Se connecter / S'enregistrer
Votre question

cheval de troie RESOLU

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Juillet 2007 15:36:19

bonjour à tous

Voilà, hier sur msn une amie m'envoie un lien, je clique et depuis j'ai que des problèmes. Msn envoie tout seul le même lien à tous mes contacts.

De plus, avast me détecte un cheval de troie, voir même plusieurs : win32:tiny-IF et win32:agent-JO.

et se rajoute à tout cela des pages intempestives de pub :fou: 

Voici ci dessous le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:13, on 28/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\RemoteControlService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\dllcache\mswan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
C:\Program Files\Atheros\ACU.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Corinne\LOCALS~1\Temp\Rar$EX00.125\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\obbhgssp.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?626a0b701243422b83c8917124408742
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?626a0b701243422b83c8917124408742
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: STS Secure Viewer - http://83.206.149.125:8080/pmasweb//tools/pviewersetup....
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActi...
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://france.fujifilmnet.com/MCLPhoto.CAB
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/FUploader/SpeedUploader.cab
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Genuine Update Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\mswan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9021 bytes

Autres pages sur : cheval troie resolu

28 Juillet 2007 15:39:31

Bonjour


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
28 Juillet 2007 16:07:24

Corinne" - 2007-07-28 15:46:43 - ComboFix 07-07-23.6 - Service Pack 2 FAT32


(((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\sibxeqog.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-28 )))))))))))))))))))


2007-07-28 15:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-28 12:54 69,184 --a------ C:\WINDOWS\system32\hbwrjxvt.dll
2007-07-28 12:45 126,016 --a------ C:\WINDOWS\system32\obbhgssp.dll
2007-07-28 12:39 724,079 ---hs---- C:\WINDOWS\system32\hjllm.bak2
2007-07-27 20:13 6,466 ---hs---- C:\WINDOWS\system32\hjllm.bak1
2007-07-27 20:13 228,960 --a------ C:\WINDOWS\system32\mlljh.dll
2007-07-27 20:08 31,254 --a------ C:\WINDOWS\system32\mljhigd.dll
2007-07-26 22:11 <REP> d-------- C:\DOCUME~1\Corinne\APPLIC~1\SecondLife
2007-07-26 18:50 705,315 --a------ C:\winbash.exe
2007-07-23 14:35 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-07-23 14:35 <REP> d-------- C:\Program Files\VISUAL PLANNING 4.3
2007-07-13 22:38 85,696 -ra------ C:\WINDOWS\system32\drivers\Z550obex.sys
2007-07-13 22:38 6,208 -ra------ C:\WINDOWS\system32\drivers\Z550cmnt.sys
2007-07-13 22:38 6,208 -ra------ C:\WINDOWS\system32\drivers\Z550cm.sys
2007-07-13 22:33 60,800 -ra------ C:\WINDOWS\system32\drivers\Z550bus.sys
2007-07-13 22:33 5,840 -ra------ C:\WINDOWS\system32\drivers\Z550whnt.sys
2007-07-13 22:33 5,840 -ra------ C:\WINDOWS\system32\drivers\Z550wh.sys
2007-07-13 22:31 <REP> d-------- C:\Program Files\Disc2Phone
2007-07-13 22:22 <REP> d-------- C:\WINDOWS\system32\URTTemp
2007-07-02 20:01 <REP> d--hs---- C:\FOUND.003


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))

2007-07-13 20:25:48 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-13 20:25:48 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-06 18:36:06 -------- d-----w C:\Program Files\Crésus 3.1
2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr


((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))
)))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72BE8679-EAED-470A-BA24-CA80CFA9B75F}]
2007-07-27 20:08 31254 --a------ C:\WINDOWS\system32\mljhigd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{848767DE-73A6-4D53-8BE8-2B6102AA71BA}]
2007-07-27 20:13 228960 --a------ C:\WINDOWS\system32\mlljh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
2007-07-28 12:54 69184 --a------ C:\WINDOWS\system32\hbwrjxvt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-04-27 06:48 C:\WINDOWS\system32\nwiz.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe"
[2005-01-07 17:07
C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 09:52 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 14:43 C:\WINDOWS\Alcmtr.exe]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 10:38]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17
17:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 10:26]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 10:28]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 18:01]
"PowerForPhone"="C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe" [2006-01-25
10:03]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2006-08-07 19:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12
04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-14 09:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
[2007-01-26 17:51]

C:\Documents and Settings\Corinne\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
[2006-11-27
16:45:48]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2004-12-14
04:44:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{72BE8679-EAED-470A-BA24-CA80CFA9B75F}"= C:\WINDOWS\system32\mljhigd.dll
[2007-07-27 20:08 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhigd]
mljhigd.dll 2007-07-27 20:08 31254 C:\WINDOWS\system32\mljhigd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljh]
C:\WINDOWS\system32\mlljh.dll 2007-07-27 20:13 228960 C:\WINDOWS\system32\mlljh.dll

R1 AmdK8;Pilote de processeur AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Service de planification Media Center;C:\WINDOWS\eHome\ehSched.exe
R2 ITECIRService;ITE Remote Control Service;C:\WINDOWS\system32\RemoteControlService.exe
R2 Microsoft Genuine Update Advantage;Microsoft Genuine Update Advantage;
"C:\WINDOWS\system32\dllcache\mswan.exe"
R3 Cam5603D;BisonCam, NB Pro;C:\WINDOWS\system32\Drivers\BisonCam.sys
R3 HSF_DPV;HSF_DPV;C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
R3 HSFHWAZL;HSFHWAZL;C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
R3 irsir;Pilote s‚rie infrarouge Microsoft;C:\WINDOWS\system32\DRIVERS\irsir.sys
R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys
R3 MTsensor;ATK0100 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
R3 rimmptsk;rimmptsk;C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
R3 rimsptsk;rimsptsk;C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
R3 rismxdp;Ricoh xD-Picture Card Driver;C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;
C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\ATK0100\ASNDIS5.SYS
S3 dot4;Pilote MS IEEE-1284.4;C:\WINDOWS\system32\DRIVERS\Dot4.sys
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4;
C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
S3 Dot4Scan;Pilote de classe Scanneur pour IEEE-1284.4;
C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
S3 dot4usb;Filtre Dot4USB Dot4USB Filter;C:\WINDOWS\system32\DRIVERS\dot4usb.sys
S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio;
C:\WINDOWS\system32\drivers\HdAudio.sys
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;Pilote MHN;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 sffdisk;Pilote de classe de stockage SFF;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
S3 Z550bus;Sony Ericsson Z550 driver (WDM);C:\WINDOWS\system32\DRIVERS\Z550bus.sys
S3 Z550obex;Sony Ericsson Z550 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\Z550obex.sys


Contents of the 'Scheduled Tasks' folder
2007-07-28 12:12:06 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows
Live Toolbar.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-07-28 15:52:13
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-28 15:55:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-28 15:55
Contenus similaires
28 Juillet 2007 16:19:12

Scan saved at 16:15:55, on 28/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\RemoteControlService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\dllcache\mswan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
C:\Program Files\Atheros\ACU.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
c:\winbash.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\3MP9PGLP\HiJackThis_v2[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72BE8679-EAED-470A-BA24-CA80CFA9B75F} - C:\WINDOWS\system32\mljhigd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {848767DE-73A6-4D53-8BE8-2B6102AA71BA} - C:\WINDOWS\system32\mlljh.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\hbwrjxvt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?626a0b701243422b83c8917124408742
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?626a0b701243422b83c8917124408742
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: STS Secure Viewer - http://83.206.149.125:8080/pmasweb//tools/pviewersetup....
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActi...
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://france.fujifilmnet.com/MCLPhoto.CAB
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/FUploader/SpeedUploader.cab
O20 - Winlogon Notify: mljhigd - C:\WINDOWS\SYSTEM32\mljhigd.dll
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Microsoft Genuine Update Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\mswan.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 11050 bytes
28 Juillet 2007 16:28:59

Re


Relance un scan HijackThis et coche les lignes ci-dessous :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {72BE8679-EAED-470A-BA24-CA80CFA9B75F} - C:\WINDOWS\system32\mljhigd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {848767DE-73A6-4D53-8BE8-2B6102AA71BA} - C:\WINDOWS\system32\mlljh.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\hbwrjxvt.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - Winlogon Notify: mljhigd - C:\WINDOWS\SYSTEM32\mljhigd.dll
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll
O23 - Service: Microsoft Genuine Update Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\mswan.exe

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

C:\WINDOWS\system32\hbwrjxvt.dll
C:\WINDOWS\system32\obbhgssp.dll
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.bak1
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mljhigd.dll
C:\winbash.exe
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\dllcache\mswan.exe


Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\_OTMoveIt\MovedFiles avec un nouveau Hijackthis.
28 Juillet 2007 20:21:59

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:19:53, on 28/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\RemoteControlService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
C:\Program Files\Atheros\ACU.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Corinne\Mes documents\Mes logiciels\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {72BE8679-EAED-470A-BA24-CA80CFA9B75F} - C:\WINDOWS\system32\mljhigd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BC9BDC34-AF13-41AB-ADBF-433A7FF9DA91} - C:\WINDOWS\system32\mlljh.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?626a0b701243422b83c8917124408742
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?626a0b701243422b83c8917124408742
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: STS Secure Viewer - http://83.206.149.125:8080/pmasweb//tools/pviewersetup....
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActi...
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://france.fujifilmnet.com/MCLPhoto.CAB
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/FUploader/SpeedUploader.cab
O20 - Winlogon Notify: mljhigd - C:\WINDOWS\SYSTEM32\mljhigd.dll
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

désolé, je me suis précipitée et j'ai zappé le rapport OTMoveIt!!

En tout cas ca va déjà beaucoup mieux, msn ne travaille plus tout seul, encore quelques pubs,
28 Juillet 2007 21:26:58

Il y a encore des signes d'infection.

Tu as peut être zappé le rapport d'OTMoveIt, mais je voudrais le voir.

Il est sauvegardé automatiquement ici
C:\_OTMoveIt\MovedFiles
28 Juillet 2007 21:45:09

C:\_OTMoveIt\MovedFiles\WINDOWS\system32\dllcache moved successfully.
C:\_OTMoveIt\MovedFiles\WINDOWS\system32 moved successfully.
C:\_OTMoveIt\MovedFiles\WINDOWS moved successfully.
Folder cleanup failed. C:\_OTMoveIt\MovedFiles scheduled to be deleted on reboot.

est ce que ça peut être ça, autrement dis moi comment aller le chercher?
28 Juillet 2007 21:59:19

Il s'agit d'un fichier texte ressemblnt à ceci
07282007_215623.log


Je ne pense pas que tu ais bien fait la manip avec OTMoveIt.
Recommence.
28 Juillet 2007 23:21:12

alors comment faire la manip correctement?
29 Juillet 2007 10:58:38

ah y est j'ai trouvé :
mais j'en ai deux!!! les voici :
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hbwrjxvt.dll
C:\WINDOWS\system32\hbwrjxvt.dll NOT unregistered.
C:\WINDOWS\system32\hbwrjxvt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\obbhgssp.dll
C:\WINDOWS\system32\obbhgssp.dll NOT unregistered.
C:\WINDOWS\system32\obbhgssp.dll moved successfully.
C:\WINDOWS\system32\hjllm.bak2 moved successfully.
C:\WINDOWS\system32\hjllm.bak1 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\mlljh.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mljhigd.dll
C:\WINDOWS\system32\mljhigd.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\mljhigd.dll scheduled to be moved on reboot.
C:\winbash.exe moved successfully.
C:\WINDOWS\iun6002.exe moved successfully.
C:\WINDOWS\system32\dllcache\mswan.exe moved successfully.
File/Folder not found.

et l'autre :
File/Folder C:\WINDOWS\system32\hbwrjxvt.dll not found.
File/Folder C:\WINDOWS\system32\obbhgssp.dll not found.
File/Folder C:\WINDOWS\system32\hjllm.bak2 not found.
File/Folder C:\WINDOWS\system32\hjllm.bak1 not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\mlljh.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mljhigd.dll
C:\WINDOWS\system32\mljhigd.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\mljhigd.dll scheduled to be moved on reboot.
File/Folder C:\winbash.exe not found.
File/Folder C:\WINDOWS\iun6002.exe not found.
File/Folder C:\WINDOWS\system32\dllcache\mswan.exe not found.
File/Folder not found.

Created on 07/28/2007 20:18:57


29 Juillet 2007 11:48:04

C'est mieux.

Est ce que le PC a redémarré ?


Poste un nouveaux Hijackthis.
29 Juillet 2007 20:17:29

Bonjour,

Voici le rapport de Combofix.
Si qqun peut m'aider à le comprendre

"Richard" - 2007-07-29 20:09:32 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))


2007-07-29 20:09 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-29 16:20 705,315 --a------ C:\winbash.exe
2007-07-28 11:27 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2007-07-27 18:13 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\SecretsOfOlympus
2007-07-24 17:31 <REP> d-------- D:\DOCUME~1\NANOU~1.PC_\Saved Games
2007-07-24 17:30 <REP> d-------- D:\DOCUME~1\NANOU~1.PC_\APPLIC~1\iWin
2007-07-21 20:10 <REP> d--h----- C:\WINDOWS\PIF
2007-07-21 18:28 <REP> d-------- C:\Program Files\iTunes
2007-07-21 18:28 <REP> d-------- C:\Program Files\iPod
2007-07-21 18:27 <REP> d-------- C:\Program Files\QuickTime
2007-07-21 18:25 <REP> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-21 18:25 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-07-21 08:24 <REP> d-------- C:\Program Files\Lavalys
2007-07-18 19:29 381,012 --a------ C:\Program Files\Uninstall Fun Web Products.dll
2007-07-18 19:26 <REP> d-------- C:\Program Files\CCleaner
2007-07-16 19:59 <REP> d-------- C:\Program Files\Everest Poker
2007-07-14 16:49 <REP> d-------- C:\Program Files\Player Tool
2007-07-14 16:19 99,134 --a------ C:\WINDOWS\system32\VB5DE.DLL
2007-07-14 16:19 96,256 --a------ C:\WINDOWS\system32\VB5FR.DLL
2007-07-14 16:19 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-07-14 16:19 722,192 --a------ C:\WINDOWS\system32\VB40032.DLL
2007-07-14 16:19 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-07-14 16:19 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2007-07-14 16:19 582,144 --a------ C:\WINDOWS\system32\dao350.dll
2007-07-14 16:19 36,864 --a------ C:\WINDOWS\system32\msjter35.dll
2007-07-14 16:19 149,776 --a------ C:\WINDOWS\system32\msjint35.dll
2007-07-14 16:19 125,712 --a------ C:\WINDOWS\system32\VB6DE.DLL
2007-07-14 16:19 110,592 --a------ C:\WINDOWS\system32\xls.dll
2007-07-14 16:19 1,056,768 --a------ C:\WINDOWS\system32\msjet35.dll
2007-07-14 16:16 <REP> d-------- C:\Program Files\Micro Application
2007-07-13 19:41 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-07-10 20:01 <REP> d-------- D:\DOCUME~1\Richard\FreeGo
2007-07-10 20:01 <REP> d-------- C:\Program Files\WinPcap
2007-07-10 20:01 <REP> d-------- C:\Program Files\FreeGo
2007-07-01 10:31 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-07-01 10:31 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-01 10:31 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-01 10:31 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-01 10:31 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-01 10:31 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-29 16:54:28 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-07-29 15:38:41 -------- d-----w C:\Program Files\Piolet
2007-07-27 22:07:21 783,224 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-07-27 22:02:49 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-27 22:02:34 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-27 22:00:39 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 21:59:57 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 21:58:36 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 21:57:49 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-07-27 11:20:57 -------- d-----w D:\DOCUME~1\Richard\APPLIC~1\uTorrent
2007-07-25 19:18:25 -------- d-----w C:\Program Files\adslTV
2007-07-23 18:28:57 -------- d-----w C:\Program Files\eMule
2007-07-21 16:26:08 -------- d-----w C:\Program Files\Apple Software Update
2007-07-18 17:29:20 -------- d-----w C:\Program Files\MSN Messenger
2007-07-14 14:16:51 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-11 17:04:57 83,286 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-11 17:04:57 504,910 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-30 07:46:36 -------- d-----w C:\Program Files\CVitae
2007-06-27 17:40:57 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-20 08:59:34 -------- d-----w C:\Program Files\Fichiers communs\FotoWire
2007-06-15 17:46:30 4,848 ----a-w C:\WINDOWS\mozver.dat
2007-06-11 09:51:55 -------- d-----w C:\Program Files\DivX
2007-06-08 11:14:21 -------- d-----w C:\Program Files\TomTom HOME
2007-06-05 18:32:46 -------- d-----w D:\DOCUME~1\Richard\APPLIC~1\vlc
2007-06-05 15:35:03 -------- d-----w C:\Program Files\MozBackup 1.4
2007-06-02 20:07:11 -------- d--h--r D:\DOCUME~1\Richard\APPLIC~1\SecuROM
2007-06-02 20:04:36 -------- d-----w C:\Program Files\TomTom DesktopSuite
2007-06-01 18:15:36 -------- d-----w D:\DOCUME~1\Richard\APPLIC~1\Canon
2007-05-31 19:12:36 -------- d-----w C:\Program Files\Nobilis
2007-05-31 19:07:58 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-05-31 19:07:58 165,376 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-27 09:30:55 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-05-25 13:12:51 184,320 ----a-w C:\WINDOWS\system32\miccyhook.dll
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-08-25 15:51:14 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-05 12:00:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-05 12:00:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-05 12:00:00 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-05 12:00:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-05 12:00:00 253,952 --sha-w C:\WINDOWS\system32\msvcrt20.dll
2004-08-05 12:00:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 C:\WINDOWS\SOUNDMAN.EXE]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 16:41]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-13 00:12]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 16:52]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-30 18:06]
"nwiz"="nwiz.exe" [2006-11-17 17:29 C:\WINDOWS\system32\nwiz.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]

D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

R0 agpCPQ;Filtre de bus AGP Compaq;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
R0 imagedrv;imagedrv;C:\WINDOWS\system32\Drivers\imagedrv.sys
R0 imagesrv;imagesrv;C:\WINDOWS\system32\DRIVERS\imagesrv.sys
R1 AFS2K;AFS2k;C:\WINDOWS\system32\drivers\AFS2K.sys
R1 AmdK8;Pilote de processeur AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 mnmdd;mnmdd;C:\WINDOWS\system32\drivers\mnmdd.sys
R1 Npfs;Npfs;C:\WINDOWS\system32\drivers\Npfs.sys
R2 atksgt;atksgt;C:\WINDOWS\system32\DRIVERS\atksgt.sys
R2 lanmanserver;Serveur;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 lanmanworkstation;Station de travail;C:\WINDOWS\system32\svchost.exe -k netsvcs
R2 lirsgt;lirsgt;C:\WINDOWS\system32\DRIVERS\lirsgt.sys
R2 Microsoft Genuine Update Advantage;Microsoft Genuine Update Advantage;"C:\WINDOWS\system32\dllcache\mswan.exe"
R2 winmgmt;Infrastructure de gestion Windows;C:\WINDOWS\system32\svchost.exe -k netsvcs
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 P1110VID;Creative WebCam NX;C:\WINDOWS\system32\DRIVERS\P1110VID.sys
R3 Point32;Microsoft IntelliPoint Filter Driver;C:\WINDOWS\system32\DRIVERS\point32.sys
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
R3 wdmaud;Pilote WINMM de compatibilit‚ audio WDM Microsoft;C:\WINDOWS\system32\drivers\wdmaud.sys
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
S3 61883;Pilote d'unit‚ 61883;C:\WINDOWS\system32\DRIVERS\61883.sys
S3 Avc;P‚riph‚rique AVC;C:\WINDOWS\system32\DRIVERS\avc.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 mnmsrvc;Partage de Bureau … distance NetMeeting;C:\WINDOWS\system32\mnmsrvc.exe
S3 MPE;Filtre BDA MPE;C:\WINDOWS\system32\DRIVERS\MPE.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 nm;Pilote du Moniteur r‚seau;C:\WINDOWS\system32\DRIVERS\NMnt.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys
S3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


Contents of the 'Scheduled Tasks' folder
2007-07-24 12:13:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-29 13:41:05 C:\WINDOWS\tasks\HP Usg Daily.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-29 20:13:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xf9\x2022\xd1w\2]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\Registered"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"

Completion time: 2007-07-29 20:14:15
C:\ComboFix-quarantined-files.txt ... 2007-07-29 20:13

--- E O F ---
29 Juillet 2007 20:24:55

Re-bonjour,

Voici le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:23:10, on 29/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\dllcache\mswan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\winbash.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
D:\DWL\Soft\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://nanouetrichard.spaces.live.com//PhotoUpload/MsnP...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Genuine Update Advantage - Unknown owner - C:\WINDOWS\system32\dllcache\mswan.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 11728 bytes
29 Juillet 2007 21:55:26

ricardo276

Il faut créer ton propre sujet.


30 Juillet 2007 10:21:14

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:12:52, on 30/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
C:\Program Files\Atheros\ACU.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\RemoteControlService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Corinne\Mes documents\Mes logiciels\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {72BE8679-EAED-470A-BA24-CA80CFA9B75F} - C:\WINDOWS\system32\mljhigd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7B27F710-EC32-4E72-B0A7-1D5824AD8921} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?626a0b701243422b83c8917124408742
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?626a0b701243422b83c8917124408742
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: STS Secure Viewer - http://83.206.149.125:8080/pmasweb//tools/pviewersetup....
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActi...
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://france.fujifilmnet.com/MCLPhoto.CAB
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/FUploader/SpeedUploader.cab
O20 - Winlogon Notify: mljhigd - mljhigd.dll (file missing)
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

voici le rapport de ce matin d'hijackthis.

Par contre depuis ce matin, c'est la cata, avast me déclanche des alertes toutes les deux minutes pour cheval de troie et adaware. Et quand je veux mettre en quarantaire comme c'est conseillé j'ai un message qui dit : le processus ne peut pas acceder au fichier car ce fichier est utilisé par un autre processus.
30 Juillet 2007 11:41:08

Bonjour


Relance un scan HijackThis et coche les lignes ci-dessous :

O2 - BHO: (no name) - {72BE8679-EAED-470A-BA24-CA80CFA9B75F} - C:\WINDOWS\system32\mljhigd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7B27F710-EC32-4E72-B0A7-1D5824AD8921} - C:\WINDOWS\system32\mlljh.dll (file missing)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O20 - Winlogon Notify: mljhigd - mljhigd.dll (file missing)
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

Supprime ceci
C:\_OTMoveIt
C:\Qoobox

Vide la corbeille.

Tu auras probablement moins d'alertes.

Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.
Aide toi de ce lien
http://www.infos-du-net.com/forum/267224-11-scan-ligne-...

30 Juillet 2007 14:45:42

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, July 30, 2007 2:44:43 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 30/07/2007
Enregistrements dans la base antivirus Kaspersky : 346834
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\
E:\

Statistiques de l'analyse:
Total d'objets analysés: 42178
Nombre de virus trouvés: 4
Nombre d'objets infectés: 17 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 00:48:51

Nom de l'objet infecté / Nom du virus / Dernière action
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SPL L'objet est verrouillé ignoré
C:\WINDOWS\system32\spool\PRINTERS\FP00000.SHD L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\mljhigd.dll L'objet est verrouillé ignoré
C:\WINDOWS\system32\mlljh.dll L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_760.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{86407E07-766D-4634-83DB-91285023CE70}.crmlog L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\ModemLog_HDAUDIO Soft Spkerphone Modem with SmartSP.txt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\setup[1].exe Infecté : Trojan.Win32.Autoit.ar ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\setup[2].exe Infecté : Trojan.Win32.Autoit.ar ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Corinne\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Corinne\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Corinne\Local Settings\Temp\rkquxptg.exe L'objet est verrouillé ignoré
C:\Documents and Settings\Corinne\Local Settings\Temp\kldxoity.dll L'objet est verrouillé ignoré
C:\Documents and Settings\Corinne\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\kcehc_eicooc20070702[1] Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\adfcook[1] Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\masiyxanidi[1] Infecté : Trojan-Dropper.Win32.Agent.bmk ignoré
C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Corinne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Corinne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Corinne\Local Settings\Application Data\Shareaza\Incomplete\sha1_3EOBQFNNZ43MU6ERPX32KLF54WJTB56R.partial L'objet est verrouillé ignoré
C:\Documents and Settings\Corinne\Local Settings\Application Data\Shareaza\Incomplete\sha1_OEF34KTJTH27JVWHI6YM4E6UPT4HHWUZ.partial L'objet est verrouillé ignoré
C:\Documents and Settings\Corinne\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Corinne\Application Data\Shareaza\Data\TigerTree.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP188\A0026798.exe Infecté : Trojan.Win32.Autoit.ar ignoré
C:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP188\A0026812.exe Infecté : Trojan.Win32.Autoit.ar ignoré
C:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP189\A0026829.exe Infecté : Trojan.Win32.Autoit.ar ignoré
C:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP189\A0026839.exe Infecté : Trojan.Win32.Autoit.ar ignoré
C:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP189\A0026851.exe Infecté : Trojan.Win32.Autoit.ar ignoré
C:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP189\A0026874.exe Infecté : Trojan.Win32.Autoit.ar ignoré
C:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP189\A0026957.exe Infecté : Trojan.Win32.Autoit.ar ignoré
C:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP189\A0026961.exe Infecté : Trojan-Downloader.Win32.Tiny.id ignoré
C:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP189\A0026972.exe Infecté : Trojan.Win32.Autoit.ar ignoré
C:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP189\A0027040.exe Infecté : Trojan.Win32.Autoit.ar ignoré
C:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP191\change.log L'objet est verrouillé ignoré
C:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP191\A0027192.exe Infecté : Trojan.Win32.Autoit.ar ignoré
C:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP191\A0027196.exe Infecté : Backdoor.Win32.VanBot.dk ignoré
D:\System Volume Information\_restore{183AA382-287F-4764-B1D2-6B6F29999623}\RP191\change.log L'objet est verrouillé ignoré

Analyse terminée.
30 Juillet 2007 23:02:09

Re


Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

C:\WINDOWS\system32\mljhigd.dll
C:\WINDOWS\system32\mlljh.dll
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN
C:\Documents and Settings\Corinne\Local Settings\Temp\rkquxptg.exe
C:\Documents and Settings\Corinne\Local Settings\Temp\kldxoity.dll
C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43
C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I


Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\_OTMoveIt\MovedFiles
31 Juillet 2007 00:16:16

ed for C:\Documents and Settings\Corinne\Local Settings\Temp\kldxoity.dll
C:\Documents and Settings\Corinne\Local Settings\Temp\kldxoity.dll NOT unregistered.
File move failed. C:\Documents and Settings\Corinne\Local Settings\Temp\kldxoity.dll scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\CAAAG9ZR scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\ads[3] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\ads[2] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\ads[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\CANWLRUC scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\vis;sz=1x1;ord=9093052351438682[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\vis;sz=1x1;ord=8810703152037231[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\ErrorPageTemplate[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\;bp=OK;var1=;var2=2;var3=74970;var4=;tile=1;sz=300x250;ord=1616741439369740[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\ads[9] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\left_disabled[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\4a4bf6c494be3cc51bdadeec375ea31a[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\1825687340@Middle[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\ads[8] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\adfcook[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\kcehc_eicooc20070702[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\;var1=;var2=2;var3=74970;var4=;sz=1x1;ord=7001106927647551[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\ads[7] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\ads[6] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\;var1=;var2=2;var3=74970;var4=;sz=1x1;ord=4027815962828629[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\vis;sz=1x1;ord=2532980000475035[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\;var1=;var2=2;var3=74970;var4=;sz=1x1;ord=831053453890927[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\rightmost[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\portrait_disabled[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\resize_horizontal[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\headerimg[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\divider[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\;bp=OK;var1=;var2=2;var3=74970;var4=;tile=1;sz=300x250;ord=7317937736074502[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\ads[5] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\ads[4] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\CA0TJUK4 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\CA8TJZLD scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43\CA8G8049 scheduled to be moved on reboot.
Folder cleanup failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\E4KMHH43 scheduled to be deleted on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ads[4] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ads[3] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ads[2] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ads[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\;var1=;var2=2;var3=74970;var4=;sz=1x1;ord=5872722537031252[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\af4643cd3edebe63547a73fb8901007b[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\vis;sz=1x1;ord=4837423270162334[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\AQSAZAECALT1U3LCA656AGYCAKTCO81CA6D42TYCAYAFKX7CA3NDGRVCAPBZZLXCAYDB8X9CA3YNPC9CA1JJHCICA0X1NVYCAQT6IRGCAZNT7KYCAZYJ0XDCA3PJ9VDCADJMPQDCAQ56RRBCAOQETL2CAIJR906 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\preview[2] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\AVIXJYSCA8GTSJBCAIR92EACAPCX5TZCA5SODOUCA71SYWICAOESS70CALM47GKCAME3L73CAVE1VLQCAIJINS3CAQCQWUGCACG72WECAF854RCCAWRX3SHCAHK4BEZCADS9WV3CAF0K6MZCA5Z7I6JCAAWZC3P scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\masiyxanidi[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\A4LJ6U9CANF2U2DCA7A4F2NCAMXHAE0CAYZAWUWCA4FZ1T7CAC0EZ67CA3RC8UJCA5R4AEVCARF8U12CA2SFQ6GCA7SF2E2CAAXQVCUCA3QXSCGCAOD3AKJCA82HZBKCA9U40JHCA85Q15RCASRO0I4CA8V5VFE scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\_affvm[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ABQVEJQCAUV5OTJCAF2GM4ZCAQNISLVCA1M8QOQCA88FBDBCAD8AQCJCAHQNWUHCAGWF02NCA02I7HGCALM51GYCAX05ROSCASFCERSCA97B21PCA4REQDCCAZ26915CAOQYFM2CAJ7NKEACAFDVJMNCA1UITNR scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\vis;sz=1x1;ord=5896430078906162[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ARYST03CAH98SO0CA93XTHYCA9MHBT3CAGZ530SCAFH6M8ECAIIO2ZUCA9M50VBCAG3MOWSCANHJQYBCALA1OLDCANZ058OCAQBY2IGCAKQKTKPCAO8AEHICAPEWNDKCA1U5173CASJHBXRCAKOD4SZCAT63STO scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\AIGV7SOCA2BQEAVCAJ38DW1CANR9NFTCAXSKEF5CAAD6784CAY57S04CACQFE82CANFCU0LCA963F9TCAB2I63UCAJ2T232CA0JLRZCCATS76MBCAGE8SB9CACHWSKMCA7K7B5BCAUSCKA5CAYUFMLACAEO6T52 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\A1KOG65CAQLCEVNCA6GQWL2CAYFKJAKCA8E7HBMCAIX5O4QCAUCBAWOCAG6WCG8CA601CYJCASDVSS3CA0YMUD1CAQ0DZNJCAV39YSSCAYXCMNRCAJHMYBDCANP316RCA9HGWM7CASA5JR5CAGFCLSSCAMD7QH0 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\info_48[2] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\bullet[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\dnserror[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\left[2] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\tb_back[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\rightmost_disabled[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\zoompage[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\right[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\A28GHQICAURT8IVCAF1VKZ0CAREON0ACAW9UF83CAKCBDDLCACNMS66CACAEDPECA8HB6RTCA5CXOINCAPNZ3K5CARVDSVDCAE4M72DCASDM0UPCAW1LH91CAB4A5B5CAJZ2LQYCA17DXTKCAXG36GACAX4J6DH scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\CAPFSZR5 scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\getseal[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\CAJ1EHRT scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\landscape[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\vis;sz=1x1;ord=3914347006162052[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ads[11] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ads[9] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\CA4AS92Z scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ads[10] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ads[8] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ads[7] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\CALIIQ5V scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ads scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\printimg[1] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ads[6] scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I\ads[5] scheduled to be moved on reboot.
C:\Documents and Settings\Corinne\Local Settings\Temporary Internet Files\Content.IE5\PU096E1I moved successfully.

Created on 07/31/2007 00:09:48
31 Juillet 2007 16:10:15

Bien, as tu encore des dysfonctionnements ?
31 Juillet 2007 23:10:09

oh que oui, encore des alertes cheval de troie et adaware!!!!je désespère.....
31 Juillet 2007 23:36:41

Quelle est la localisation de ces alertes ?
1 Août 2007 09:45:23

alors ce matin des alertes mais que des adawares, pas de cheval de troie.

localisation en exemple : c:\WINDOWS\system32\mlljh.dll
1 Août 2007 11:25:38

On recommence avec Combofix.

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
1 Août 2007 15:52:33

"Corinne" - 2007-08-01 15:47:24 - ComboFix 07-07-23.6 - Service Pack 2 FAT32


((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))


2007-07-30 13:26 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-07-30 10:05 729,785 ---hs---- C:\WINDOWS\system32\hjllm.bak2
2007-07-28 15:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-26 22:11 <REP> d-------- C:\DOCUME~1\Corinne\APPLIC~1\SecondLife
2007-07-23 14:35 <REP> d-------- C:\Program Files\VISUAL PLANNING 4.3
2007-07-13 22:38 85,696 -ra------ C:\WINDOWS\system32\drivers\Z550obex.sys
2007-07-13 22:38 6,208 -ra------ C:\WINDOWS\system32\drivers\Z550cmnt.sys
2007-07-13 22:38 6,208 -ra------ C:\WINDOWS\system32\drivers\Z550cm.sys
2007-07-13 22:33 60,800 -ra------ C:\WINDOWS\system32\drivers\Z550bus.sys
2007-07-13 22:33 5,840 -ra------ C:\WINDOWS\system32\drivers\Z550whnt.sys
2007-07-13 22:33 5,840 -ra------ C:\WINDOWS\system32\drivers\Z550wh.sys
2007-07-13 22:31 <REP> d-------- C:\Program Files\Disc2Phone
2007-07-13 22:22 <REP> d-------- C:\WINDOWS\system32\URTTemp
2007-07-02 20:01 <REP> d--hs---- C:\FOUND.003


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-13 20:25:48 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-07-13 20:25:48 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-06 18:36:06 -------- d-----w C:\Program Files\Crésus 3.1
2007-05-16 15:13:54 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CA8B9CC-138C-40FA-91FE-CA22A2E4CA9B}]
C:\WINDOWS\system32\mlljh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72BE8679-EAED-470A-BA24-CA80CFA9B75F}]
C:\WINDOWS\system32\mljhigd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-04-27 06:48 C:\WINDOWS\system32\nwiz.exe]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 09:52 C:\WINDOWS\RTHDCPL.exe]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 10:38]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 10:26]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 10:28]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 18:01]
"PowerForPhone"="C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe" [2006-01-25 10:03]
"ACU"="C:\Program Files\Atheros\ACU.exe" [2006-08-07 19:15]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-26 17:51]

C:\Documents and Settings\Corinne\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{72BE8679-EAED-470A-BA24-CA80CFA9B75F}"= C:\WINDOWS\system32\mljhigd.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhigd]
mljhigd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljh]
C:\WINDOWS\system32\mlljh.dll

R1 AmdK8;Pilote de processeur AMD;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Service de planification Media Center;C:\WINDOWS\eHome\ehSched.exe
R2 ITECIRService;ITE Remote Control Service;C:\WINDOWS\system32\RemoteControlService.exe
R3 Cam5603D;BisonCam, NB Pro;C:\WINDOWS\system32\Drivers\BisonCam.sys
R3 HSF_DPV;HSF_DPV;C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
R3 HSFHWAZL;HSFHWAZL;C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
R3 irsir;Pilote s‚rie infrarouge Microsoft;C:\WINDOWS\system32\DRIVERS\irsir.sys
R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys
R3 MTsensor;ATK0100 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
R3 rimmptsk;rimmptsk;C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
R3 rimsptsk;rimsptsk;C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
R3 rismxdp;Ricoh xD-Picture Card Driver;C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\WINDOWS\ATK0100\ASNDIS5.SYS
S3 dot4;Pilote MS IEEE-1284.4;C:\WINDOWS\system32\DRIVERS\Dot4.sys
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4;C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
S3 Dot4Scan;Pilote de classe Scanneur pour IEEE-1284.4;C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
S3 dot4usb;Filtre Dot4USB Dot4USB Filter;C:\WINDOWS\system32\DRIVERS\dot4usb.sys
S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio;C:\WINDOWS\system32\drivers\HdAudio.sys
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;Pilote MHN;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 sffdisk;Pilote de classe de stockage SFF;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
S3 Z550bus;Sony Ericsson Z550 driver (WDM);C:\WINDOWS\system32\DRIVERS\Z550bus.sys
S3 Z550obex;Sony Ericsson Z550 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\Z550obex.sys
S4 Microsoft Genuine Update Advantage;Microsoft Genuine Update Advantage;"C:\WINDOWS\system32\dllcache\mswan.exe"


Contents of the 'Scheduled Tasks' folder
2007-08-01 08:12:04 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-01 15:49:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-01 15:50:17
C:\ComboFix-quarantined-files.txt ... 2007-07-28 15:55
C:\ComboFix2.txt ... 2007-07-28 15:55

--- E O F ---


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:52:12, on 01/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
C:\Program Files\Atheros\ACU.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\RemoteControlService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Corinne\Mes documents\Mes logiciels\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {3CA8B9CC-138C-40FA-91FE-CA22A2E4CA9B} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: (no name) - {72BE8679-EAED-470A-BA24-CA80CFA9B75F} - C:\WINDOWS\system32\mljhigd.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?626a0b701243422b83c8917124408742
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?626a0b701243422b83c8917124408742
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: STS Secure Viewer - http://83.206.149.125:8080/pmasweb//tools/pviewersetup....
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActi...
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://france.fujifilmnet.com/MCLPhoto.CAB
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/FUploader/SpeedUploader.cab
O20 - Winlogon Notify: mljhigd - mljhigd.dll (file missing)
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 9458 bytes

1 Août 2007 16:14:26

Re


Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {3CA8B9CC-138C-40FA-91FE-CA22A2E4CA9B} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: (no name) - {72BE8679-EAED-470A-BA24-CA80CFA9B75F} - C:\WINDOWS\system32\mljhigd.dll (file missing)
O20 - Winlogon Notify: mljhigd - mljhigd.dll (file missing)
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
---> tu aurais déja du faire cette manip le 30-07-2007 à 11:41:08


Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\mljhigd.dll
C:\WINDOWS\system32\mlljh.dll


Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Poste le rapport situé dans C:\_OTMoveIt\MovedFiles avec un nouveau Hijackthis.
1 Août 2007 16:26:59

C:\WINDOWS\system32\hjllm.bak2 moved successfully.
File/Folder C:\WINDOWS\system32\mljhigd.dll not found.
File/Folder C:\WINDOWS\system32\mlljh.dll not found.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:26:43, on 01/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
C:\Program Files\Atheros\ACU.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\RemoteControlService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Corinne\Mes documents\Mes logiciels\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\ASUS\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?626a0b701243422b83c8917124408742
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?626a0b701243422b83c8917124408742
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: STS Secure Viewer - http://83.206.149.125:8080/pmasweb//tools/pviewersetup....
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://wisup.net/_plateforme/Upload/Aurigma/AurigmaActi...
O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://france.fujifilmnet.com/MCLPhoto.CAB
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/FUploader/SpeedUploader.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 8900 bytes
1 Août 2007 16:28:13

Je tiens à préciser que j'ai fais toutes les manips que tu m'as dit de faire et j'en profite pour te remercier de ton aide!!!!
1 Août 2007 17:14:18

Hijackthis est propre.

As tu encore des alertes ?
1 Août 2007 17:27:43

non plus d'alertes depuis que je l'ai rallumé tout à l'heure...
j'espère que cette fois c'est bon.... par contre je ne peux plus reglé mon son, crois tu que ça ai un rapport???? (j'ai un portable!)
1 Août 2007 17:35:56

Pour le son, je ne vois pas.


On fini le ménage.


Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Cocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


Lance OTmoveIT.
  • Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
    NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a internet, Autorise le.
  • Une liste apparait dans la partie gauche d'OTmoveIT.
  • Un message apparait pour confirmer le nettoyage. Confirme


    Redémarre le PC


    Clique sur Démarrer - Clic droit sur le Poste de Travail - Propriétés - Restauration du systéme - Décocher la case Désactiver la restauration du systéme et cliquer sur Appliquer.


    Encore deux choses.

    Va sur ce lien pour mieux sécuriser ton PC
    http://www.infos-du-net.com/forum/267223-11-securiser-o...

    Edite ton premier message et ajoute Résolu à côté de ton titre.
    2 Août 2007 10:09:01

    Encore merci pour ton aide :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS