Bonjour,
Comme tu me l'a demandé, voici les rapports Navipromo.txt, vundofix.txt et Hijackthis.
Navipromo.
Rapport Navipromo.bat 0.73 effectué le 05/06/2007 à 18:26:20,62
C:\Documents and Settings\thomas\Bureau\Navipromo073
-- Le programme n'est pas lancé en mode sans échec par conséquent les résultats seront probablement faussés
** Recherche...
Fin du rapport de recherche
Adware Navipromo non trouvé avec cette méthode
Engagement de la méthode Heuristique
Rapport Navipromo.bat 0.73 effectué le 05/06/2007 à 18:26:21,39
Le programme n'est pas lancé en mode sans échec par conséquent les résultats seront probablement faussés
## Suppression Heuristique
* Backups :
C:\Navipromo\Backups\Heuristic\fvlqujdg.exe
C:\Navipromo\Backups\Heuristic\heuwyrimnf.exe
C:\Navipromo\Backups\Heuristic\jpumfae.exe
C:\Navipromo\Backups\Heuristic\lxjsgprxkw.exe
C:\Navipromo\Backups\Heuristic\mutxsoaj.exe
C:\Navipromo\Backups\Heuristic\pnpfnncxw.exe
C:\Navipromo\Backups\Heuristic\qdrpztntn.exe
C:\Navipromo\Backups\Heuristic\rggrfevpfq.exe
C:\Navipromo\Backups\Heuristic\rvubwmsclq.exe
C:\Navipromo\Backups\Heuristic\wsxrncfvy.exe
C:\Navipromo\Backups\Heuristic\xvwarrs.exe
C:\Navipromo\Backups\Heuristic\yborax.exe
Ajout d'extension .off aux backups
Backups exe renommés avec succès
## Fin du rapport Heuristique
Vundofix
VundoFix V6.4.2
Checking Java version...
Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.
Scan started at 19:00:57 05/06/2007
Listing files found while scanning....
C:\WINDOWS\system32\bdlbaxxa.dll
C:\WINDOWS\system32\cshlwgml.ini
C:\WINDOWS\system32\eqcdjghu.dll
C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\hswsfaat.ini
C:\WINDOWS\system32\jdchmwcr.dll
C:\WINDOWS\system32\ljjkjkj.dll
C:\WINDOWS\system32\lmgwlhsc.dll
C:\WINDOWS\system32\ocohsomv.dll
C:\WINDOWS\system32\somymtpg.dll
C:\WINDOWS\system32\taafswsh.dll
C:\WINDOWS\system32\vhurmkic.dll
C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\ybeeg.bak2
C:\WINDOWS\system32\ybeeg.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\bdlbaxxa.dll
C:\WINDOWS\system32\bdlbaxxa.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cshlwgml.ini
C:\WINDOWS\system32\cshlwgml.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\eqcdjghu.dll
C:\WINDOWS\system32\eqcdjghu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\geeby.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hswsfaat.ini
C:\WINDOWS\system32\
VundoFix V6.4.2
Checking Java version...
Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.
Scan started at 19:41:55 08/06/2007
Listing files found while scanning....
C:\WINDOWS\system32\bdlbaxxa.dll
C:\WINDOWS\system32\eqcdjghu.dll
C:\WINDOWS\system32\hswsfaat.ini
C:\WINDOWS\system32\jdchmwcr.dll
C:\WINDOWS\system32\ljjkjkj.dll
C:\WINDOWS\system32\lmgwlhsc.dll
C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\ocohsomv.dll
C:\WINDOWS\system32\recarrnl.dll
C:\WINDOWS\system32\somymtpg.dll
C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\taafswsh.dll
C:\WINDOWS\system32\tedktqwg.dll
C:\WINDOWS\system32\vhurmkic.dll
C:\WINDOWS\system32\wlqgqhyx.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\hswsfaat.ini
C:\WINDOWS\system32\hswsfaat.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jdchmwcr.dll
C:\WINDOWS\system32\jdchmwcr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ljjkjkj.dll
C:\WINDOWS\system32\ljjkjkj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\lmgwlhsc.dll
C:\WINDOWS\system32\lmgwlhsc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\npqss.bak1
C:\WINDOWS\system32\npqss.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\npqss.bak2
C:\WINDOWS\system32\npqss.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\npqss.ini
C:\WINDOWS\system32\npqss.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ocohsomv.dll
C:\WINDOWS\system32\ocohsomv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\recarrnl.dll
C:\WINDOWS\system32\recarrnl.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\somymtpg.dll
C:\WINDOWS\system32\somymtpg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqpn.dll
C:\WINDOWS\system32\ssqpn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\taafswsh.dll
C:\WINDOWS\system32\taafswsh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tedktqwg.dll
C:\WINDOWS\system32\tedktqwg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vhurmkic.dll
C:\WINDOWS\system32\vhurmkic.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wlqgqhyx.dll
C:\WINDOWS\system32\wlqgqhyx.dll Has been deleted!
Performing Repairs to the registry.
Done!
HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 20:04:36, on 08/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Documents and Settings\thomas\ie_updater1.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\fond-ecran-wallpaper\few-oneclick.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://em.gad-network.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {18CD81FE-9CCB-4F49-8DB1-9FA2AE716444} - C:\WINDOWS\system32\wdrqyeww.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9536AC26-57EF-40E7-A1E8-37B0AAC508B8} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AAC8E1D9-2043-4A33-A85B-E98F4FE8B205} - C:\WINDOWS\system32\geeby.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\lqmsnkpb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Bytebuildface4] C:\Documents and Settings\All Users\Application Data\compreadmebytebuild\PROC STYLE.exe
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\taafswsh.dll",realset
O4 - HKLM\..\Run: [j3291035] rundll32 C:\WINDOWS\system32\j3291035.dll sook
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [size real] C:\DOCUME~1\thomas\APPLIC~1\IDLEFA~1\link bait.exe
O4 - Startup: BoontyBox Boonty.com.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Fond Ecran OneClick.lnk = C:\Program Files\fond-ecran-wallpaper\few-oneclick.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {1D6E056F-D1BB-40F6-88E4-11EE98056FD2} (Oberon ActiveX Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file://C:\Documents and Settings\thomas\Local Settings\Application Data\Oberon Media\Oberon Games Host\popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MSIEUpdater_1 (Microsoft IE Updater_1) - Unknown owner - C:\Documents and Settings\thomas\ie_updater1.exe
J'espère que la lisibilité du message est satisfaisante. Je suis à l'écoute de tes prochaines instructions.
En te remerciant énormément.
Koukouna
