[résolu] aide pour grand nettoyage > rapport hijackthis

julia · le 2 novembre 2008

Bonjour tout le monde,

Après avoir passé l'aspirateur et la serpillère, j'ai besoin de vous pour sortir les poubelles...

____________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:34:45, on 02/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

C:\Program Files\HPQ\shared\hpqwmi.exe

C:\Program Files\Mozilla Firefox\firefox.exe

\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {AB898C11-6F74-4986-A2EF-1053657C6A1D} - C:\WINDOWS\system32\awtrqnKB.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: (no name) - {BAA61F6E-B940-417D-A7C1-CAB961250C90} - C:\WINDOWS\system32\pmnnNeEv.dll (file missing)

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O5 "LPT1:" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdqgp.exe] C:\WINDOWS\system32\kdqgp.exe

O4 - HKLM\..\Run: [54b7e441] rundll32.exe "C:\WINDOWS\system32\mdrfxisb.dll",b

O4 - HKLM\..\Run: [bM5784d7dd] Rundll32.exe "C:\WINDOWS\system32\mnnulqxe.dll",s

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [97099553688378509701198574004379] C:\Program Files\XP Antivirus\xpa.exe

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=presario&pf=laptop

O20 - Winlogon Notify: awtrqnKB - awtrqnKB.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 7220 bytes

_______________________________________

Et merci d'avance pour vos réponses.

Julia

angelique · le 2 novembre 2008

'salut

1• veux tu uploader ce fichier en gras ci dessous à cette adresse: http://siri.urz.free.fr/upload/

Lien vers le message du forum où le fichier a été demandé: http://forum.zebulon.fr/aide-pour-grand-ne...is-t154015.html

Fichier: C:\Program Files\XP Antivirus\xpa.exe

2• relance Hijackthis " do a systeme scan only" , coche uniquement les lignes ci dessous et clic Fixchecked:

O2 - BHO: (no name) - {AB898C11-6F74-4986-A2EF-1053657C6A1D} - C:\WINDOWS\system32\awtrqnKB.dll (file missing)

O2 - BHO: (no name) - {BAA61F6E-B940-417D-A7C1-CAB961250C90} - C:\WINDOWS\system32\pmnnNeEv.dll (file missing)

O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdqgp.exe] C:\WINDOWS\system32\kdqgp.exe

O4 - HKLM\..\Run: [54b7e441] rundll32.exe "C:\WINDOWS\system32\mdrfxisb.dll",b

O4 - HKLM\..\Run: [bM5784d7dd] Rundll32.exe "C:\WINDOWS\system32\mnnulqxe.dll",s

O4 - HKCU\..\Run: [97099553688378509701198574004379] C:\Program Files\XP Antivirus\xpa.exe

O20 - Winlogon Notify: awtrqnKB - awtrqnKB.dll (file missing)

==> clic Fixchecked

3• Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

*Il faut désactiver le module "self-defense" d'avast , tu le remettras apres

Clic-droit sur l'icône d'Avast! près de l'horloge >> "Réglages du programme..."

- Option "Dépannage" (au bas à gauche)

- Cocher "Désactiver le module self-defense d'avast!" >> "Ok"

* Double-clique combofix.exe, accepte le CluF qui s'affiche, afin de l'exécuter et suis les instructions.

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

julia · le 2 novembre 2008

pour le 1er point c'est loupé, j'ai supprimé manuellement le dossier contenant le fichier il y a quelques jours.

Sinon, voila le rapport Combofix.

_____________________________________

ComboFix 08-11-01.04 - Jean Yves 2008-11-02 11:21:06.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.72 [GMT 1:00]

Lancé depuis: C:\Documents and Settings\Jean Yves\Bureau\ComboFix.exe

* Un nouveau point de restauration a été créé

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Jean Yves\Application Data\Microsoft\Internet Explorer\Quick Launch\XP Antivirus 2008.lnk

C:\Documents and Settings\Jean Yves\Favoris\Online Security Test.url

C:\Documents and Settings\Jean Yves\Mes documents\My Documents.url

C:\Documents and Settings\Norman\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\WINDOWS\BM5784d7dd.txt

C:\WINDOWS\BM5784d7dd.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\bebioonw.ini

C:\WINDOWS\system32\bsixfrdm.ini

C:\WINDOWS\system32\cpadqbfj.ini

C:\WINDOWS\system32\cpmbsuhq.ini

C:\WINDOWS\system32\enmoptrp.ini

C:\WINDOWS\system32\fuqirtbs.ini

C:\WINDOWS\system32\gvfrsxum.ini

C:\WINDOWS\system32\gvqrirfe.ini

C:\WINDOWS\system32\htytxupu.ini

C:\WINDOWS\system32\ieupdates.exe.tmp

C:\WINDOWS\system32\ipjaunle.ini

C:\WINDOWS\system32\iqgqrmlv.ini

C:\WINDOWS\system32\jjqmixos.ini

C:\WINDOWS\system32\kempggsh.ini

C:\WINDOWS\system32\kxygsllp.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\mmrfpppu.ini

C:\WINDOWS\system32\nvs2.inf

C:\WINDOWS\system32\oavrhyta.ini

C:\WINDOWS\system32\ohvmapoa.ini

C:\WINDOWS\system32\ooxcixrp.ini

C:\WINDOWS\system32\owoxxiwi.ini

C:\WINDOWS\system32\rongmqfg.ini

C:\WINDOWS\system32\rqtiukdw.ini

C:\WINDOWS\system32\ruuxkcwh.ini

C:\WINDOWS\system32\rxtcptul.ini

C:\WINDOWS\system32\tesykwgx.ini

C:\WINDOWS\system32\vEeNnnmp.ini

C:\WINDOWS\system32\vEeNnnmp.ini2

C:\WINDOWS\temp\perflib_perfdata_1cc.dat

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-02 au 2008-11-02 ))))))))))))))))))))))))))))))))))))

.

2008-10-25 09:47 . 2008-10-25 09:47 <REP> d-------- C:\WINDOWS\system32\fr-fr

2008-10-25 09:47 . 2008-10-25 09:47 <REP> d-------- C:\WINDOWS\system32\fr

2008-10-25 09:47 . 2008-10-25 09:47 <REP> d-------- C:\WINDOWS\system32\bits

2008-10-25 09:47 . 2008-10-25 09:47 <REP> d-------- C:\WINDOWS\l2schemas

2008-10-25 09:42 . 2008-10-25 09:48 <REP> d-------- C:\WINDOWS\ServicePackFiles

2008-10-25 09:29 . 2008-10-25 09:29 <REP> d-------- C:\WINDOWS\EHome

2008-10-25 08:24 . 2008-10-15 17:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-19 14:38 . 2004-08-03 21:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

2008-10-19 14:38 . 2004-08-03 21:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys

2008-10-19 14:38 . 2004-08-03 21:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys

2008-10-19 14:38 . 2004-07-17 21:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty

2008-10-19 14:38 . 2004-08-05 13:00 36,640 -----c--- C:\WINDOWS\system32\dllcache\mplayer2.inf

2008-10-19 14:38 . 2004-08-05 13:00 2,778 -----c--- C:\WINDOWS\system32\dllcache\mplogoh.gif

2008-10-19 14:38 . 2004-08-05 13:00 2,545 -----c--- C:\WINDOWS\system32\dllcache\mplogo.gif

2008-10-19 14:38 . 2004-08-05 13:00 999 -----c--- C:\WINDOWS\system32\dllcache\bktrh.gif

2008-10-19 14:38 . 2004-08-05 13:00 773 -----c--- C:\WINDOWS\system32\dllcache\cnth.gif

2008-10-19 14:38 . 2004-08-05 13:00 773 -----c--- C:\WINDOWS\system32\dllcache\cnt.gif

2008-10-19 14:38 . 2004-08-05 13:00 772 -----c--- C:\WINDOWS\system32\dllcache\cntd.gif

2008-10-19 14:38 . 2004-08-05 13:00 760 -----c--- C:\WINDOWS\system32\dllcache\cloapph.gif

2008-10-19 14:38 . 2004-08-05 13:00 717 -----c--- C:\WINDOWS\system32\dllcache\cloapp.gif

2008-10-19 14:26 . 2008-10-19 14:26 <REP> d-------- C:\Program Files\Trend Micro

2008-10-19 14:16 . 2008-08-14 14:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-10-19 14:16 . 2008-08-14 14:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-10-19 14:16 . 2008-08-14 14:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-10-19 14:16 . 2008-08-14 14:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2008-10-19 14:16 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys

2008-10-19 14:15 . 2008-04-11 20:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-10-19 14:15 . 2008-06-14 18:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-10-19 14:15 . 2008-06-14 18:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-10-19 14:15 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys

2008-10-19 13:50 . 2008-09-15 16:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys

2008-10-16 14:24 . 2008-10-16 14:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier

2008-10-16 14:24 . 2008-10-16 14:26 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat

2008-10-16 14:23 . 2008-11-02 10:53 397,344 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-10-16 14:23 . 2007-05-30 23:03 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys

2008-10-16 14:23 . 2008-10-16 14:23 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-10-16 14:23 . 2007-06-21 20:54 75,248 --a------ C:\WINDOWS\zllsputility.exe

2008-10-16 14:23 . 2008-10-16 14:23 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-10-16 14:23 . 2007-06-21 20:55 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll

2008-10-16 14:23 . 2007-06-21 20:55 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll

2008-10-16 14:23 . 2007-06-21 20:55 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll

2008-10-16 14:23 . 2007-06-21 20:55 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll

2008-10-16 14:23 . 2004-04-27 03:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2008-10-16 14:23 . 2008-11-02 10:53 5,984 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-10-16 14:22 . 2008-10-16 14:23 <REP> d-------- C:\WINDOWS\system32\ZoneLabs

2008-10-16 14:22 . 2008-10-16 14:22 <REP> d-------- C:\Program Files\Zone Labs

2008-10-16 14:22 . 2007-06-21 20:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll

2008-10-16 14:22 . 2008-11-02 11:30 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml

2008-10-16 14:21 . 2008-11-02 11:28 <REP> d-------- C:\WINDOWS\Internet Logs

2008-10-16 13:44 . 2008-10-16 13:44 <REP> d-------- C:\Program Files\Lavasoft

2008-10-16 13:43 . 2008-10-16 13:43 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-10-15 21:28 . 2008-10-15 21:28 <REP> d-------- C:\Program Files\Alwil Software

2008-10-05 22:20 . 2008-10-05 22:20 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb

2008-10-05 22:20 . 2008-10-05 22:20 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-02 09:54 270,336 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp

2008-11-02 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-10-16 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-10-15 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\F-Secure

2008-10-04 08:43 --------- d-----w C:\Program Files\Picasa2

2008-09-16 21:22 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared

2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-20 05:10 670,208 ----a-w C:\WINDOWS\system32\wininet.dll

2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-05-06 22:25 24,578,952 ----a-w C:\Program Files\AdbeRdr812_fr_FR.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]

"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]

"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]

"EPSON Stylus Photo RX420 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 385024]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\PeerTV\\PeerCast.exe"=

"C:\\Program Files\\PeerTV\\VLC\\vlc.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Picasa2\\Picasa2.exe"=

"C:\\Program Files\\Shareaza\\Shareaza.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]

.

Contenu du dossier 'Tâches planifiées'

2008-10-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

------- Examen supplémentaire -------

.

FireFox -: Profile - C:\Documents and Settings\Jean Yves\Application Data\Mozilla\Firefox\Profiles\c8hapyjy.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official

FF -: plugin - C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-02 11:29:00

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????5?2?5?4??????? ???B?????????????hLC? ??????

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\HPQ\shared\hpqwmi.exe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Heure de fin: 2008-11-02 11:32:48 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-11-02 10:32:31

Avant-CF: 3 640 381 440 octets libres

Après-CF: 3,853,103,104 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

215 --- E O F --- 2008-11-02 09:51:01

_________________________________________________________

angelique · le 2 novembre 2008

Tu t'es fait aider ailleurs entre temps?? tu as utilisé un autre outils??

• desinstalle ComboFix en copiant_collant la ligne ci dessous dans executer et valide la

ComboFix /u

» supp si toujours existant c:\combofix , c:\qoobox

• http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

Télécharge Malwarebytes' Anti-Malware (MBAM)

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

* Double clique sur le fichier téléchargé pour lancer le processus d'installation.

* Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.

* Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".

* Sélectionne "Exécuter un examen rapide"

* Clique sur "Rechercher"

* L'analyse démarre, le scan est relativement long, c'est normal.

* A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

* Ferme tes navigateurs.

* Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

* MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

NB : Si MBAM te demande à redémarrer, fais-le.

• vire avast pour antivir,pas la peine de reactiver son module self defense d'avast:

http://forum.malekal.com/viewtopic.php?f=45&t=3528

Fait un scan complet et poste le rapport avec un nouveau rapport HijackThis

julia · le 2 novembre 2008

Pour la suppression du dossier, j'ai suivi un tutotoriel le conseillant.

---------------------------------------------------

Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1355

Windows 5.1.2600 Service Pack 3

02/11/2008 12:30:46

mbam-log-2008-11-02 (12-30-46).txt

Type de recherche: Examen rapide

Eléments examinés: 45257

Temps écoulé: 5 minute(s), 1 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 9

Elément(s) de données du Registre infecté(s): 6

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 2

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Live.com (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com'>http://internetsearchservice.com/search?q=%s'>http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/'>http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}'>http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):

C:\WINDOWS\system32\247880 (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):

C:\Documents and Settings\Jean Yves\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeat 4.4.lnk (Rogue.VirusHeat) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

________________________________________________

Pour Antivir j'ai dû interrompre le 1er scan, tu trouveras dons 2 rapports

________________________________________________

Avira AntiVir Personal

Report file date: dimanche 2 novembre 2008 12:41

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: Jean Yves

Computer name: COMPAC

Version information:

BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 14:54:15

ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 06:20:53

ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 10:24:47

Engineversion : 8.2.0.4

AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56

AESCRIPT.DLL : 8.1.1.8 319866 Bytes 16/10/2008 12:43:34

AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 11:05:56

AERDL.DLL : 8.1.1.2 438644 Bytes 12/09/2008 07:06:02

AEPACK.DLL : 8.1.2.4 369014 Bytes 14/10/2008 11:05:56

AEOFFICE.DLL : 8.1.0.28 196987 Bytes 14/10/2008 11:05:56

AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18/09/2008 10:07:50

AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 11:05:56

AEGEN.DLL : 8.1.0.41 319861 Bytes 14/10/2008 11:05:56

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56

AECORE.DLL : 8.1.2.6 172406 Bytes 14/10/2008 11:05:56

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01

AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 15:35:20

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:

Jobname..........................: Windows System Directory

Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: dimanche 2 novembre 2008 12:41

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'hpqwmi.exe' - '1' Module(s) have been scanned

Scan process 'zlclient.exe' - '0' Module(s) have been scanned

Scan process 'E_FATI9CE.EXE' - '1' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'eabservr.exe' - '1' Module(s) have been scanned

Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'ashServ.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'vsmon.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

32 processes with 32 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '52' files ).

Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'

C:\WINDOWS\system32\ahglsrkn.0ll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was deleted!

C:\WINDOWS\system32\dxxtjbfh.0ll

[DETECTION] Is the TR/Vundo.Gen Trojan

[NOTE] The file was deleted!

End of the scan: dimanche 2 novembre 2008 12:44

Used time: 03:30 Minute(s)

The scan has been canceled!

1 Scanning directories

1824 Files were scanned

2 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

2 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

0 Files cannot be scanned

1822 Files not concerned

11 Archives were scanned

0 Warnings

2 Notes

________

Avira AntiVir Personal

Report file date: dimanche 2 novembre 2008 12:52

Scanning for 1001710 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: COMPAC

Version information:

BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:43:26

ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 31/10/2008 11:43:27

ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 31/10/2008 11:43:28

ANTIVIR3.VDF : 7.1.0.26 14848 Bytes 31/10/2008 11:43:28

Engineversion : 8.2.0.10

AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56

AESCRIPT.DLL : 8.1.1.9 319867 Bytes 02/11/2008 11:43:37

AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 11:05:56

AERDL.DLL : 8.1.1.2 438644 Bytes 12/09/2008 07:06:02

AEPACK.DLL : 8.1.2.4 369014 Bytes 14/10/2008 11:05:56

AEOFFICE.DLL : 8.1.0.29 196988 Bytes 02/11/2008 11:43:36

AEHEUR.DLL : 8.1.0.63 1479032 Bytes 02/11/2008 11:43:35

AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 11:05:56

AEGEN.DLL : 8.1.0.42 319861 Bytes 02/11/2008 11:43:32

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56

AECORE.DLL : 8.1.2.9 172407 Bytes 02/11/2008 11:43:31

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 02/11/2008 11:43:30

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: dimanche 2 novembre 2008 12:52

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'hpqwmi.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'zlclient.exe' - '0' Module(s) have been scanned

Scan process 'reader_sl.exe' - '1' Module(s) have been scanned

Scan process 'E_FATI9CE.EXE' - '1' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'eabservr.exe' - '1' Module(s) have been scanned

Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'vsmon.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

36 processes with 36 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '53' files ).

Starting the file scan:

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\'

End of the scan: dimanche 2 novembre 2008 13:20

Used time: 28:14 Minute(s)

The scan has been done completely.

4204 Scanning directories

192118 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

192116 Files not concerned

847 Archives were scanned

2 Warnings

0 Notes

_______________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:36:56, on 02/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HPQ\shared\hpqwmi.exe

c:\program files\avira\antivir personaledition classic\avcenter.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896