Virus Remover 2008 + Rapports
Woodyirish
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Je viens ici car je suis dérangé sans cesse par ce fichu Virus Remover 2008 et ce quel que soit mon navigateur (Firefox, Maxthon ou Google Chrome). J'ai tenté de virer les processus louches sur hijackthis, lancé un adaware, un hitmanpro, un ccleaner, et tout un tas d'utilitaire conseillés par les forumeux de CCM sans succès. Dans le doute je vous copie colle mes rapports avec les différents utilitaires, j'espère trouver une solution rapidement.
Je vous copie colle mes rapports. (j'ai effectué un nettoyage avec anti malware)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:31, on 26/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Woodyirish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {04c09d0e-b0a0-4c4b-a685-fd4a44abad6e} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [CPMeb881c91] Rundll32.exe "c:\windows\system32\jeniguju.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Woodyirish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: UberIcon.lnk = C:\Program Files\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\jeniguju.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jeniguju.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jeniguju.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6233 bytes
---------------------------------------------------
SmitFraudFix v2.375
Rapport fait à 15:27:16,57, 26/11/2008
Executé à partir de C:\Documents and Settings\Woodyirish\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Woodyirish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Woodyirish\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Woodyirish
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WOODYI~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Woodyirish\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WOODYI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\system32\\jeniguju.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Hamachi Network Interface
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BC0258EF-151F-4C1B-BFE8-B67C1D34B23C}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C19739F4-81E8-4A02-9380-5A3873C31C91}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BC0258EF-151F-4C1B-BFE8-B67C1D34B23C}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C19739F4-81E8-4A02-9380-5A3873C31C91}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{634798D8-74B3-468C-8D78-3158F92D34D5}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BC0258EF-151F-4C1B-BFE8-B67C1D34B23C}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C19739F4-81E8-4A02-9380-5A3873C31C91}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
-----------------------------------------------------------------------
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Woodyirish ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:170 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (USB) - FAT - Total:245 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 26/11/2008|15:28 )
--------------------\\ Listing des dossiers dans APPLIC~1
[26/11/2007|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[26/11/2007|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/01/2008|21:57] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
[08/11/2008|19:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\2DBoy
[21/10/2008|19:09] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
[08/05/2008|13:02] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
[08/05/2008|13:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
[02/05/2008|11:58] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\avg7
[02/05/2008|12:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Avira
[26/11/2007|21:12] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Azureus
[08/05/2008|12:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\BVRP Software
[28/11/2007|01:29] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FLEXnet
[15/02/2008|12:25] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
[23/11/2008|01:17] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Hitman Pro
[26/11/2008|15:25] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Hitman Pro 3
[21/02/2008|16:58] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InstallShield
[15/08/2008|18:46] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Last.fm
[26/11/2008|03:42] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
[04/10/2008|17:23] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\LGMOBILEAX
[11/12/2007|12:31] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Logishrd
[26/11/2007|23:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Logitech
[19/11/2008|01:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
[17/01/2008|22:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Martau
[14/12/2007|12:19] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
[21/01/2008|19:29] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help
[29/11/2007|21:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Mozilla
[27/11/2007|21:33] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero
[30/11/2007|11:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\nView_Profiles
[13/04/2008|18:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\OrbNetworks
[25/08/2008|15:08] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PC Drivers HeadQuarters
[02/05/2008|00:47] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Skype
[08/05/2008|13:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony
[08/05/2008|12:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony Ericsson
[27/07/2008|17:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
[21/01/2008|19:38] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
[16/07/2008|12:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WildTangent
[26/11/2007|17:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
[17/01/2008|23:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller
[26/11/2007|12:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26/11/2007|17:39] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft
[02/05/2008|11:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[02/05/2008|11:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/05/2008|11:58] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[05/11/2008|14:50] C:\DOCUME~1\WOODYI~1\APPLIC~1\AccurateRip
[24/11/2008|23:18] C:\DOCUME~1\WOODYI~1\APPLIC~1\Adobe
[02/05/2008|11:51] C:\DOCUME~1\WOODYI~1\APPLIC~1\AVG7
[26/11/2008|03:10] C:\DOCUME~1\WOODYI~1\APPLIC~1\Azureus
[24/09/2008|01:12] C:\DOCUME~1\WOODYI~1\APPLIC~1\BSplayer
[24/09/2008|00:44] C:\DOCUME~1\WOODYI~1\APPLIC~1\BSplayer Pro
[04/01/2008|04:15] C:\DOCUME~1\WOODYI~1\APPLIC~1\DAEMON Tools
[05/11/2008|14:59] C:\DOCUME~1\WOODYI~1\APPLIC~1\dBpoweramp
[04/01/2008|03:48] C:\DOCUME~1\WOODYI~1\APPLIC~1\DeepBurner
[10/11/2008|21:02] C:\DOCUME~1\WOODYI~1\APPLIC~1\dvdcss
[03/04/2008|00:17] C:\DOCUME~1\WOODYI~1\APPLIC~1\FarStone
[10/09/2008|20:16] C:\DOCUME~1\WOODYI~1\APPLIC~1\FileZilla
[26/11/2008|02:28] C:\DOCUME~1\WOODYI~1\APPLIC~1\foobar2000
[18/06/2008|19:27] C:\DOCUME~1\WOODYI~1\APPLIC~1\GetRightToGo
[17/08/2008|19:20] C:\DOCUME~1\WOODYI~1\APPLIC~1\GigaTribe
[23/11/2008|01:24] C:\DOCUME~1\WOODYI~1\APPLIC~1\Hamachi
[07/04/2008|20:08] C:\DOCUME~1\WOODYI~1\APPLIC~1\Help
[26/11/2007|20:02] C:\DOCUME~1\WOODYI~1\APPLIC~1\Identities
[16/08/2008|18:54] C:\DOCUME~1\WOODYI~1\APPLIC~1\InfraRecorder
[08/05/2008|12:50] C:\DOCUME~1\WOODYI~1\APPLIC~1\InstallShield
[04/10/2008|18:13] C:\DOCUME~1\WOODYI~1\APPLIC~1\LG Electronics
[26/11/2007|23:21] C:\DOCUME~1\WOODYI~1\APPLIC~1\Macromedia
[19/11/2008|01:16] C:\DOCUME~1\WOODYI~1\APPLIC~1\Malwarebytes
[30/11/2007|21:46] C:\DOCUME~1\WOODYI~1\APPLIC~1\Media Player Classic
[12/10/2008|21:48] C:\DOCUME~1\WOODYI~1\APPLIC~1\Microsoft
[10/11/2008|02:46] C:\DOCUME~1\WOODYI~1\APPLIC~1\mIRC
[21/06/2008|15:11] C:\DOCUME~1\WOODYI~1\APPLIC~1\Mozilla
[22/02/2008|23:24] C:\DOCUME~1\WOODYI~1\APPLIC~1\MxBoost
[05/10/2008|02:48] C:\DOCUME~1\WOODYI~1\APPLIC~1\My Games
[24/09/2008|13:09] C:\DOCUME~1\WOODYI~1\APPLIC~1\Nero
[23/11/2008|01:25] C:\DOCUME~1\WOODYI~1\APPLIC~1\OpenOffice.org2
[29/10/2008|19:27] C:\DOCUME~1\WOODYI~1\APPLIC~1\Skype
[02/05/2008|00:19] C:\DOCUME~1\WOODYI~1\APPLIC~1\skypePM
[08/05/2008|13:06] C:\DOCUME~1\WOODYI~1\APPLIC~1\Sony
[08/09/2008|01:25] C:\DOCUME~1\WOODYI~1\APPLIC~1\SPORE
[26/11/2007|21:10] C:\DOCUME~1\WOODYI~1\APPLIC~1\Sun
[23/11/2008|21:34] C:\DOCUME~1\WOODYI~1\APPLIC~1\SystemRequirementsLab
[29/11/2007|21:44] C:\DOCUME~1\WOODYI~1\APPLIC~1\Talkback
[02/10/2008|07:42] C:\DOCUME~1\WOODYI~1\APPLIC~1\vlc
[13/04/2008|19:52] C:\DOCUME~1\WOODYI~1\APPLIC~1\Winamp
[26/11/2007|22:15] C:\DOCUME~1\WOODYI~1\APPLIC~1\WinRAR
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[26/11/2008 10:19][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[25/11/2008 17:31][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[26/11/2008 14:18][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 19:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[11/07/2008|23:32] C:\Program Files\"O–%â%f'Ó
[05/10/2008|02:41] C:\Program Files\2K Games
[04/08/2008|22:35] C:\Program Files\3D Analyzer
[23/11/2008|01:19] C:\Program Files\AC3Filter
[21/10/2008|19:08] C:\Program Files\Adobe
[30/04/2008|21:02] C:\Program Files\Alcohol Soft
[08/05/2008|13:02] C:\Program Files\Apple Software Update
[30/04/2008|21:02] C:\Program Files\ArcSoft
[26/11/2008|03:22] C:\Program Files\Ashampoo
[30/04/2008|21:05] C:\Program Files\Astonsoft
[08/05/2008|12:53] C:\Program Files\Avanquest update
[29/09/2008|20:23] C:\Program Files\Avira
[21/11/2008|18:41] C:\Program Files\Azureus
[04/05/2008|04:26] C:\Program Files\Bonjour
[05/08/2008|04:30] C:\Program Files\Bradbury
[24/09/2008|00:44] C:\Program Files\BS.Player ControlBar
[20/11/2008|14:57] C:\Program Files\bwin
[30/04/2008|21:06] C:\Program Files\CCleaner
[19/05/2008|19:39] C:\Program Files\CD Recovery Toolbox Free
[23/11/2008|01:19] C:\Program Files\CD to MP3 Freeware
[23/11/2008|01:19] C:\Program Files\CDex_170b2
[30/04/2008|21:06] C:\Program Files\CDisplay
[23/11/2008|01:19] C:\Program Files\Clean Ram
[23/11/2008|01:19] C:\Program Files\Combined Community Codec Pack
[25/11/2008|01:37] C:\Program Files\Common Files
[26/11/2007|12:42] C:\Program Files\ComPlus Applications
[30/04/2008|21:06] C:\Program Files\DAEMON Tools Lite
[30/04/2008|21:06] C:\Program Files\Dell 720
[30/04/2008|21:06] C:\Program Files\DivX
[08/10/2008|17:38] C:\Program Files\Dragonred O2jam
[27/07/2008|18:22] C:\Program Files\Duplicate Cleaner
[23/11/2008|01:19] C:\Program Files\DVD Decrypter
[11/08/2008|23:01] C:\Program Files\EasyPHP 2.0b1
[23/11/2008|01:19] C:\Program Files\eChanblard
[30/04/2008|21:07] C:\Program Files\Elaborate Bytes
[08/09/2008|01:01] C:\Program Files\Electronic Arts
[25/11/2008|00:22] C:\Program Files\Enigma Software Group
[30/04/2008|21:07] C:\Program Files\Eraser
[04/05/2008|04:26] C:\Program Files\FarStone
[26/11/2008|03:42] C:\Program Files\Fichiers communs
[23/11/2008|01:19] C:\Program Files\FileZilla FTP Client
[08/11/2008|19:13] C:\Program Files\Final Fantasy VII Origin
[05/10/2008|01:57] C:\Program Files\Firaxis Games
[23/11/2008|01:19] C:\Program Files\FlashMute
[30/04/2008|21:25] C:\Program Files\foobar2000
[23/11/2008|01:19] C:\Program Files\FpTest
[10/05/2008|09:52] C:\Program Files\Free
[24/11/2008|00:17] C:\Program Files\Free Easy Burner
[02/10/2008|02:57] C:\Program Files\Free Multimedia Center
[02/10/2008|02:06] C:\Program Files\FreeEasyZap
[02/10/2008|02:50] C:\Program Files\FreeMultiPosteTV
[23/11/2008|01:19] C:\Program Files\Freeplayer
[02/10/2008|14:26] C:\Program Files\Fritivi
[21/10/2008|18:21] C:\Program Files\GigaTribe
[25/11/2008|01:09] C:\Program Files\gPotato.eu
[23/11/2008|01:19] C:\Program Files\GTK2-Runtime
[30/04/2008|21:31] C:\Program Files\Guitar Pro 5
[08/10/2008|17:17] C:\Program Files\Hamachi
[22/11/2008|13:31] C:\Program Files\Hitman Pro
[22/11/2008|13:33] C:\Program Files\Hitman Pro 3
[23/11/2008|01:19] C:\Program Files\HomePlayer
[30/04/2008|21:32] C:\Program Files\iColorFolder
[30/04/2008|21:32] C:\Program Files\IEAK6
[11/05/2008|11:26] C:\Program Files\Illustrate
[23/11/2008|01:19] C:\Program Files\InfraRecorder
[03/11/2008|16:06] C:\Program Files\InstallShield Installation Information
[08/05/2008|13:01] C:\Program Files\internet explorer
[06/06/2008|10:45] C:\Program Files\IrfanView
[10/08/2008|22:40] C:\Program Files\Java
[05/11/2008|02:05] C:\Program Files\Klavaro-1.1.7
[14/10/2008|21:18] C:\Program Files\K-Lite Codec Pack
[15/08/2008|18:45] C:\Program Files\Last.fm
[19/06/2008|11:22] C:\Program Files\Lavalys
[26/11/2008|03:42] C:\Program Files\Lavasoft
[30/04/2008|21:33] C:\Program Files\LClock
[23/11/2008|01:19] C:\Program Files\LD-Anime
[23/11/2008|21:06] C:\Program Files\Left4Dead
[04/10/2008|17:30] C:\Program Files\LG Electronics
[07/10/2008|22:57] C:\Program Files\LG PC Suite 2
[30/04/2008|21:33] C:\Program Files\Logitech
[16/07/2008|12:07] C:\Program Files\Lumines
[30/04/2008|21:34] C:\Program Files\Magic Karaoke Maker
[23/11/2008|01:19] C:\Program Files\MagicDisc
[23/11/2008|01:20] C:\Program Files\MagicISO
[30/04/2008|21:34] C:\Program Files\MAIET
[19/11/2008|01:16] C:\Program Files\Malwarebytes' Anti-Malware
[25/08/2008|14:24] C:\Program Files\Marvell
[23/11/2008|01:20] C:\Program Files\Maxthon
[23/11/2008|01:20] C:\Program Files\Maxthon2
[30/04/2008|21:35] C:\Program Files\Media Player Classic
[18/01/2008|00:10] C:\Program Files\Messenger
[26/11/2007|20:02] C:\Program Files\microsoft frontpage
[30/04/2008|21:35] C:\Program Files\Microsoft Office
[30/04/2008|21:39] C:\Program Files\Microsoft Visual Studio
[30/04/2008|21:39] C:\Program Files\Microsoft Works
[12/11/2008|20:28] C:\Program Files\mIRC
[23/11/2008|01:20] C:\Program Files\Monitor Calibration Wizard
[18/01/2008|12:42] C:\Program Files\Movie Maker
[30/04/2008|21:39] C:\Program Files\Movie Stream 1.3
[26/11/2008|14:33] C:\Program Files\Mozilla Firefox
[30/04/2008|21:39] C:\Program Files\MSBuild
[30/04/2008|21:39] C:\Program Files\MSN Gaming Zone
[30/04/2008|21:39] C:\Program Files\MSN Messenger
[30/04/2008|21:39] C:\Program Files\MSXML 4.0
[30/04/2008|21:39] C:\Program Files\MSXML 6.0
[02/10/2008|01:55] C:\Program Files\MyFreeTV
[26/11/2008|03:13] C:\Program Files\Navilog1
[18/01/2008|00:11] C:\Program Files\NetMeeting
[08/10/2008|17:15] C:\Program Files\O2AS
[19/05/2008|15:50] C:\Program Files\Ontrack
[08/10/2008|01:10] C:\Program Files\OpenAL
[10/08/2008|22:42] C:\Program Files\OpenOffice.org 2.4
[18/01/2008|12:42] C:\Program Files\Outlook Express
[30/04/2008|21:41] C:\Program Files\Padus
[25/08/2008|15:08] C:\Program Files\PC Drivers HeadQuarters
[30/04/2008|21:41] C:\Program Files\Piratrax
[12/11/2008|22:35] C:\Program Files\PKR
[20/10/2008|18:00] C:\Program Files\PlayOnline
[20/11/2008|18:29] C:\Program Files\PokerStars
[30/04/2008|21:41] C:\Program Files\Power IE
[23/11/2008|01:20] C:\Program Files\PowerISO
[08/05/2008|02:48] C:\Program Files\Praxisoft
[30/04/2008|21:41] C:\Program Files\QuickTime
[08/05/2008|13:03] C:\Program Files\QuickTime Alternative
[23/11/2008|01:20] C:\Program Files\RAM Idle LE
[30/04/2008|21:41] C:\Program Files\Raveille
[30/04/2008|21:41] C:\Program Files\Realtek AC97
[23/11/2008|01:20] C:\Program Files\Ref Hotkey
[13/11/2008|14:43] C:\Program Files\Search Settings
[08/10/2008|01:13] C:\Program Files\Seijinohki Soft
[30/04/2008|21:41] C:\Program Files\Services en ligne
[23/11/2008|01:20] C:\Program Files\SHOUTcast
[02/05/2008|00:18] C:\Program Files\Skype
[30/04/2008|21:41] C:\Program Files\SlySoft
[30/04/2008|21:41] C:\Program Files\Smart Projects
[08/05/2008|13:04] C:\Program Files\Sony Ericsson
[23/11/2008|01:20] C:\Program Files\SopCast
[23/11/2008|01:20] C:\Program Files\Soulseek
[23/11/2008|01:20] C:\Program Files\Soulseek-Test
[30/04/2008|21:41] C:\Program Files\Spybot - Search & Destroy
[28/05/2008|15:47] C:\Program Files\StepMania CVS
[23/11/2008|21:36] C:\Program Files\SystemRequirementsLab
[21/07/2008|12:33] C:\Program Files\Three Rings Design
[30/04/2008|23:46] C:\Program Files\Thrustmaster
[04/08/2008|22:33] C:\Program Files\ToMMTi-Systems
[04/11/2008|20:18] C:\Program Files\Trend Micro
[23/11/2008|01:20] C:\Program Files\TVRemi
[30/04/2008|23:46] C:\Program Files\UberIcon
[30/04/2008|23:47] C:\Program Files\Uninstall Information
[30/04/2008|23:47] C:\Program Files\Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter
[02/10/2008|03:04] C:\Program Files\VideoLAN
[12/10/2008|20:41] C:\Program Files\Virtual Dub
[24/09/2008|00:44] C:\Program Files\Webteh
[30/04/2008|23:49] C:\Program Files\Winamp
[30/04/2008|23:50] C:\Program Files\Winamp Remote
[27/07/2008|17:53] C:\Program Files\WinDirStat
[13/04/2008|18:32] C:\Program Files\Windows Media Player
[18/01/2008|00:10] C:\Program Files\Windows NT
[26/11/2007|12:44] C:\Program Files\WindowsUpdate
[30/04/2008|23:50] C:\Program Files\WinRAR
[23/11/2008|01:20] C:\Program Files\WorldOfGoo
[30/04/2008|23:50] C:\Program Files\xerox
[30/04/2008|23:50] C:\Program Files\Yahoo!
[30/04/2008|23:50] C:\Program Files\YzShadow
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[24/09/2008|13:01] C:\Program Files\Fichiers communs\Adobe
[30/04/2008|21:22] C:\Program Files\Fichiers communs\ArcSoft
[08/11/2008|19:12] C:\Program Files\Fichiers communs\Blizzard Entertainment
[30/04/2008|21:22] C:\Program Files\Fichiers communs\DESIGNER
[30/04/2008|21:22] C:\Program Files\Fichiers communs\DirectX
[30/04/2008|21:22] C:\Program Files\Fichiers communs\GTK
[30/04/2008|21:23] C:\Program Files\Fichiers communs\InstallShield
[30/04/2008|21:23] C:\Program Files\Fichiers communs\Java
[30/04/2008|21:23] C:\Program Files\Fichiers communs\LogiShrd
[30/04/2008|21:23] C:\Program Files\Fichiers communs\Logitech
[30/04/2008|21:23] C:\Program Files\Fichiers communs\Macrovision Shared
[30/04/2008|21:23] C:\Program Files\Fichiers communs\Microsoft Shared
[30/04/2008|21:24] C:\Program Files\Fichiers communs\MSSoap
[30/04/2008|21:24] C:\Program Files\Fichiers communs\Nero
[30/04/2008|21:25] C:\Program Files\Fichiers communs\ODBC
[20/10/2008|18:00] C:\Program Files\Fichiers communs\PlayOnline
[30/04/2008|21:25] C:\Program Files\Fichiers communs\Services
[02/05/2008|01:17] C:\Program Files\Fichiers communs\Skype
[30/04/2008|21:25] C:\Program Files\Fichiers communs\SpeechEngines
[30/04/2008|21:25] C:\Program Files\Fichiers communs\System
[30/04/2008|21:25] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[26/11/2008|03:42] C:\Program Files\Fichiers communs\Wise Installation Wizard
--------------------\\ Process
( 40 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\WOODYI~1\Cookies\woodyirish@advertising[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\WOODYI~1\Application Data\Azureus\torrents\Guitar_Hero_III_to_PC___No_CD_Crack.torrent
C:\DOCUME~1\WOODYI~1\Application Data\Azureus\torrents\Steam_Crack_Toolkit___December_2007__PDF_guide__SteamEmu_3_80__S[1].torrent
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit
C:\DOCUME~1\WOODYI~1\Mes documents\Ma musique\The Pixies\Death to the Pixies 1987-1991 Disc 2\14 Crackity Jones.wma
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\CS.RIN.RU - Steam Underground Forum Index.url
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\Steam cracking for dummies.pdf
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\SteamEmu380
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\SteamEmu380.rar
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\UnDeadPatch.3.30-SASiO.rar
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\UnDeadPatch330.exe
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\SteamEmu380\steam.dll
[F:22][D:1]-> C:\DOCUME~1\WOODYI~1\LOCALS~1\Temp
[F:16][D:0]-> C:\DOCUME~1\WOODYI~1\Cookies
[F:7][D:4]-> C:\DOCUME~1\WOODYI~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 19/11/2008| 1:50 - Option : [2]
2 - "C:\Lop SD\LopR_2.txt" - 26/11/2008|15:34 - Option : [1]
--------------------\\ Fin du rapport a 15:34:12
-------------------------------------------------------------------------
Search Navipromo version 3.6.9 commencé le 26/11/2008 à 15:36:02,29
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Woodyirish"
Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Woodyirish\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Woodyirish\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Woodyirish\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Woodyirish\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Woodyirish\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 26/11/2008 à 15:49:16,28 ***
--------------------------------------------------
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1410
Windows 5.1.2600 Service Pack 2
26/11/2008 15:54:53
mbam-log-2008-11-26 (15-54-53).txt
Type de recherche: Examen rapide
Eléments examinés: 53280
Temps écoulé: 4 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Documents and Settings\Woodyirish\Local Settings\Temp\bwhE6A.tmp (Backdoor.ProRat) -> Delete on reboot.
C:\WINDOWS\Temp\xba1.tmp (Backdoor.ProRat) -> Delete on reboot.
c:\WINDOWS\system32\jeniguju.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\misahavu.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmeb881c91 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\jeniguju.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\jeniguju.dll -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\misahavu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uvahasim.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Woodyirish\Local Settings\Temp\bwhE6A.tmp (Backdoor.ProRat) -> Delete on reboot.
C:\WINDOWS\Temp\xba1.tmp (Backdoor.ProRat) -> Delete on reboot.
c:\WINDOWS\system32\jeniguju.dll (Trojan.BHO) -> Delete on reboot.
-------------------------------------
Donc voilà, j'espère que vous avez assez d'infos pour me venir en aide. A tout de suite après le reboot.
Je viens ici car je suis dérangé sans cesse par ce fichu Virus Remover 2008 et ce quel que soit mon navigateur (Firefox, Maxthon ou Google Chrome). J'ai tenté de virer les processus louches sur hijackthis, lancé un adaware, un hitmanpro, un ccleaner, et tout un tas d'utilitaire conseillés par les forumeux de CCM sans succès. Dans le doute je vous copie colle mes rapports avec les différents utilitaires, j'espère trouver une solution rapidement.
Je vous copie colle mes rapports. (j'ai effectué un nettoyage avec anti malware)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:31, on 26/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Woodyirish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {04c09d0e-b0a0-4c4b-a685-fd4a44abad6e} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [CPMeb881c91] Rundll32.exe "c:\windows\system32\jeniguju.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Woodyirish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: UberIcon.lnk = C:\Program Files\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\jeniguju.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jeniguju.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jeniguju.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6233 bytes
---------------------------------------------------
SmitFraudFix v2.375
Rapport fait à 15:27:16,57, 26/11/2008
Executé à partir de C:\Documents and Settings\Woodyirish\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Woodyirish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Woodyirish\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Woodyirish
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WOODYI~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Woodyirish\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WOODYI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\system32\\jeniguju.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Hamachi Network Interface
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BC0258EF-151F-4C1B-BFE8-B67C1D34B23C}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C19739F4-81E8-4A02-9380-5A3873C31C91}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BC0258EF-151F-4C1B-BFE8-B67C1D34B23C}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C19739F4-81E8-4A02-9380-5A3873C31C91}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{634798D8-74B3-468C-8D78-3158F92D34D5}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BC0258EF-151F-4C1B-BFE8-B67C1D34B23C}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C19739F4-81E8-4A02-9380-5A3873C31C91}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
-----------------------------------------------------------------------
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Woodyirish ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:170 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (USB) - FAT - Total:245 Mo (Free:0 Go)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 26/11/2008|15:28 )
--------------------\\ Listing des dossiers dans APPLIC~1
[26/11/2007|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[26/11/2007|12:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/01/2008|21:57] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
[08/11/2008|19:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\2DBoy
[21/10/2008|19:09] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
[08/05/2008|13:02] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple
[08/05/2008|13:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
[02/05/2008|11:58] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\avg7
[02/05/2008|12:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Avira
[26/11/2007|21:12] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Azureus
[08/05/2008|12:51] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\BVRP Software
[28/11/2007|01:29] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FLEXnet
[15/02/2008|12:25] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Google
[23/11/2008|01:17] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Hitman Pro
[26/11/2008|15:25] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Hitman Pro 3
[21/02/2008|16:58] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\InstallShield
[15/08/2008|18:46] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Last.fm
[26/11/2008|03:42] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Lavasoft
[04/10/2008|17:23] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\LGMOBILEAX
[11/12/2007|12:31] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Logishrd
[26/11/2007|23:27] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Logitech
[19/11/2008|01:16] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Malwarebytes
[17/01/2008|22:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Martau
[14/12/2007|12:19] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft
[21/01/2008|19:29] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help
[29/11/2007|21:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Mozilla
[27/11/2007|21:33] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero
[30/11/2007|11:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\nView_Profiles
[13/04/2008|18:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\OrbNetworks
[25/08/2008|15:08] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\PC Drivers HeadQuarters
[02/05/2008|00:47] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Skype
[08/05/2008|13:06] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony
[08/05/2008|12:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Sony Ericsson
[27/07/2008|17:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
[21/01/2008|19:38] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\TEMP
[16/07/2008|12:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WildTangent
[26/11/2007|17:39] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
[17/01/2008|23:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\WLInstaller
[26/11/2007|12:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26/11/2007|17:39] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Microsoft
[02/05/2008|11:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[02/05/2008|11:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/05/2008|11:58] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[05/11/2008|14:50] C:\DOCUME~1\WOODYI~1\APPLIC~1\AccurateRip
[24/11/2008|23:18] C:\DOCUME~1\WOODYI~1\APPLIC~1\Adobe
[02/05/2008|11:51] C:\DOCUME~1\WOODYI~1\APPLIC~1\AVG7
[26/11/2008|03:10] C:\DOCUME~1\WOODYI~1\APPLIC~1\Azureus
[24/09/2008|01:12] C:\DOCUME~1\WOODYI~1\APPLIC~1\BSplayer
[24/09/2008|00:44] C:\DOCUME~1\WOODYI~1\APPLIC~1\BSplayer Pro
[04/01/2008|04:15] C:\DOCUME~1\WOODYI~1\APPLIC~1\DAEMON Tools
[05/11/2008|14:59] C:\DOCUME~1\WOODYI~1\APPLIC~1\dBpoweramp
[04/01/2008|03:48] C:\DOCUME~1\WOODYI~1\APPLIC~1\DeepBurner
[10/11/2008|21:02] C:\DOCUME~1\WOODYI~1\APPLIC~1\dvdcss
[03/04/2008|00:17] C:\DOCUME~1\WOODYI~1\APPLIC~1\FarStone
[10/09/2008|20:16] C:\DOCUME~1\WOODYI~1\APPLIC~1\FileZilla
[26/11/2008|02:28] C:\DOCUME~1\WOODYI~1\APPLIC~1\foobar2000
[18/06/2008|19:27] C:\DOCUME~1\WOODYI~1\APPLIC~1\GetRightToGo
[17/08/2008|19:20] C:\DOCUME~1\WOODYI~1\APPLIC~1\GigaTribe
[23/11/2008|01:24] C:\DOCUME~1\WOODYI~1\APPLIC~1\Hamachi
[07/04/2008|20:08] C:\DOCUME~1\WOODYI~1\APPLIC~1\Help
[26/11/2007|20:02] C:\DOCUME~1\WOODYI~1\APPLIC~1\Identities
[16/08/2008|18:54] C:\DOCUME~1\WOODYI~1\APPLIC~1\InfraRecorder
[08/05/2008|12:50] C:\DOCUME~1\WOODYI~1\APPLIC~1\InstallShield
[04/10/2008|18:13] C:\DOCUME~1\WOODYI~1\APPLIC~1\LG Electronics
[26/11/2007|23:21] C:\DOCUME~1\WOODYI~1\APPLIC~1\Macromedia
[19/11/2008|01:16] C:\DOCUME~1\WOODYI~1\APPLIC~1\Malwarebytes
[30/11/2007|21:46] C:\DOCUME~1\WOODYI~1\APPLIC~1\Media Player Classic
[12/10/2008|21:48] C:\DOCUME~1\WOODYI~1\APPLIC~1\Microsoft
[10/11/2008|02:46] C:\DOCUME~1\WOODYI~1\APPLIC~1\mIRC
[21/06/2008|15:11] C:\DOCUME~1\WOODYI~1\APPLIC~1\Mozilla
[22/02/2008|23:24] C:\DOCUME~1\WOODYI~1\APPLIC~1\MxBoost
[05/10/2008|02:48] C:\DOCUME~1\WOODYI~1\APPLIC~1\My Games
[24/09/2008|13:09] C:\DOCUME~1\WOODYI~1\APPLIC~1\Nero
[23/11/2008|01:25] C:\DOCUME~1\WOODYI~1\APPLIC~1\OpenOffice.org2
[29/10/2008|19:27] C:\DOCUME~1\WOODYI~1\APPLIC~1\Skype
[02/05/2008|00:19] C:\DOCUME~1\WOODYI~1\APPLIC~1\skypePM
[08/05/2008|13:06] C:\DOCUME~1\WOODYI~1\APPLIC~1\Sony
[08/09/2008|01:25] C:\DOCUME~1\WOODYI~1\APPLIC~1\SPORE
[26/11/2007|21:10] C:\DOCUME~1\WOODYI~1\APPLIC~1\Sun
[23/11/2008|21:34] C:\DOCUME~1\WOODYI~1\APPLIC~1\SystemRequirementsLab
[29/11/2007|21:44] C:\DOCUME~1\WOODYI~1\APPLIC~1\Talkback
[02/10/2008|07:42] C:\DOCUME~1\WOODYI~1\APPLIC~1\vlc
[13/04/2008|19:52] C:\DOCUME~1\WOODYI~1\APPLIC~1\Winamp
[26/11/2007|22:15] C:\DOCUME~1\WOODYI~1\APPLIC~1\WinRAR
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[26/11/2008 10:19][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
[25/11/2008 17:31][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[26/11/2008 14:18][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 19:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[11/07/2008|23:32] C:\Program Files\"O–%â%f'Ó
[05/10/2008|02:41] C:\Program Files\2K Games
[04/08/2008|22:35] C:\Program Files\3D Analyzer
[23/11/2008|01:19] C:\Program Files\AC3Filter
[21/10/2008|19:08] C:\Program Files\Adobe
[30/04/2008|21:02] C:\Program Files\Alcohol Soft
[08/05/2008|13:02] C:\Program Files\Apple Software Update
[30/04/2008|21:02] C:\Program Files\ArcSoft
[26/11/2008|03:22] C:\Program Files\Ashampoo
[30/04/2008|21:05] C:\Program Files\Astonsoft
[08/05/2008|12:53] C:\Program Files\Avanquest update
[29/09/2008|20:23] C:\Program Files\Avira
[21/11/2008|18:41] C:\Program Files\Azureus
[04/05/2008|04:26] C:\Program Files\Bonjour
[05/08/2008|04:30] C:\Program Files\Bradbury
[24/09/2008|00:44] C:\Program Files\BS.Player ControlBar
[20/11/2008|14:57] C:\Program Files\bwin
[30/04/2008|21:06] C:\Program Files\CCleaner
[19/05/2008|19:39] C:\Program Files\CD Recovery Toolbox Free
[23/11/2008|01:19] C:\Program Files\CD to MP3 Freeware
[23/11/2008|01:19] C:\Program Files\CDex_170b2
[30/04/2008|21:06] C:\Program Files\CDisplay
[23/11/2008|01:19] C:\Program Files\Clean Ram
[23/11/2008|01:19] C:\Program Files\Combined Community Codec Pack
[25/11/2008|01:37] C:\Program Files\Common Files
[26/11/2007|12:42] C:\Program Files\ComPlus Applications
[30/04/2008|21:06] C:\Program Files\DAEMON Tools Lite
[30/04/2008|21:06] C:\Program Files\Dell 720
[30/04/2008|21:06] C:\Program Files\DivX
[08/10/2008|17:38] C:\Program Files\Dragonred O2jam
[27/07/2008|18:22] C:\Program Files\Duplicate Cleaner
[23/11/2008|01:19] C:\Program Files\DVD Decrypter
[11/08/2008|23:01] C:\Program Files\EasyPHP 2.0b1
[23/11/2008|01:19] C:\Program Files\eChanblard
[30/04/2008|21:07] C:\Program Files\Elaborate Bytes
[08/09/2008|01:01] C:\Program Files\Electronic Arts
[25/11/2008|00:22] C:\Program Files\Enigma Software Group
[30/04/2008|21:07] C:\Program Files\Eraser
[04/05/2008|04:26] C:\Program Files\FarStone
[26/11/2008|03:42] C:\Program Files\Fichiers communs
[23/11/2008|01:19] C:\Program Files\FileZilla FTP Client
[08/11/2008|19:13] C:\Program Files\Final Fantasy VII Origin
[05/10/2008|01:57] C:\Program Files\Firaxis Games
[23/11/2008|01:19] C:\Program Files\FlashMute
[30/04/2008|21:25] C:\Program Files\foobar2000
[23/11/2008|01:19] C:\Program Files\FpTest
[10/05/2008|09:52] C:\Program Files\Free
[24/11/2008|00:17] C:\Program Files\Free Easy Burner
[02/10/2008|02:57] C:\Program Files\Free Multimedia Center
[02/10/2008|02:06] C:\Program Files\FreeEasyZap
[02/10/2008|02:50] C:\Program Files\FreeMultiPosteTV
[23/11/2008|01:19] C:\Program Files\Freeplayer
[02/10/2008|14:26] C:\Program Files\Fritivi
[21/10/2008|18:21] C:\Program Files\GigaTribe
[25/11/2008|01:09] C:\Program Files\gPotato.eu
[23/11/2008|01:19] C:\Program Files\GTK2-Runtime
[30/04/2008|21:31] C:\Program Files\Guitar Pro 5
[08/10/2008|17:17] C:\Program Files\Hamachi
[22/11/2008|13:31] C:\Program Files\Hitman Pro
[22/11/2008|13:33] C:\Program Files\Hitman Pro 3
[23/11/2008|01:19] C:\Program Files\HomePlayer
[30/04/2008|21:32] C:\Program Files\iColorFolder
[30/04/2008|21:32] C:\Program Files\IEAK6
[11/05/2008|11:26] C:\Program Files\Illustrate
[23/11/2008|01:19] C:\Program Files\InfraRecorder
[03/11/2008|16:06] C:\Program Files\InstallShield Installation Information
[08/05/2008|13:01] C:\Program Files\internet explorer
[06/06/2008|10:45] C:\Program Files\IrfanView
[10/08/2008|22:40] C:\Program Files\Java
[05/11/2008|02:05] C:\Program Files\Klavaro-1.1.7
[14/10/2008|21:18] C:\Program Files\K-Lite Codec Pack
[15/08/2008|18:45] C:\Program Files\Last.fm
[19/06/2008|11:22] C:\Program Files\Lavalys
[26/11/2008|03:42] C:\Program Files\Lavasoft
[30/04/2008|21:33] C:\Program Files\LClock
[23/11/2008|01:19] C:\Program Files\LD-Anime
[23/11/2008|21:06] C:\Program Files\Left4Dead
[04/10/2008|17:30] C:\Program Files\LG Electronics
[07/10/2008|22:57] C:\Program Files\LG PC Suite 2
[30/04/2008|21:33] C:\Program Files\Logitech
[16/07/2008|12:07] C:\Program Files\Lumines
[30/04/2008|21:34] C:\Program Files\Magic Karaoke Maker
[23/11/2008|01:19] C:\Program Files\MagicDisc
[23/11/2008|01:20] C:\Program Files\MagicISO
[30/04/2008|21:34] C:\Program Files\MAIET
[19/11/2008|01:16] C:\Program Files\Malwarebytes' Anti-Malware
[25/08/2008|14:24] C:\Program Files\Marvell
[23/11/2008|01:20] C:\Program Files\Maxthon
[23/11/2008|01:20] C:\Program Files\Maxthon2
[30/04/2008|21:35] C:\Program Files\Media Player Classic
[18/01/2008|00:10] C:\Program Files\Messenger
[26/11/2007|20:02] C:\Program Files\microsoft frontpage
[30/04/2008|21:35] C:\Program Files\Microsoft Office
[30/04/2008|21:39] C:\Program Files\Microsoft Visual Studio
[30/04/2008|21:39] C:\Program Files\Microsoft Works
[12/11/2008|20:28] C:\Program Files\mIRC
[23/11/2008|01:20] C:\Program Files\Monitor Calibration Wizard
[18/01/2008|12:42] C:\Program Files\Movie Maker
[30/04/2008|21:39] C:\Program Files\Movie Stream 1.3
[26/11/2008|14:33] C:\Program Files\Mozilla Firefox
[30/04/2008|21:39] C:\Program Files\MSBuild
[30/04/2008|21:39] C:\Program Files\MSN Gaming Zone
[30/04/2008|21:39] C:\Program Files\MSN Messenger
[30/04/2008|21:39] C:\Program Files\MSXML 4.0
[30/04/2008|21:39] C:\Program Files\MSXML 6.0
[02/10/2008|01:55] C:\Program Files\MyFreeTV
[26/11/2008|03:13] C:\Program Files\Navilog1
[18/01/2008|00:11] C:\Program Files\NetMeeting
[08/10/2008|17:15] C:\Program Files\O2AS
[19/05/2008|15:50] C:\Program Files\Ontrack
[08/10/2008|01:10] C:\Program Files\OpenAL
[10/08/2008|22:42] C:\Program Files\OpenOffice.org 2.4
[18/01/2008|12:42] C:\Program Files\Outlook Express
[30/04/2008|21:41] C:\Program Files\Padus
[25/08/2008|15:08] C:\Program Files\PC Drivers HeadQuarters
[30/04/2008|21:41] C:\Program Files\Piratrax
[12/11/2008|22:35] C:\Program Files\PKR
[20/10/2008|18:00] C:\Program Files\PlayOnline
[20/11/2008|18:29] C:\Program Files\PokerStars
[30/04/2008|21:41] C:\Program Files\Power IE
[23/11/2008|01:20] C:\Program Files\PowerISO
[08/05/2008|02:48] C:\Program Files\Praxisoft
[30/04/2008|21:41] C:\Program Files\QuickTime
[08/05/2008|13:03] C:\Program Files\QuickTime Alternative
[23/11/2008|01:20] C:\Program Files\RAM Idle LE
[30/04/2008|21:41] C:\Program Files\Raveille
[30/04/2008|21:41] C:\Program Files\Realtek AC97
[23/11/2008|01:20] C:\Program Files\Ref Hotkey
[13/11/2008|14:43] C:\Program Files\Search Settings
[08/10/2008|01:13] C:\Program Files\Seijinohki Soft
[30/04/2008|21:41] C:\Program Files\Services en ligne
[23/11/2008|01:20] C:\Program Files\SHOUTcast
[02/05/2008|00:18] C:\Program Files\Skype
[30/04/2008|21:41] C:\Program Files\SlySoft
[30/04/2008|21:41] C:\Program Files\Smart Projects
[08/05/2008|13:04] C:\Program Files\Sony Ericsson
[23/11/2008|01:20] C:\Program Files\SopCast
[23/11/2008|01:20] C:\Program Files\Soulseek
[23/11/2008|01:20] C:\Program Files\Soulseek-Test
[30/04/2008|21:41] C:\Program Files\Spybot - Search & Destroy
[28/05/2008|15:47] C:\Program Files\StepMania CVS
[23/11/2008|21:36] C:\Program Files\SystemRequirementsLab
[21/07/2008|12:33] C:\Program Files\Three Rings Design
[30/04/2008|23:46] C:\Program Files\Thrustmaster
[04/08/2008|22:33] C:\Program Files\ToMMTi-Systems
[04/11/2008|20:18] C:\Program Files\Trend Micro
[23/11/2008|01:20] C:\Program Files\TVRemi
[30/04/2008|23:46] C:\Program Files\UberIcon
[30/04/2008|23:47] C:\Program Files\Uninstall Information
[30/04/2008|23:47] C:\Program Files\Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter
[02/10/2008|03:04] C:\Program Files\VideoLAN
[12/10/2008|20:41] C:\Program Files\Virtual Dub
[24/09/2008|00:44] C:\Program Files\Webteh
[30/04/2008|23:49] C:\Program Files\Winamp
[30/04/2008|23:50] C:\Program Files\Winamp Remote
[27/07/2008|17:53] C:\Program Files\WinDirStat
[13/04/2008|18:32] C:\Program Files\Windows Media Player
[18/01/2008|00:10] C:\Program Files\Windows NT
[26/11/2007|12:44] C:\Program Files\WindowsUpdate
[30/04/2008|23:50] C:\Program Files\WinRAR
[23/11/2008|01:20] C:\Program Files\WorldOfGoo
[30/04/2008|23:50] C:\Program Files\xerox
[30/04/2008|23:50] C:\Program Files\Yahoo!
[30/04/2008|23:50] C:\Program Files\YzShadow
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[24/09/2008|13:01] C:\Program Files\Fichiers communs\Adobe
[30/04/2008|21:22] C:\Program Files\Fichiers communs\ArcSoft
[08/11/2008|19:12] C:\Program Files\Fichiers communs\Blizzard Entertainment
[30/04/2008|21:22] C:\Program Files\Fichiers communs\DESIGNER
[30/04/2008|21:22] C:\Program Files\Fichiers communs\DirectX
[30/04/2008|21:22] C:\Program Files\Fichiers communs\GTK
[30/04/2008|21:23] C:\Program Files\Fichiers communs\InstallShield
[30/04/2008|21:23] C:\Program Files\Fichiers communs\Java
[30/04/2008|21:23] C:\Program Files\Fichiers communs\LogiShrd
[30/04/2008|21:23] C:\Program Files\Fichiers communs\Logitech
[30/04/2008|21:23] C:\Program Files\Fichiers communs\Macrovision Shared
[30/04/2008|21:23] C:\Program Files\Fichiers communs\Microsoft Shared
[30/04/2008|21:24] C:\Program Files\Fichiers communs\MSSoap
[30/04/2008|21:24] C:\Program Files\Fichiers communs\Nero
[30/04/2008|21:25] C:\Program Files\Fichiers communs\ODBC
[20/10/2008|18:00] C:\Program Files\Fichiers communs\PlayOnline
[30/04/2008|21:25] C:\Program Files\Fichiers communs\Services
[02/05/2008|01:17] C:\Program Files\Fichiers communs\Skype
[30/04/2008|21:25] C:\Program Files\Fichiers communs\SpeechEngines
[30/04/2008|21:25] C:\Program Files\Fichiers communs\System
[30/04/2008|21:25] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[26/11/2008|03:42] C:\Program Files\Fichiers communs\Wise Installation Wizard
--------------------\\ Process
( 40 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\WOODYI~1\Cookies\woodyirish@advertising[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\WOODYI~1\Application Data\Azureus\torrents\Guitar_Hero_III_to_PC___No_CD_Crack.torrent
C:\DOCUME~1\WOODYI~1\Application Data\Azureus\torrents\Steam_Crack_Toolkit___December_2007__PDF_guide__SteamEmu_3_80__S[1].torrent
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit
C:\DOCUME~1\WOODYI~1\Mes documents\Ma musique\The Pixies\Death to the Pixies 1987-1991 Disc 2\14 Crackity Jones.wma
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\CS.RIN.RU - Steam Underground Forum Index.url
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\Steam cracking for dummies.pdf
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\SteamEmu380
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\SteamEmu380.rar
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\UnDeadPatch.3.30-SASiO.rar
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\UnDeadPatch330.exe
C:\DOCUME~1\WOODYI~1\Mes documents\SteamCrackToolkit\SteamCrackToolkit\SteamEmu380\steam.dll
[F:22][D:1]-> C:\DOCUME~1\WOODYI~1\LOCALS~1\Temp
[F:16][D:0]-> C:\DOCUME~1\WOODYI~1\Cookies
[F:7][D:4]-> C:\DOCUME~1\WOODYI~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 19/11/2008| 1:50 - Option : [2]
2 - "C:\Lop SD\LopR_2.txt" - 26/11/2008|15:34 - Option : [1]
--------------------\\ Fin du rapport a 15:34:12
-------------------------------------------------------------------------
Search Navipromo version 3.6.9 commencé le 26/11/2008 à 15:36:02,29
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Woodyirish"
Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Woodyirish\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Woodyirish\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Woodyirish\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Woodyirish\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\Woodyirish\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 26/11/2008 à 15:49:16,28 ***
--------------------------------------------------
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1410
Windows 5.1.2600 Service Pack 2
26/11/2008 15:54:53
mbam-log-2008-11-26 (15-54-53).txt
Type de recherche: Examen rapide
Eléments examinés: 53280
Temps écoulé: 4 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Documents and Settings\Woodyirish\Local Settings\Temp\bwhE6A.tmp (Backdoor.ProRat) -> Delete on reboot.
C:\WINDOWS\Temp\xba1.tmp (Backdoor.ProRat) -> Delete on reboot.
c:\WINDOWS\system32\jeniguju.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\misahavu.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmeb881c91 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\jeniguju.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\jeniguju.dll -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\misahavu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uvahasim.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Woodyirish\Local Settings\Temp\bwhE6A.tmp (Backdoor.ProRat) -> Delete on reboot.
C:\WINDOWS\Temp\xba1.tmp (Backdoor.ProRat) -> Delete on reboot.
c:\WINDOWS\system32\jeniguju.dll (Trojan.BHO) -> Delete on reboot.
-------------------------------------
Donc voilà, j'espère que vous avez assez d'infos pour me venir en aide. A tout de suite après le reboot.
Configuration: Windows XP Firefox 3.0.4
A voir également:
- Virus Remover 2008 + Rapports
- Pdf watermark remover - Télécharger - PDF
- Virus mcafee - Accueil - Piratage
- Watermark remover io - Accueil - Guide technologies
- Vanity remover - Télécharger - Nettoyage
- Kav remover - Télécharger - Antivirus & Antimalwares
4 réponses
A noter que la version proposée sur ton lien n'est pas la 2.378 comme indiqué en entête de page mais la 2.375... bizarre.
redemarre en mode sans echec comme ceci:
https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/
puis lance smitfraudfix et choisi l'option 2
et colle nous le rapport
puis
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/
puis lance smitfraudfix et choisi l'option 2
et colle nous le rapport
puis
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
SmitFraudFix v2.375
Rapport fait à 17:13:10,34, 26/11/2008
Executé à partir de C:\Documents and Settings\Woodyirish\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Documents and Settings\Woodyirish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Woodyirish\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Woodyirish
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WOODYI~1\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Woodyirish\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\WOODYI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\system32\\jeniguju.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Hamachi Network Interface
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BC0258EF-151F-4C1B-BFE8-B67C1D34B23C}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C19739F4-81E8-4A02-9380-5A3873C31C91}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BC0258EF-151F-4C1B-BFE8-B67C1D34B23C}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C19739F4-81E8-4A02-9380-5A3873C31C91}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{634798D8-74B3-468C-8D78-3158F92D34D5}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BC0258EF-151F-4C1B-BFE8-B67C1D34B23C}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C19739F4-81E8-4A02-9380-5A3873C31C91}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:51, on 26/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Documents and Settings\Woodyirish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {04c09d0e-b0a0-4c4b-a685-fd4a44abad6e} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [HitmanPro3] "C:\Program Files\Hitman Pro 3\hitmanpro3.exe" -autocheck
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Woodyirish\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user')
O4 - Startup: UberIcon.lnk = C:\Program Files\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\jeniguju.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe