Demande d'analyse pour scan de hijackthis

mister13el · le 27 juin 2007

J'ai fait exactement se qui avait été écrit dans le post Pré-Nettoyage d'un PC infecté

j'avait un problème où avast, à chaque démarage me signaler win32:ctx, qu'on dit que c'est un faux positif de panda.

jai fait le prenetoyage conseillé par le post en tete et jai opter pour antivir ( jai aussi pro alarm comme firewall )

Voici le scan de hijackthis

merci de bien vouloir lanalyser, le scan etant incompréhensible par moi même

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 19:24:19, on 27/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\runservice.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe

C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Winamp\Winamp.exe

C:\Program Files\Hijackthis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.198.251.66:8000

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Windows Update] mdos.exe

O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa

O4 - HKLM\..\Run: [9899] c:\netp.exe

O4 - HKLM\..\Run: [2507] C:\netp.exe

O4 - HKLM\..\Run: [4499] C:\netp.exe

O4 - HKLM\..\Run: [7409] C:\netp.exe

O4 - HKLM\..\Run: [2256] C:\netp.exe

O4 - HKLM\..\Run: [6641] C:\netp.exe

O4 - HKLM\..\Run: [5266] C:\netp.exe

O4 - HKLM\..\Run: [4548] C:\netp.exe

O4 - HKLM\..\Run: [1436] C:\netp.exe

O4 - HKLM\..\Run: [4297] C:\netp.exe

O4 - HKLM\..\Run: [1477] C:\netp.exe

O4 - HKLM\..\Run: [8476] C:\netp.exe

O4 - HKLM\..\Run: [2001] C:\netp.exe

O4 - HKLM\..\Run: [7949] C:\netp.exe

O4 - HKLM\..\Run: [4327] C:\netp.exe

O4 - HKLM\..\Run: [2967] c:\netp.exe

O4 - HKLM\..\Run: [9502] C:\netp.exe

O4 - HKLM\..\Run: [1900] C:\netp.exe

O4 - HKLM\..\Run: [1952] C:\netp.exe

O4 - HKLM\..\Run: [2053] C:\netp.exe

O4 - HKLM\..\Run: [2716] C:\netp.exe

O4 - HKLM\..\Run: [2342] C:\netp.exe

O4 - HKLM\..\Run: [4791] C:\netp.exe

O4 - HKLM\..\Run: [5200] C:\netp.exe

O4 - HKLM\..\Run: [5252] C:\netp.exe

O4 - HKLM\..\Run: [6068] C:\netp.exe

O4 - HKLM\..\Run: [6120] C:\netp.exe

O4 - HKLM\..\Run: [6169] C:\netp.exe

O4 - HKLM\..\Run: [2552] C:\netp.exe

O4 - HKLM\..\Run: [4244] C:\netp.exe

O4 - HKLM\..\Run: [4907] C:\netp.exe

O4 - HKLM\..\Run: [6323] C:\netp.exe

O4 - HKLM\..\Run: [7079] C:\netp.exe

O4 - HKLM\..\Run: [2324] C:\netp.exe

O4 - HKLM\..\Run: [552] C:\netp.exe

O4 - HKLM\..\Run: [2230] C:\netp.exe

O4 - HKLM\..\Run: [3200] C:\netp.exe

O4 - HKLM\..\Run: [492] C:\netp.exe

O4 - HKLM\..\Run: [4990] C:\netp.exe

O4 - HKLM\..\Run: [9435] C:\netp.exe

O4 - HKLM\..\Run: [5192] C:\netp.exe

O4 - HKLM\..\Run: [7244] C:\netp.exe

O4 - HKLM\..\Run: [410] C:\netp.exe

O4 - HKLM\..\Run: [548] C:\netp.exe

O4 - HKLM\..\Run: [256] C:\netp.exe

O4 - HKLM\..\Run: [update WinFix] mdblvavtutsl.exe

O4 - HKLM\..\Run: [Network Host Service] vdvshub32.exe

O4 - HKLM\..\Run: [Microsoft Update news ] backup32.exe

O4 - HKLM\..\Run: [Windows Reg Services] C:\WINDOWS\System32\ffservice.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe

O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [LanzarT2006] "C:\DOCUME~1\JIANYA~1.TES\LOCALS~1\Temp\{CB485E79-B84A-4618-B1A1-3FDE225F9423}\{98032D6F-3EE6-4646-B68C-40BF012AC89B}\..\..\T2006tmp\Install.exe" /SETUP:"/l0x040c"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\RunServices: [Windows Update] mdos.exe

O4 - HKLM\..\RunServices: [update WinFix] mdblvavtutsl.exe

O4 - HKLM\..\RunServices: [Network Host Service] vdvshub32.exe

O4 - HKLM\..\RunServices: [Microsoft Update news ] backup32.exe

O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe

O4 - HKLM\..\RunServices: [RealPlaer.exe] ylwakllmm.exe

O4 - HKCU\..\Run: [Windows Update] mdos.exe

O4 - HKCU\..\Run: [Microsoft Update news ] backup32.exe

O4 - HKCU\..\Run: [Windows Reg Services] C:\WINDOWS\System32\ffservice.exe

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\RunServices: [Windows Update] mdos.exe

O4 - HKLM\..\Policies\Explorer\Run: [Windows Reg Services] C:\WINDOWS\System32\ffservice.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunServices: [Windows Update] mdos.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunServices: [Windows Update] mdos.exe (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm

O8 - Extra context menu item: Add to QQ Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm

O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: Send the Picture by QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm

O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/

O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab

O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct4_x.cab

O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab

O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab

O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab

O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/poth_x.cab

O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab

O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab

O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab

O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.bbox.ch/kxhcm10.ocx

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab

O16 - DPF: {4F1D0C59-5ECC-4028-87F3-482191D2230F} (AxisRTPSrcFilter) - http://152.1.131.130/activex/AMC.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://unamedpascal.spaces.live.com//Photo...ad/MsnPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128788073500

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162290100328

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://62.164.202.118/activex/AMC.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.scany.info/nsvplayx_vp6_aac.cab

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing)

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe

O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing)

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--

End of file - 17371 bytes

Gof · le 27 juin 2007

Bonsoir mister13el

Manifestement, il va y avoir du travail à réaliser sur ton pc !

Tu dis avoir effectué la pré-procédure, as tu conservé le rapport généré par Antivir en ce cas ? Si oui, poste le dans ta prochaine réponse.

Peux tu reposter un log hijackthis je te prie, mais avec la version 1.99.1 que tu peux trouver ici.

mister13el · le 28 juin 2007

Oui j'ai gardé le report ( dsl , je me disais bien que sa allait faire beaucoup de boulot ^^' )

le voici:

AntiVir PersonalEdition Classic

Report file date: mercredi 27 juin 2007 15:43

Scanning for 847581 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: jianya

Computer name: TEST

Version information:

BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00

AVSCAN.EXE : 7.0.4.15 282664 Bytes 27/06/2007 11:21:18

AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/06/2007 11:21:18

LUKE.DLL : 7.0.4.11 143400 Bytes 27/06/2007 11:21:18

LUKERES.DLL : 7.0.4.0 10280 Bytes 27/06/2007 11:21:18

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 11:21:21

ANTIVIR1.VDF : 6.38.1.170 5569024 Bytes 21/05/2007 11:21:21

ANTIVIR2.VDF : 6.39.0.51 779776 Bytes 25/06/2007 11:21:22

ANTIVIR3.VDF : 6.39.0.65 110592 Bytes 27/06/2007 11:21:22

AVEWIN32.DLL : 7.4.0.34 2478592 Bytes 27/06/2007 11:21:23

AVWINLL.DLL : 1.0.0.7 14376 Bytes 27/06/2007 11:21:18

AVPREF.DLL : 7.0.2.1 24616 Bytes 27/06/2007 11:21:18

AVREP.DLL : 7.0.0.1 155688 Bytes 27/06/2007 11:21:22

AVPACK32.DLL : 7.3.0.12 360488 Bytes 27/06/2007 11:21:23

AVREG.DLL : 7.0.1.2 31784 Bytes 27/06/2007 11:21:18

AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/06/2007 11:21:16

AVARKT.DLL : 1.0.0.17 278568 Bytes 27/06/2007 11:21:16

NETNT.DLL : 7.0.0.0 7720 Bytes 27/06/2007 11:21:18

RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 27/06/2007 11:20:57

RCTEXT.DLL : 7.0.45.0 86056 Bytes 27/06/2007 11:20:57

Configuration settings for the scan:

Jobname..........................: Manual Selection

Configuration file...............: C:\Documents and Settings\All Users.WINDOWS\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: mercredi 27 juin 2007 15:43

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

12 processes with 12 modules were scanned

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '24' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\BFXNZ50W\bsplayer214[1].942_clip.exe

[DETECTION] Contains signature of the dropper DR/WhenU.A.8

[iNFO] The file was deleted!

C:\WINDOWS\system32\5alQnVND.exe

[DETECTION] Is the Trojan horse TR/Hijack.Explor.3467

[iNFO] The file was moved to '46ee9490.qua'!

C:\WINDOWS\system32\wservice.exe

[DETECTION] Contains suspicious code HEUR/Crypted

[iNFO] The file was moved to '46e7950f.qua'!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll

[DETECTION] Contains signature of the SPR/WildTangent.B.1 program

[iNFO] The file was moved to '46f99546.qua'!

End of the scan: mercredi 27 juin 2007 18:48

Used time: 3:04:31 min

The scan has been done completely.

6739 Scanning directories

708591 Files were scanned

4 viruses and/or unwanted programs were found

1 classified as suspicious:

1 files were deleted

0 files were repaired

3 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

708586 Files not concerned

2046 Archives were scanned

2 Warnings

2 Notes

0 Hidden objects were found

Modifié le 28 juin 2007 par mister13el

mister13el · le 28 juin 2007

Et voila le scan du hijackthis 1.99.0.1

Logfile of HijackThis v1.99.1

Scan saved at 14:13:32, on 28/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\runservice.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\VM_STI.EXE

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe

C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.198.251.66:8000

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll