 --------- d-----w c:\program files\OpenOffice.org 2.3
2008-11-17 13:13 --------- d-----w c:\program files\readmes
2008-11-17 13:13 --------- d-----w c:\program files\licenses
2008-11-15 23:23 --------- d-----w c:\documents and settings\All Users\Application Data\SecretsOfOlympus
2008-11-13 03:48 --------- d-----w c:\program files\MSXML 4.0
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 17:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2007-11-13 18:11 68,332,489 ----a-w c:\program files\openofficeorg3.cab
2007-11-13 18:11 3,395,476 ----a-w c:\program files\openofficeorg4.cab
2007-11-13 18:04 17,645,041 ----a-w c:\program files\openofficeorg2.cab
2007-11-13 18:03 19,208,747 ----a-w c:\program files\openofficeorg1.cab
2007-11-13 18:02 4,369,408 ----a-w c:\program files\openofficeorg23.msi
2007-11-13 18:02 217 ----a-w c:\program files\setup.ini
2002-03-11 09:06 1,822,520 ----a-w c:\program files\instmsiw.exe
2002-03-11 08:45 1,708,856 ----a-w c:\program files\instmsia.exe
2008-09-08 10:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090820080909\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Magentic"="c:\progra~1\MAGENTIC\bin\Magentic.exe" [2008-01-17 475180]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-31 185632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"FLMOFFICE4DMOUSE"="c:\program files\Labtec\Mouse\V3.0\moffice.exe" [2008-11-17 958464]
"EoEngine"="c:\program files\EoRezo\EoEngine.exe" [2008-11-01 472912]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=aidbjx.dll ocdwpg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2005-10-15 12106]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2005-09-13 4392]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296]
R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2005-01-14 4010]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\marion\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\marion\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [2004-08-05 12800]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UBHELPER
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{0A4613EC-10B0-4730-84E0-C0E2697D81F1} - (no file)
BHO-{1B271FF7-E744-43D5-A76B-E4AAA7A69397} - (no file)
BHO-{23e292ba-e0ec-47e5-a3b7-b2a7417628f9} - (no file)
BHO-{2a431059-5dd2-4ca9-9376-f717f75a57d9} - (no file)
BHO-{4F4B9790-42FA-4576-A50A-478AC50D4E23} - (no file)
BHO-{59e918ae-5255-4045-9e3d-6d890b645367} - (no file)
BHO-{68B2024F-EF4C-4FAD-BB42-B2BE4A385E5E} - (no file)
BHO-{806532FE-C24F-41ED-A14C-D06D8DE31F5A} - (no file)
BHO-{CFF4E959-56D9-4891-BB39-7FF9B3354241} - (no file)
BHO-{FEC3530A-7D00-47A5-8A0D-B9268509CFF7} - c:\windows\system32\jkkhghFx.dll
HKCU-Run-Lyad - c:\program files\Lyad Messenger\lyad_messenger.exe
HKCU-Run-WOOKIT - c:\progra~1\WANADOO\Shell.exe
HKCU-Run-ErrorSafeFree - c:\program files\ErrorSafe Free\uers.exe
Notify-wvUnOGvu - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://lo.st#home
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath - c:\documents and settings\marion\Application Data\Mozilla\Firefox\Profiles\8noe0cem.default\
FF - prefs.js: browser.startup.homepage - hxxp://lo.st#home
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 17:27:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
c:\acer\EMPOWERING TECHNOLOGY\ADMSERV.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
c:\program files\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
c:\program files\LAUNCH MANAGER\LMANAGER.EXE
c:\program files\Labtec\Mouse\V3.0\MOUSE32A.EXE
c:\acer\EMPOWERING TECHNOLOGY\ERECOVERY\MONITOR.EXE
c:\progra~1\MAGENTIC\bin\MgApp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\docume~1\marion\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Heure de fin: 2009-01-11 17:31:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-11 16:31:08

Avant-CF: 14 294 351 872 octets libres
Après-CF: 14,907,408,384 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

242 --- E O F --- 2008-12-18 21:04:01
0
Réponse 19 / 28
Utilisateur anonyme
 
Re, Telecharges Ad Remover sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

/!\ Deconnectes toi et fermes toutes les applications en cours /!\.

* Double-cliques sur le programme d'installation et installes le dans son emplacement
par defaut ---> C:\Program files....

* Double-cliques sur la nouvelle icone de ton bureau
----> au menu choisis l'option A
----> Patientes jusqu'à la fin du scan
----> Postes le rapport généré.
0
Réponse 20 / 28
marjorie
 
------- Logfile of AD-Remover 1.0.8.8 by C_XX | ONLY XP/VISTA -------

# START AT: 19:00:59 | Dim 11/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: MARJORIE | USER: marion ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: FAT32)
- D:\ (File System: FAT32)
# System Drive: C:\
# Windows Directory: C:\WINDOWS\
# System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 51

+--------------------| Boonty/Boonty Games Elements found :

.
HKCU\SOFTWARE\Boonty
HKLM\Software\Boonty
.
C:\Program Files\Boonty
C:\Program Files\Boonty\Components
C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\Components
C:\Program Files\BoontyGames\10daysunderthesea{384181}.exe
C:\Program Files\BoontyGames\luxor3{307161}.exe
C:\Program Files\BoontyGames\mahjonghalloween{2395}.exe
C:\Program Files\BoontyGames\secretofolympus{342217}.exe
C:\Program Files\BoontyGames\mahjonghalloween{211126}.exe
C:\Program Files\BoontyGames\callofatlantis{389610}.exe
C:\Program Files\BoontyGames\dreamchronicles{334811}.exe
C:\Program Files\BoontyGames\Dream Chronicles
C:\Program Files\BoontyGames\cradleofpersia{326454}.exe
C:\Program Files\BoontyGames\Components\bureau.url
C:\Program Files\BoontyGames\Components\Joystick.ico
C:\Program Files\BoontyGames\Components\start.url
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML
C:\Program Files\BoontyGames\Dream Chronicles\unins000.dat
C:\Program Files\BoontyGames\Dream Chronicles\assets
C:\Program Files\BoontyGames\Dream Chronicles\dream.exe
C:\Program Files\BoontyGames\Dream Chronicles\FLEXnet Activation Service Installer.dll
C:\Program Files\BoontyGames\Dream Chronicles\trial.ini
C:\Program Files\BoontyGames\Dream Chronicles\EULA.txt
C:\Program Files\BoontyGames\Dream Chronicles\hiscore.xml
C:\Program Files\BoontyGames\Dream Chronicles\readme.htm
C:\Program Files\BoontyGames\Dream Chronicles\Fenetre.bmp
C:\Program Files\BoontyGames\Dream Chronicles\fenetrepop.bmp
C:\Program Files\BoontyGames\Dream Chronicles\SpMU.lnk
C:\Program Files\BoontyGames\Dream Chronicles\unins000.exe
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\css
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\js
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\BrainChallengeWin.exe
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\buy_connectionrequired.html
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\connectionrequired.html
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\manualtransaction.html
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\pageerror.html
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\pleasewait.html
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\repairstart.html
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\thankyou.html
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\transfailure.html
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\trialexit.html
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\trialexpired.html
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\trialstart.html
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\~pleasewait.html
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\css\ShellStyle.css
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\css\ShellStyle_br.css
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\css\ShellStyle_de.css
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\css\ShellStyle_en.css
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\css\ShellStyle_fr.css
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\css\ShellStyle_it.css
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\css\ShellStyle_nb.css
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\css\ShellStyle_nl.css
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\css\ShellStyle_po.css
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\css\ShellStyle_sp.css
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\css\ShellStyle_us.css
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\Top.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\scroll_bkg.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\separator2.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\separatorEnd.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\separatorMiddle.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\separatorStart.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\Shell_popup_03.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\Shell_popup_06.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\Shell_popup_08.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\Shell_popup_09.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\spacer.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\test.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\TopLeft.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\TopRight.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\TopLeftSouth.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\TopRightWest.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\transp.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\wait.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\jeu.jpg
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bg_nomjeu.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bg_table.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgDELOCK.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Bottom.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Coin.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Left.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgDELOCK_Right.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgERROR.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgERROR_Bottom.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgERROR_Coin.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgERROR_Left.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgERROR_Right.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgOK.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgOK_Bottom.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgOK_Coin.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgOK_Left.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgOK_Right.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgREDUC.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgREDUC_Bottom.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgREDUC_Coin.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgREDUC_Left.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgREDUC_Right.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgSECURE.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgSECURE_Bottom.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgSECURE_Coin.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgSECURE_Left.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgSECURE_Right.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgSUPPORT.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Bottom.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Coin.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Left.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\bkgSUPPORT_Right.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocBkg.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocBottom.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocBottomLeft.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocBottomLeftC.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocBottomLeftCN.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocBottomLeftCR.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocBottomRight.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocCoinCadenas.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocError.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocExpiredTop.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocJouezMiddle.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocJouezTop.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocLeft.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocMiddle.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocRight.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocTop.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocTopLeft.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\blocTopRight.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\boontysecure.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\Bottom.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BottomLeft.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BottomLeftEast.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BottomLeftNorth.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BottomRight.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BottomRightNorth.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BottomRightWest.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btAcheterLeft.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btAcheterMiddle.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btAcheterRight.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BtBlueLeft.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BtBlueMiddle.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BtBlueRight.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btJouerLeft.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btJouerMiddle.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btJouerRight.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BtnBuyExit.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btn_acheter.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btn_fermer.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btn_infos.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btn_jouer.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btn_nomjeu2.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btn_reactiver.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btn_reduc.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btn_suivant.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\btn_suivant2.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BtYellowLeft.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BtYellowMiddle.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BtYellowQuestion.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\BtYellowRight.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\ButtonBkgLeft_Off.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\ButtonBkgLeft_On.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\ButtonBkgMiddle_Off.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\ButtonBkgMiddle_On.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\ButtonBkgRight_Off.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\ButtonBkgRight_On.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\CacheImgJeu.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\caddie.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\cadenas.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\CloseOff.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\CloseOn.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\fleche.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\flechetrial.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\greypoint.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\jouer_gratuitement.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\Left.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\MaximizeOff.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\MaximizeOn.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\MinimizeOff.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\MinimizeOn.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\PopBottom.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\PopBottomLeft.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\PopBottomRight.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\PopLeft.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\PopRight.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\PopTop.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\PopTopLeft.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\PopTopRight.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\Right.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\Images\scroll.gif
C:\Program Files\BoontyGames\Dream Chronicles\SHELL_DEFAULT_HTML\js\ShellScripts.js
C:\Program Files\BoontyGames\Dream Chronicles\assets\misc
C:\Program Files\BoontyGames\Dream Chronicles\assets\states
C:\Program Files\BoontyGames\Dream Chronicles\assets\assets.pfp
C:\Program Files\BoontyGames\Dream Chronicles\assets\settings.xml
C:\Program Files\BoontyGames\Dream Chronicles\assets\strings.xml
C:\Program Files\BoontyGames\Dream Chronicles\assets\misc\DreamShim.swf
C:\Program Files\BoontyGames\Dream Chronicles\assets\misc\intro1.swf
C:\Program Files\BoontyGames\Dream Chronicles\assets\misc\intro2.swf
C:\Program Files\BoontyGames\Dream Chronicles\assets\misc\intro3.swf
C:\Program Files\BoontyGames\Dream Chronicles\assets\misc\intro4.swf
C:\Program Files\BoontyGames\Dream Chronicles\assets\misc\intro5.swf
C:\Program Files\BoontyGames\Dream Chronicles\assets\misc\katgames_logo.swf
C:\Program Files\BoontyGames\Dream Chronicles\assets\misc\main.lua
C:\Program Files\BoontyGames\Dream Chronicles\assets\misc\playfirst_animated_logo.swf
C:\Program Files\BoontyGames\Dream Chronicles\assets\misc\playfirst_animated_logo_mac.swf
C:\Program Files\BoontyGames\Dream Chronicles\assets\states\credits
C:\Program Files\BoontyGames\Dream Chronicles\assets\states\hiscores
C:\Program Files\BoontyGames\Dream Chronicles\assets\states\summary
C:\Program Files\BoontyGames\Dream Chronicles\assets\states\credits\credits.txt
C:\Program Files\BoontyGames\Dream Chronicles\assets\states\hiscores\hiscores.lua
C:\Program Files\BoontyGames\Dream Chronicles\assets\states\hiscores\hiscoresubmit.lua
C:\Program Files\BoontyGames\Dream Chronicles\assets\states\summary\summary.lua
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B3B24000.dat
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B85BC000.dat
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B5814000.dat
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B3999000.dat
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B3BA0000.dat
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B5A60000.dat
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B577C000.dat
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B6C9E000.dat
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses\B57F3000.dat
C:\Documents and Settings\marion\Cookies\marion@ads.boonty[1].txt
C:\Documents and Settings\marion\Cookies\marion@shell.boonty[2].txt
C:\Documents and Settings\marion\Cookies\marion@ads.boonty[2].txt
C:\Documents and Settings\marion\Cookies\marion@shell.boonty[1].txt
C:\Documents and Settings\marion\Cookies\marion@boonty.aliceadsl[1].txt

+--------------------| Eorezo Elements found :

Process: "EoEngine.exe" [PID:~3456]
.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.DLL
HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\run\\EoEngine
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\unins000.dat
C:\Program Files\EoRezo\lang
C:\Program Files\EoRezo\MngInstaller.dll
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\eoEngine.url
C:\Program Files\EoRezo\Host.cyp
C:\Program Files\EoRezo\user.cyp
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\EoRezo\EoRezoComm.dll
C:\Program Files\EoRezo\EoMultiLanguage.dll
C:\Program Files\EoRezo\EoRezoTools_16.dll
C:\Program Files\EoRezo\EoRezoTools_17.dll
C:\Program Files\EoRezo\EoRezoImg_17.dll
C:\Program Files\EoRezo\EoRezoTools_18.dll
C:\Program Files\EoRezo\EoRezoImg_19.dll
C:\Program Files\EoRezo\EoRezoTools_20.dll
C:\Program Files\EoRezo\EoRezoImg_20.dll
C:\Program Files\EoRezo\EoRezoTools_21.dll
C:\Program Files\EoRezo\EoRezoImg_21.dll
C:\Program Files\EoRezo\EoRezoImg_22.dll
C:\Program Files\EoRezo\EoRezoImg_23.dll
C:\Program Files\EoRezo\EoRezoTools_26.dll
C:\Program Files\EoRezo\EoRezoTools_27.dll
C:\Program Files\EoRezo\EoRezoTools_28.dll
C:\Program Files\EoRezo\ConfMedia.cyp
C:\Program Files\EoRezo\FreeImage.dll
C:\Program Files\EoRezo\unins000.exe
C:\Program Files\EoRezo\lang\ihm_eonet.xml
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml
C:\Program Files\EoRezo\lang\ihm_eoclock.xml
C:\Program Files\EoRezo\lang\ihm_eoweather.xml
C:\Program Files\EoRezo\lang\ihm_eoengine.xml
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml
C:\Program Files\EoRezo\lang\lang_en.xml
C:\Program Files\EoRezo\lang\lang_fr.xml
C:\Program Files\EoRezo\lang\lang_es.xml
C:\Program Files\EoRezo\lang\lang_it.xml
C:\Program Files\EoRezo\EoAdv\EoAdv.dll
C:\Program Files\EoRezo\EoAdv\atl90.dll
C:\Program Files\EoRezo\EoAdv\mfc90.dll
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.ATL.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.CRT.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.MFC.manifest
C:\Program Files\EoRezo\EoAdv\msvcr90.dll
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
C:\Documents and Settings\marion\Application Data\EoRezo
C:\Documents and Settings\marion\Application Data\EoRezo\user.cyp
C:\Documents and Settings\marion\Application Data\EoRezo\host.cyp
C:\Documents and Settings\marion\Application Data\EoRezo\db
C:\Documents and Settings\marion\Application Data\EoRezo\cmhost.cyp
C:\Documents and Settings\marion\Application Data\EoRezo\ConfMedia.cyp
C:\Documents and Settings\marion\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\marion\Application Data\EoRezo\db\cat.cyp
C:\Documents and Settings\marion\Application Data\EoRezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\marion\Application Data\EoRezo\eoDesktop\userConfig.xml
C:\Documents and Settings\marion\Application Data\EoRezo\eoDesktop\config.xml
C:\WINDOWS\Prefetch\EOENGINE.EXE-25D17307.pf
C:\Documents and Settings\marion\Cookies\marion@soft.eorezo[1].txt
C:\Documents and Settings\marion\Cookies\marion@ads.eorezo[1].txt
C:\Documents and Settings\marion\Cookies\marion@eorezo[1].txt

+--------------------| Everest Poker Elements found :

.
.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
.

+--------------------| It's TV Elements found :

.

+--------------------| Sweetim Elements found :

.
.

+--------------------| ADDED SCAN :

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\8noe0cem.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Startup HomePage: "http://lo.st#home"

.
FOUND - user_pref("browser.startup.homepage", "http://lo.st#home");

+---------------------------------------------------------------------------+

~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://lo.st#home

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

[~23788 bytes] - "C:\AD-report-Scan-11.01.2009.log"

# END at: 19:01:45 | 11/01/2009 - Time elapsed: 45.1 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 345 lines ]
+---------------------------------------------------------------------------+
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses