[Résolu] Mon PC est infecté depuis paiement par CB

fonneuve · le 25 novembre 2007

merci

j'ai l'impression qu'il y a un mieux mais ce n'est pas sur;voici les 3 rapports :

1)Vundo

VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.5

Old versions of java are exploitable and should be removed.

Scan started at 21:53:57 24/11/2007

Listing files found while scanning....

C:\WINDOWS\system32\qzdvzsit.dll

C:\windows\system32\qzdvzsit.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\qzdvzsit.dllbox

C:\windows\system32\qzdvzsit.dllbox Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.5

Old versions of java are exploitable and should be removed.

Scan started at 06:36:51 25/11/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

2)Combo:ComboFix 07-11-19.3 - Pierre 2007-11-25 6:52:37.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.130 [GMT 1:00]

Running from: C:\Documents and Settings\Pierre\Bureau\ComboFix.exe

* Created a new restore point

.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk

C:\Documents and Settings\Pierre\Bureau\Live Safety Center.lnk

C:\Documents and Settings\Pierre\Bureau\Online Security Guide.lnk

C:\Documents and Settings\Pierre\Favoris\Online Security Guide.lnk

C:\WINDOWS\system32\mllmm.dll

C:\WINDOWS\system32\mmllm.ini

C:\WINDOWS\system32\mmllm.ini2

C:\WINDOWS\system32\UpMedia

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_DOMAINSERVICE

-------\DomainService

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))))))))

.

2007-11-24 21:53 <REP> d-------- C:\VundoFix Backups

2007-11-24 15:54 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau

2007-11-24 15:54 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2007-11-24 15:54 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles

2007-11-24 15:54 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents

2007-11-24 15:54 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer

2007-11-24 15:54 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris

2007-11-24 15:54 <REP> dr------- C:\Documents and Settings\Administrateur\Bureau

2007-11-24 15:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver

2007-11-24 15:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec

2007-11-24 12:55 <REP> d-------- C:\Program Files\Avira

2007-11-24 12:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2007-11-24 12:54 2,395 --a------ C:\Documents and Settings\Pierre\x.dat

2007-11-24 12:54 285 --a------ C:\Documents and Settings\Pierre\z.dat

2007-11-24 08:26 <REP> d-------- C:\Program Files\Lavasoft

2007-11-24 08:26 <REP> d-------- C:\Documents and Settings\Pierre\Application Data\Lavasoft

2007-11-24 08:25 776,012 ---hs---- C:\WINDOWS\system32\xfjljmdf.ini

2007-11-23 17:07 <REP> d-------- C:\Program Files\Fichiers communs\SWF Studio

2007-11-23 16:39 <REP> d-------- C:\PROGRAMME

2007-11-23 14:15 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll

2007-11-23 14:10 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2007-11-23 14:00 <REP> d-------- C:\Multimedia Files

2007-11-23 13:15 <REP> d-------- C:\Program Files\cyberlab GmbH

2007-11-21 13:03 <REP> d-------- C:\Program Files\Dico TV5

2007-11-19 08:08 <REP> d-------- C:\Program Files\VoipBuster.com

2007-11-16 09:48 <REP> d-------- C:\Program Files\Free Audio Pack

2007-11-16 09:48 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX

2007-11-16 09:48 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL

2007-11-16 09:23 <REP> d-------- C:\Program Files\Audacity

2007-11-10 06:50 <REP> d-------- C:\Program Files\Microsoft.NET

2007-11-10 06:48 <REP> dr-h----- C:\MSOCache

2007-10-31 09:51 <REP> d-------- C:\Documents and Settings\Pierre\Application Data\Canon

2007-10-30 15:33 <REP> d-------- C:\Program Files\Photodex Presenter

2007-10-30 15:33 <REP> d-------- C:\Documents and Settings\Pierre\Application Data\Netscape

2007-10-25 18:13 <REP> d-------- C:\Program Files\Convar

2007-10-25 18:13 516,784 -ra------ C:\WINDOWS\system32\XceedCry.dll

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-24 11:55 120 ----a-w C:\n.bat

2007-11-24 11:54 0 ----a-w C:\z.dat

2007-11-24 11:54 0 ----a-w C:\x.dat

2007-11-23 13:07 --------- d-----w C:\Program Files\eMule

2007-11-19 11:02 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Skype

2007-11-10 21:05 --------- d-----w C:\Program Files\Google

2007-11-10 18:36 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Ulead Systems

2007-10-25 17:13 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-10-18 16:00 --------- d-----w C:\Program Files\Registry Clean Expert

2007-10-18 15:57 --------- d-----w C:\Program Files\UltraDefrag

2007-10-14 05:34 --------- d-----w C:\Program Files\Wondershare

2007-10-13 18:10 --------- d-----w C:\Program Files\GeoVid

2007-10-13 18:10 --------- d-----w C:\Documents and Settings\Pierre\Application Data\GeoVid

2007-10-13 16:22 --------- d-----w C:\Program Files\Fichiers communs\GeoVid

2007-10-11 16:31 --------- d-----w C:\Program Files\Picasa2

2007-10-11 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime

2007-10-10 14:22 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Ahead

2007-10-08 11:00 --------- d-----w C:\Program Files\Fichiers communs\Logitech

2007-10-08 10:59 --------- d-----w C:\Program Files\Logitech

2007-10-08 10:08 --------- d-----w C:\Program Files\Java

2007-10-08 07:40 --------- d-----w C:\Program Files\DivX

2007-10-08 07:36 --------- d-----w C:\Program Files\Pinnacle

2007-10-08 07:36 --------- d-----w C:\Program Files\Microsoft SQL Server

2007-10-08 07:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle

2007-10-08 06:41 --------- d-----w C:\Program Files\Executive Software

2007-10-08 06:37 --------- d-----w C:\Program Files\Ahead

2007-10-08 06:32 --------- d-----w C:\Program Files\Fichiers communs\Ahead

2007-10-08 06:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead

2007-10-08 06:25 --------- d-----w C:\Documents and Settings\Pierre\Application Data\ArcSoft

2007-10-08 06:24 --------- d-----w C:\Program Files\Canon

2007-10-08 06:23 --------- d-----w C:\Program Files\ScanSoft

2007-10-08 06:23 --------- d-----w C:\Program Files\Fichiers communs\ScanSoft Shared

2007-10-08 06:23 --------- d-----w C:\Documents and Settings\Pierre\Application Data\ScanSoft

2007-10-08 06:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanWizard

2007-10-08 06:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

2007-10-08 06:22 --------- d-----w C:\Program Files\ArcSoft

2007-10-07 15:37 --------- d-----w C:\Program Files\Skype

2007-10-07 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype

2007-10-07 08:16 --------- d-----w C:\Documents and Settings\Pierre\Application Data\vmntoolbar

2007-10-05 08:08 --------- d-----w C:\Program Files\Popims

2007-10-04 14:44 --------- d-----w C:\Program Files\XnView

2007-10-04 06:43 --------- d-----w C:\Program Files\Fichiers communs\ACD Systems

2007-10-04 06:41 --------- d-----w C:\Documents and Settings\Pierre\Application Data\ACD Systems

2007-10-03 12:04 --------- d-----w C:\Program Files\Seagrand

2007-10-03 11:58 --------- d-----w C:\Program Files\Tacmi

2007-10-03 11:28 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2007-10-03 11:28 --------- d-----w C:\Documents and Settings\Pierre\Application Data\AdobeUM

2007-10-03 06:30 --------- d-----w C:\Program Files\Beneton Software

2007-10-03 06:21 --------- d-----w C:\Program Files\Visicom Media

2007-10-02 17:36 --------- d-----w C:\Program Files\vmntoolbar

2007-10-02 16:45 --------- d-----w C:\Program Files\Image Converter and Editor

2007-10-02 11:13 --------- d-----w C:\Program Files\VirtualDub

2007-10-02 11:07 --------- d-----w C:\Documents and Settings\Pierre\Application Data\STOIK

2007-10-02 10:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems

2007-10-02 10:45 --------- d-----w C:\Program Files\Ulead Systems

2007-10-02 10:45 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems

2007-10-02 10:29 551 ---ha-w C:\os466477.bin

2007-10-02 07:22 --------- d-----w C:\Program Files\Crawler

2007-10-02 07:10 --------- d-----w C:\Program Files\directx

2007-10-02 07:06 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2007-10-02 07:03 578 ---ha-w C:\os357577.bin

2007-10-02 06:39 --------- d-----w C:\Program Files\AVSMedia

2007-10-01 12:21 --------- d-----w C:\Program Files\Maïdo Production

2007-10-01 11:23 --------- d-----w C:\Program Files\Beneton Movie GIF

2007-10-01 08:35 --------- d-----w C:\Documents and Settings\Pierre\Application Data\XnView

2007-10-01 07:59 --------- d-----w C:\Program Files\AnmSMP

2007-10-01 06:29 --------- d-----w C:\Program Files\RADVideo

2007-10-01 06:22 --------- d-----w C:\Program Files\Video mp3 Extractor

2007-10-01 06:19 --------- d-----w C:\Program Files\K-Lite Codec Pack

2007-10-01 06:13 --------- d-----w C:\Program Files\MSN Messenger

2007-10-01 06:05 --------- d-----w C:\Program Files\VS Revo Group

2007-10-01 05:45 --------- d-----w C:\Program Files\Free History Eraser

2007-10-01 05:23 --------- d-----w C:\Program Files\VirtualDubMOD

2007-10-01 05:22 --------- d-----w C:\Program Files\Media Player Classic

2007-10-01 05:22 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Media Player Classic

2007-10-01 05:21 --------- d-----w C:\Program Files\CDex

2007-10-01 05:18 --------- d-----w C:\Program Files\CCleaner

2007-09-30 16:03 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-09-30 09:46 --------- d-----w C:\Program Files\PhotoFiltre Studio

2007-09-30 09:46 --------- d-----w C:\Program Files\MSXML 4.0

2007-09-30 03:37 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Uniblue

2007-09-30 03:24 --------- d-----w C:\Program Files\IncrediMail

2007-09-30 03:16 --------- d-----w C:\Program Files\Alwil Software

2007-09-30 02:59 --------- d-----w C:\Program Files\SAGEM

2007-09-29 18:53 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2007-09-29 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2007-09-29 18:45 --------- d-----w C:\Program Files\Microsoft Works

2007-09-29 18:36 --------- d-----w C:\Program Files\Fichiers communs\AOL

2007-09-29 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL

2007-09-29 18:12 --------- d-----w C:\Program Files\Fichiers communs\xing shared

2007-09-29 18:12 --------- d-----w C:\Program Files\Fichiers communs\Real

2007-09-29 18:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink

2007-09-29 18:11 --------- d-----w C:\Program Files\Dynamic Toolbar

2007-09-29 18:11 --------- d-----w C:\Program Files\CyberLink

2007-09-29 18:09 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Symantec

2007-09-29 18:06 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys

2007-09-29 18:06 --------- d-----w C:\Program Files\Viewpoint

2007-09-29 18:06 --------- d-----w C:\Program Files\Real

2007-09-29 18:06 --------- d-----w C:\Program Files\QuickTime

2007-09-29 18:06 --------- d-----w C:\Program Files\Learn2.com

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2224A0-B114-4491-9305-FD0E4B55FA1E}]

2007-11-23 14:12 37376 --a------ C:\WINDOWS\system32\ljjighh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7e6d6ae8-e8cf-4bc4-bbb4-f800e9bbca62}]

C:\WINDOWS\system32\siwswbro.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CEDDA62D-5FBE-4AB2-AE2E-5E069F444444}"= C:\Program Files\Dico TV5\MDTV5TB.dll [2007-09-11 17:19 802816]

[HKEY_CLASSES_ROOT\clsid\{cedda62d-5fbe-4ab2-ae2e-5e069f444444}]

[HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar.1]

[HKEY_CLASSES_ROOT\TypeLib\{43C9998B-DB65-4F03-8C57-BBF146CCCCCC}]

[HKEY_CLASSES_ROOT\MDTV5Tb.IEToolBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-03-01 16:01]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-08 06:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]

"NvCplDaemon"="RUNDLL32.exe" [2004-08-05 13:00 C:\WINDOWS\system32\rundll32.exe]

"nwiz"="nwiz.exe" [2005-03-05 11:26 C:\WINDOWS\system32\nwiz.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 C:\WINDOWS\SOUNDMAN.EXE]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 10:10]

"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 18:22]

"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 19:01]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-12-05 11:25]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06]

"PMCS"="C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-02-10 15:02]

"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-02-16 14:37]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 17:19]

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 17:57]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 17:51]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-29 19:06]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-29 19:12]

"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-24 12:57]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{3A2224A0-B114-4491-9305-FD0E4B55FA1E}"= C:\WINDOWS\system32\ljjighh.dll [2007-11-23 14:12 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjighh]

ljjighh.dll 2007-11-23 14:12 37376 C:\WINDOWS\system32\ljjighh.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmm.dll

R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys

R3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys

R3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-25 06:58:13

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-25 6:59:45 - machine was rebooted

.

--- E O F ---

J'envoie hitjack de suite

fonneuve · le 25 novembre 2007

Rebonjour

voici hitjack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 07:02:13, on 25/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Apps\Powercinema\PCMService.exe

C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\PROGRA~1\INCRED~1\bin\ImApp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Documents and Settings\Pierre\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: (no name) - {3A2224A0-B114-4491-9305-FD0E4B55FA1E} - C:\WINDOWS\system32\ljjighh.dll

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: {26acbb9e-008f-4bbb-4cb4-fc8e8ea6d6e7} - {7e6d6ae8-e8cf-4bc4-bbb4-f800e9bbca62} - C:\WINDOWS\system32\siwswbro.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: TV5 - Dictionnaires - {CEDDA62D-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\Dico TV5\MDTV5TB.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug

O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab

O20 - Winlogon Notify: ljjighh - C:\WINDOWS\SYSTEM32\ljjighh.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--

End of file - 9844 bytes

Apollo · le 25 novembre 2007

Clique sur le menu Démarrer puis exécuter et copie/colle ceci :

"%userprofile%\Bureau\combofix.exe" /v ljjighh

puis clique sur OK.

Un message va apparaître, appuie sur la touche "y". A la fin le bloc-notes s'ouvrira fais un copié/collé de tout son contenu.

Poste-le.

Stp rend toi sur cette page afin de télécharger le fichier regedit.reg >

pour cela, clique sur le lien en bas de page > http://www.sendspace.com/file/5zcoqa Download Link: regedit.exe Enregistre-le sur le bureau.

Double-clique sur l'icône représentant un "cube" et accepte la fusion dans le registre.

Ensuite, élimine ce fichier et vide la corbeille.

Reposte aussi un nouveau log Hijackthis stp.

@+

Modifié le 25 novembre 2007 par Apollo.01

fonneuve · le 25 novembre 2007

bonsoir

voici les deux rapports demandés

1)Combofix

ComboFix 07-11-19.3 - Pierre 2007-11-25 20:11:46.4 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.78 [GMT 1:00]

Running from: C:\Documents and Settings\Pierre\Bureau\combofix.exe

Command switches used :: /v ljjighh

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\awtqq.dll

C:\WINDOWS\system32\mlnmp.ini

C:\WINDOWS\system32\mlnmp.ini2

C:\WINDOWS\system32\pmnlm.dll

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-25 to 2007-11-25 ))))))))))))))))))))))))))))))))))))

.

2007-11-25 15:39 <REP> d-------- C:\Program Files\LimeWire

2007-11-25 15:37 <REP> d-------- C:\Documents and Settings\Pierre\.limewire

2007-11-25 11:53 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-11-25 11:53 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-11-25 11:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-11-25 11:52 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-11-25 11:52 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2007-11-25 11:52 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-11-25 11:52 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-11-25 11:52 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys