Virus msn - Résolu - Sécurité - Virus
Ceci répond-il à votre question ? Oui | Non
Se connecter | Inscription
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Virus msn - Résolu
 
pepette70
Profil : IDNaute
Plus d'informations
n°220609
06-08-2007 à 21:47:59

Bonsoir,
 
Suite à un message msn, j'ai attrapé un virus qui a infecté tout mon pc. J'ai Avast mais il ne fonctionne pas, il ne supprime pas le virus.
J'ai de plus en plus de problèmes, pouvez-vous m'aider ?
 
Merci


Message édité par pepette70 le 14-08-2007 à 12:38:23
Liens

chercheur_
Profil : Helper
Plus d'informations
n°220678
07-08-2007 à 00:01:19

Bonjour
 
 
Télécharge HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://perso.orange.fr/rginformati [...] hijack.htm
 
Fais un scan et poste l'analyse ici.


---------------
Le meilleur antivirus, c'est vous  
Vous avez un problème ? Créez votre propre post !
pepette70
Profil : IDNaute
Plus d'informations
n°220880
07-08-2007 à 14:51:48

Bonjour,
 
Ci-après le scan demandé :
 
HijackThis v1.99.1
 
Merci et à bientôt.

chercheur_
Profil : Helper
Plus d'informations
n°221007
07-08-2007 à 20:36:58

Il est où le scan ?


---------------
Le meilleur antivirus, c'est vous  
Vous avez un problème ? Créez votre propre post !
pepette70
Profil : IDNaute
Plus d'informations
n°221214
08-08-2007 à 09:57:27

Bonjour !
 
Excusez-moi pour ce contretemps. Ci-joint le scan !
 
Bonne journée.
 
 
Logfile of HijackThis v1.99.1
Scan saved at 09:54:11, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D6785B7C442E3DCF - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: (no name) - {A7A5FAC8-4167-459B-B301-E36947624482} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\ddcawvv.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar4.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe  
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Hope Fast Heart 2] C:\Documents and Settings\All Users\Application Data\anti internet hope fast\BalmBall.exe
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\xfxxxikp.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] xdm033YYFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1cab30a46c204ad186f0bf61045abab2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1cab30a46c204ad186f0bf61045abab2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 7919410921
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcawvv - ddcawvv.dll (file missing)
O20 - Winlogon Notify: mljjj - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
 
chercheur_
Profil : Helper
Plus d'informations
n°221351
08-08-2007 à 18:12:49

Bonjour
 
 
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
 
* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown" ); clique OK
 
Démarre ton PC à nouveau.
 
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
 
 
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.  
 
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt


---------------
Le meilleur antivirus, c'est vous  
Vous avez un problème ? Créez votre propre post !
pepette70
Profil : IDNaute
Plus d'informations
n°221714
09-08-2007 à 14:57:16

Bonjour !
 
Ci-joints les 3 rapports demandés :
 
ComboFix 07-08-09.3 - "Cricri" 2007-08-09 14:23:04.1 - NTFSx86  
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.591 [GMT 2:00]
 * Created a new restore point
 
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
C:\DOCUME~1\Cricri\APPLIC~1.\macromedia\Flash Player\#SharedObjects\DBRDRTC5\iforex.com
C:\DOCUME~1\Cricri\APPLIC~1.\macromedia\Flash Player\#SharedObjects\DBRDRTC5\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\DOCUME~1\Cricri\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\DOCUME~1\Cricri\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\DOCUME~1\Cricri\APPLIC~1\..\err.log
C:\DOCUME~1\Cricri\APPLIC~1\DriveCleaner 2006 Free
C:\DOCUME~1\Cricri\APPLIC~1\DriveCleaner 2006 Free\Logs\update.log
C:\DOCUME~1\Cricri\APPLIC~1\HbTools_Icons
C:\DOCUME~1\Cricri\APPLIC~1\HbTools_Icons\Registryrepair.ico
C:\DOCUME~1\Cricri\APPLIC~1\HbTools_Icons\wallpapere1.ico
C:\DOCUME~1\Cricri\Bureau.\Free PC Wallpapers.lnk
C:\WINDOWS\system32\cfnxfons.exe
C:\WINDOWS\system32\cmcxbafn.exe
C:\WINDOWS\system32\dklynahh.exe
C:\WINDOWS\system32\dlhctexa.exe
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\fgchhara.dat
C:\WINDOWS\system32\fgchhara.exe
C:\WINDOWS\system32\fgchhara_nav.dat
C:\WINDOWS\system32\fgchhara_navps.dat
C:\WINDOWS\system32\gaknjvga.exe
C:\WINDOWS\system32\gcolnchc.exe
C:\WINDOWS\system32\klyworkh.exe
C:\WINDOWS\system32\meombswk.exe
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\qfuctqeg.exe
C:\WINDOWS\system32\ruhpvigy.exe
C:\WINDOWS\system32\snrdiqfo.exe
C:\WINDOWS\system32\ssyiqqwe.exe
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\svdsbpka.exe
C:\WINDOWS\system32\svycishw.exe
C:\WINDOWS\system32\tqumkgax.exe
C:\WINDOWS\system32\tuppuopi.exe
C:\WINDOWS\system32\vafcoavk.exe
C:\WINDOWS\system32\xsyhklhn.exe
d:\.\scurit~1
d:\.\scurit~1\antivir_workstation_win7_en_h.exe
d:\.\scurit~1\ComboFix.exe
d:\.\scurit~1\Hijackthis Version Française\hijackthis vf.exe
d:\.\scurit~1\Hijackthis Version Française\hijackthis vf.url
d:\.\scurit~1\Hijackthis Version Française\ref.html
d:\.\scurit~1\Hijackthis Version Française\unins000.dat
d:\.\scurit~1\Hijackthis Version Française\unins000.exe
d:\.\scurit~1\jv16pt_setup_141.exe
d:\.\scurit~1\VundoFix.exe
 
 
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_FWSVC
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
 
 
(((((((((((((((((((((((((   Files Created from 2007-07-09 to 2007-08-09  )))))))))))))))))))))))))))))))
 
 
2007-08-09 14:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-09 13:50 <REP> d-------- C:\VundoFix Backups
2007-08-08 09:53 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-08-07 12:25 <REP> d-------- C:\Program Files\jv16 PowerTools
2007-07-23 19:18 910,172 ---hs---- C:\WINDOWS\system32\jjjlm.ini2
2007-07-13 09:52 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2007-08-09 14:30 --------- d-------- C:\DOCUME~1\Cricri\APPLIC~1\OpenOffice.org2
2007-08-09 14:17 --------- d-------- C:\DOCUME~1\Cricri\APPLIC~1\vmntoolbar
2007-08-05 19:46 --------- d-------- C:\Program Files\eMule
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-23 11:52 909699 ---hs---- C:\WINDOWS\system32\jjjlm.bak2
2007-07-22 19:20 --------- d-------- C:\DOCUME~1\Cricri\APPLIC~1\Love global data
2007-07-01 15:27 231873 --a------ C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_2031.exe
2007-07-01 15:27 --------- d-------- C:\Program Files\Easy Gif Animator Extension
2007-07-01 15:27 --------- d-------- C:\Program Files\Easy GIF Animator
2007-06-27 20:56 --------- d-------- C:\Program Files\MSN Messenger
2007-06-27 20:56 --------- d-------- C:\Program Files\Messenger Plus! Live
2007-06-27 20:56 --------- d-------- C:\Program Files\Love global data
2007-06-27 20:56 --------- d-------- C:\Program Files\Adverts
2007-06-27 18:24 --------- d-------- C:\Program Files\MessengerPlus! 3
2007-06-27 12:59 --------- d-------- C:\Program Files\MessengerSkinner
2007-06-26 19:48 6369 ---hs---- C:\WINDOWS\system32\jjjlm.bak1
2007-06-26 17:49 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-06-26 16:51 280576 --a------ C:\WINDOWS\system32\lauzbpusen.exe
2007-06-25 16:54 273920 --a------ C:\WINDOWS\system32\fmppqc.exe
2007-06-24 19:13 278528 --a------ C:\WINDOWS\system32\jnmvkkttr.exe
2007-06-23 10:57 279040 --a------ C:\WINDOWS\system32\eagfbahrw.exe
2007-06-20 19:54 446976 --a------ C:\WINDOWS\system32\hzjopdz.exe
2007-06-20 08:58 451584 --a------ C:\WINDOWS\system32\ivujows.exe
2007-06-19 17:48 --------- d-------- C:\Program Files\Windows Live
2007-06-17 00:23 451072 --a------ C:\WINDOWS\system32\jyzhryu.exe
2007-06-15 16:51 401920 --a------ C:\WINDOWS\system32\ozjzjw.exe
2007-06-14 20:20 394240 --a------ C:\WINDOWS\system32\xpbphoprh.exe
2007-06-12 09:32 408064 --a------ C:\WINDOWS\system32\qioszns.exe
2007-06-11 20:14 412160 --a------ C:\WINDOWS\system32\eolgklkdo.exe
2007-06-11 16:50 400384 --a------ C:\WINDOWS\system32\elcvlgcit.exe
2007-06-08 15:48 336896 --a------ C:\WINDOWS\system32\bvckvqd.exe
2007-06-05 16:50 331776 --a------ C:\WINDOWS\system32\qipean.exe
2007-05-29 09:37 353280 --a------ C:\WINDOWS\system32\ncfexgtvw.exe
2007-05-28 15:24 459 --ah----- C:\os466477.bin
2007-05-27 00:39 357376 --a------ C:\WINDOWS\system32\kmfejasuhs.exe
2007-05-23 09:46 362496 --a------ C:\WINDOWS\system32\wyduwl.exe
2007-05-19 08:43 355840 --a------ C:\WINDOWS\system32\wwhdbghd.exe
2007-05-16 23:13 359424 --a------ C:\WINDOWS\system32\ztjfmnr.exe
2007-05-16 17:13 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:13 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:13 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:13 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:13 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:13 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-15 16:52 357376 --a------ C:\WINDOWS\system32\rbfptri.exe
2007-05-12 17:00 41 ---h----- C:\WINDOWS\dsez0089.dat
2007-05-09 14:21 358912 --a------ C:\WINDOWS\system32\byqhim.exe
 ---------  C:\Program Files\Hijackthis Version Française
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown  
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B18DD50-C996-44fc-AC52-0FECFF82ED58}]
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7A5FAC8-4167-459B-B301-E36947624482}]
   C:\WINDOWS\system32\mljjj.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Cloneur Expert Monitor"="C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2006-01-22 19:57]
"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-01-22 19:57]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 13:01]
"AliceSAV"="C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe" [2005-12-16 17:57]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-12-12 02:36]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43]
"Hope Fast Heart 2"="C:\Documents and Settings\All Users\Application Data\anti internet hope fast\BalmBall.exe" [2007-06-27 20:56]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 10:07]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-19 20:08]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-10-31 15:06]
 
C:\Documents and Settings\Cricri\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]
 
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-19 20:08:45]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcawvv]  
ddcawvv.dll  
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjj]  
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background
 
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis TrueImage Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 tifsfilter;Acronis TrueImage FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
R3 pepifilter;Volume Adapter;C:\WINDOWS\system32\DRIVERS\lv302af.sys
R3 PID_08A0;QuickCam IM(PID_08A0);C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
S3 GMSIPCI;GMSIPCI;\??\E:\INSTALL\GMSIPCI.SYS
S3 NTACCESS;NTACCESS;\??\E:\NTACCESS.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 W8335XP;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys
 
 
Contents of the 'Scheduled Tasks' folder
2007-08-09 12:15:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job  
 
**************************************************************************
 
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-09 14:30:24
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...
 
scanning hidden registry entries ...
 
scanning hidden files ...
 
scan completed successfully
hidden files: 0
 
**************************************************************************
 
Completion time: 2007-08-09 14:31:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-09 14:31
 
 --- E O F ---
 
Logfile of HijackThis v1.99.1
Scan saved at 14:50:36, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
D:\Sécurité\Hijackthis Version Française\hijackthis vf.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D6785B7C442E3DCF - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: (no name) - {A7A5FAC8-4167-459B-B301-E36947624482} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar4.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe  
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Hope Fast Heart 2] C:\Documents and Settings\All Users\Application Data\anti internet hope fast\BalmBall.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] xdm033YYFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?1cab30a46c204ad186f0bf61045abab2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?1cab30a46c204ad186f0bf61045abab2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 7919410921
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcawvv - ddcawvv.dll (file missing)
O20 - Winlogon Notify: mljjj - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
 
 
VundoFix V6.5.7
 
Checking Java version...
 
Scan started at 13:50:02 09/08/2007
 
Listing files found while scanning....
 
C:\windows\system32\awtrppp.dll
C:\windows\system32\bjewdepa.exe
C:\windows\system32\bjknnbvf.ini
C:\windows\system32\brnhjets.dll
C:\windows\system32\cbxvvst.dll
C:\windows\system32\cwhmwxjx.dll
C:\WINDOWS\system32\ddcawvv.dll
C:\windows\system32\fvbnnkjb.dll
C:\windows\system32\gdnyuxah.dll
C:\windows\system32\ibrkvtuk.dll
C:\windows\system32\ijjmgccy.exe
C:\windows\system32\iwmmqefg.dll
C:\windows\system32\kdoojxxd.exe
C:\windows\system32\kekpvmpq.dll
C:\windows\system32\lgqqkres.exe
C:\windows\system32\ljjhgfe.dll
C:\WINDOWS\system32\memskija.dll
C:\windows\system32\mljjjki.dll
C:\windows\system32\phtrnjur.dll
C:\windows\system32\pkixxxfx.ini
C:\windows\system32\qyqkonhp.exe
C:\windows\system32\rqrutmmh.dll
C:\windows\system32\rresbpev.dll
C:\windows\system32\snptdcrl.exe
C:\windows\system32\tmscxtyi.dll
C:\windows\system32\tpuqeabw.ini
C:\windows\system32\tuvwwvs.dll
C:\windows\system32\txdqcbpc.dll
C:\windows\system32\vepbserr.ini
C:\windows\system32\wbaequpt.dll
C:\windows\system32\wvuurrq.dll
C:\WINDOWS\system32\xfxxxikp.dll
C:\windows\system32\xrunecoh.exe
C:\windows\system32\xtvtinvy.exe
C:\windows\system32\xxywvtu.dll
 
 
 
chercheur_
Profil : Helper
Plus d'informations
n°221748
09-08-2007 à 16:13:09

Bonjour
 
 
Relance un scan HijackThis et coche les lignes ci-dessous :  
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx  
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D6785B7C442E3DCF - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)  
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)  
O2 - BHO: (no name) - {A7A5FAC8-4167-459B-B301-E36947624482} - C:\WINDOWS\system32\mljjj.dll (file missing)  
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe  
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe  
O4 - HKLM\..\Run: [Hope Fast Heart 2] C:\Documents and Settings\All Users\Application Data\anti internet hope fast\BalmBall.exe  
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot  
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] xdm033YYFR  
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000  
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll  
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll  
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL  
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab  
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab  
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab  
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab  
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab  
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab  
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab  
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab  
O20 - Winlogon Notify: ddcawvv - ddcawvv.dll (file missing)  
O20 - Winlogon Notify: mljjj - C:\WINDOWS\  
 
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »  
 
 
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.c [...] MoveIt.exe
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
 
C:\WINDOWS\system32\jjjlm.ini2  
C:\WINDOWS\system32\jjjlm.bak2
C:\Documents and Settings\Cricri\Application Data\Love global data  
C:\Documents and Settings\All Users\Application Data\anti internet hope fast
C:\WINDOWS\system32\mljjj.dll  
C:\Program Files\Love global data  
C:\Program Files\Adverts  
C:\Program Files\MessengerSkinner  
C:\WINDOWS\system32\jjjlm.bak1  
C:\WINDOWS\system32\lauzbpusen.exe  
C:\WINDOWS\system32\fmppqc.exe  
C:\WINDOWS\system32\jnmvkkttr.exe  
C:\WINDOWS\system32\eagfbahrw.exe  
C:\WINDOWS\system32\hzjopdz.exe  
C:\WINDOWS\system32\ivujows.exe  
C:\WINDOWS\system32\jyzhryu.exe  
C:\WINDOWS\system32\ozjzjw.exe  
C:\WINDOWS\system32\xpbphoprh.exe  
C:\WINDOWS\system32\qioszns.exe  
C:\WINDOWS\system32\eolgklkdo.exe  
C:\WINDOWS\system32\elcvlgcit.exe  
C:\WINDOWS\system32\bvckvqd.exe  
C:\WINDOWS\system32\qipean.exe  
C:\WINDOWS\system32\ncfexgtvw.exe  
C:\WINDOWS\system32\kmfejasuhs.exe  
C:\WINDOWS\system32\wyduwl.exe  
C:\WINDOWS\system32\wwhdbghd.exe  
C:\WINDOWS\system32\ztjfmnr.exe  
C:\WINDOWS\system32\rbfptri.exe  
C:\WINDOWS\dsez0089.dat  
C:\WINDOWS\system32\byqhim.exe
 
 
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
 
Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.
 
 
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles avec un nouveau Hijackthis.


---------------
Le meilleur antivirus, c'est vous  
Vous avez un problème ? Créez votre propre post !
pepette70
Profil : IDNaute
Plus d'informations
n°221938
09-08-2007 à 20:33:53

Bonsoir,
 
Ci-joint les deux rapports demandés :
 
 
C:\WINDOWS\system32\jjjlm.ini2 moved successfully.
C:\WINDOWS\system32\jjjlm.bak2 moved successfully.
C:\Documents and Settings\Cricri\Application Data\Love global data moved successfully.
C:\Documents and Settings\All Users\Application Data\anti internet hope fast moved successfully.
File/Folder C:\WINDOWS\system32\mljjj.dll not found.
C:\Program Files\Love global data moved successfully.
C:\Program Files\Adverts moved successfully.
C:\Program Files\MessengerSkinner moved successfully.
C:\WINDOWS\system32\jjjlm.bak1 moved successfully.
C:\WINDOWS\system32\lauzbpusen.exe moved successfully.
C:\WINDOWS\system32\fmppqc.exe moved successfully.
C:\WINDOWS\system32\jnmvkkttr.exe moved successfully.
C:\WINDOWS\system32\eagfbahrw.exe moved successfully.
C:\WINDOWS\system32\hzjopdz.exe moved successfully.
C:\WINDOWS\system32\ivujows.exe moved successfully.
C:\WINDOWS\system32\jyzhryu.exe moved successfully.
C:\WINDOWS\system32\ozjzjw.exe moved successfully.
C:\WINDOWS\system32\xpbphoprh.exe moved successfully.
C:\WINDOWS\system32\qioszns.exe moved successfully.
C:\WINDOWS\system32\eolgklkdo.exe moved successfully.
C:\WINDOWS\system32\elcvlgcit.exe moved successfully.
C:\WINDOWS\system32\bvckvqd.exe moved successfully.
C:\WINDOWS\system32\qipean.exe moved successfully.
C:\WINDOWS\system32\ncfexgtvw.exe moved successfully.
C:\WINDOWS\system32\kmfejasuhs.exe moved successfully.
C:\WINDOWS\system32\wyduwl.exe moved successfully.
C:\WINDOWS\system32\wwhdbghd.exe moved successfully.
C:\WINDOWS\system32\ztjfmnr.exe moved successfully.
C:\WINDOWS\system32\rbfptri.exe moved successfully.
C:\WINDOWS\dsez0089.dat moved successfully.
C:\WINDOWS\system32\byqhim.exe moved successfully.
File/Folder  not found.
 
Created on 08/09/2007 20:26:55
 
 
Logfile of HijackThis v1.99.1
Scan saved at 20:31:15, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE

chercheur_
Profil : Helper
Plus d'informations