Pc Infecté

[fde]

Logfile of HijackThis v1.99.1

Scan saved at 17:43:32, on 26/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Raxco\PerfectDisk\PDSched.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

O4 - HKCU\..\Run: [TClockEx] "C:\Program Files\TClockEx\TCLOCKEX.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185368241796

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[pdesprat]

salut voici ce que j ai trouve

 

Logfile of HijackThis v1.99.1

Votre version semble être actuelle.

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Votre version semble être actuelle.

C:\WINDOWS\System32\smss.exe

Very safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\winlogon.exe

Very safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\services.exe

Safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\lsass.exe

Very safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\svchost.exe

Safe

This entry was classified from our visitors as good.

C:\WINDOWS\System32\svchost.exe

Very safe

This entry was classified from our visitors as good.

C:\WINDOWS\Explorer.EXE

Very safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\spoolsv.exe

Safe

This entry was classified from our visitors as good.

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

Very safe

This entry was classified from our visitors as good.

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

Very safe

This entry was classified from our visitors as good.

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

Very safe

This entry was classified from our visitors as good.

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

Very safe

This entry was classified from our visitors as good.

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Safe

Eventuellement méchant! Selon notre base de données, ce processus s’exécute normalement dans c:\programme\google\common\google updater\! Vérifiez si vous connaissez ce processus et arrangez un contrôle antivirus si nécessaire. This entry was classified from our visitors as good.

C:\WINDOWS\system32\RunDLL32.exe

Very safe

RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.

C:\WINDOWS\system32\nvsvc32.exe

Very safe Non dangereux, mais tout de même superflu.

This entry was classified from our visitors as good.

C:\WINDOWS\system32\ctfmon.exe

Very safe

This entry was classified from our visitors as good.

C:\Program Files\CyberLink\Shared files\RichVideo.exe

Neutral

Cyberlink

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Safe

This entry was classified from our visitors as good.

C:\WINDOWS\system32\svchost.exe

Safe

This entry was classified from our visitors as good.

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Very safe

 

C:\Program Files\Raxco\PerfectDisk\PDSched.exe

Very safe

Perfect Disk

C:\Program Files\Skype\Phone\Skype.exe

Safe

This entry was classified from our visitors as good.

C:\Program Files\Skype\Plugin Manager\SkypePM.exe

Very safe

Skype Plugin Manager

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

Very safe

This entry was classified from our visitors as good.

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

Very safe

This entry was classified from our visitors as good.

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

Safe Tâche inconnue.

This entry was classified from our visitors as good.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie

Very safe Ce site a été identifié comme étant non dangereux

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

Very safe Ce site a été identifié comme étant non dangereux

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/

Ce site a été identifié comme étant non dangereux

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

Very safe Ce site a été identifié comme étant non dangereux

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s

Ce site a été identifié comme étant non dangereux

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

Very safe Ce site a été identifié comme étant non dangereux

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

SnagItBHO.dll - SnagIt, http://www.techsmith.com/products/snagit /default.asp

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

Very safe AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat reader, http://www.adobe.com/products/acrobat/re adstep2.html

O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

Safe msie2gr.dll - GetRight, http://www.getright.com/

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

Neutral SUN Java

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

Safe This entry was classified from our visitors as good.

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

SnagItIEAddin.dll - SnagIt, http://www.techsmith.com/products/snagit /default.asp

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

Safe This entry was classified from our visitors as good.

O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP

Very safe AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

Safe Programme inconnu.

O4 - HKLM\..\Run: [NvMediaCenter] "RunDLL32.exe" NvMCTray.dll,NvTaskbarInit

Safe Programme inconnu.

O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install

Very safe Programme inconnu. This entry was classified from our visitors as good.

O4 - HKCU\..\Run: [TClockEx] "C:\Program Files\TClockEx\TCLOCKEX.EXE"

Puts a configurable time/date display in the tray (and other features). Freeware by Dale Nurden and is popular on cover disks

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

Safe This entry was classified from our visitors as good.

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

Neutral Associated with GoogleToolbarNotifier from Google Inc.

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

Safe Cette inscription a été identifiée comme étant non dangereuse.

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

Cette inscription Console Java a été identifiée comme étant non dangereuse.

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL

Cette inscription Recherche a été identifiée comme étant non dangereuse.

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

Safe Cette inscription Real.com a été identifiée comme étant non dangereuse.

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Cette inscription @C:\Program Files\Messenger\Msgslang.dll, a été identifiée comme étant non dangereuse.

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Neutral Cette inscription @C:\Program Files\Messenger\Msgslang.dll, a été identifiée comme étant non dangereuse.

O11 - Options group: [iNTERNATIONAL] International*

Neutral

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

Safe This entry was classified from our visitors as good.

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185368241796

Cette inscription a été identifiée comme étant non dangereuse.

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

Cette inscription a été identifiée comme étant non dangereuse.

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

Cette inscription a été identifiée comme étant non dangereuse.

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

Cette inscription a été identifiée comme étant non dangereuse.

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

Cette inscription a été identifiée comme étant non dangereuse.

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

Safe This entry was classified from our visitors as good.

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

Safe This entry was classified from our visitors as good.

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

Safe This entry was classified from our visitors as good.

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

Very safe Ce service (avgamsvr.exe) a été identifié comme étant légitime. This entry was classified from our visitors as good.

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

Safe Ce service (avgupsvc.exe) a été identifié comme étant légitime. This entry was classified from our visitors as good.

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

Very safe Ce service (avgemc.exe) a été identifié comme étant légitime.

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Safe Ce service (GoogleUpdaterService.exe) a été identifié comme étant légitime.

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Very safe Ce service (nvsvc32.exe) a été identifié comme étant légitime. This entry was classified from our visitors as good.

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

Safe Ce service (PDEngine.exe) a été identifié comme étant légitime.

O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe

Very safe Ce service (PDSched.exe) a été identifié comme étant légitime.

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

Very safe Ce service (RichVideo.exe) a été identifié comme étant légitime.

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Safe Ce service (StarWindService.exe) a été identifié comme étant légitime. This entry was classified from our visitors as good.

O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Very safe Ce service (SpySweeper.exe) a été identifié comme étant légitime.

[angelique]

pdesprat c'est bien gentil d'intervenir sur les rapports HJT, cependant il faut se coller à un protocole d'analyse personnel et non balançer les resultat du bot de HijackThis.de

 

Tu peux t'abstenir de repondre dans cette section du forum!!!! Merci, une équipe compétente et aguérie aux désinfections s'en occupe deja.

 

 

_______________________________

 

fde merci de ne pas debouler dans cette section du forum avec comme titre" Pc Infecté, Interpretation de mon fichier log Hijacthis" et tu colles ton log sans un bonjour , ni meme une vague explication(meme à ton niveau de vocabulaire...) de tes symptomes

 

Merci ! de ne pas suivre les conseils de pdesprat

 

Détaille tes symptomes , une procedure te sera indiquée.