rapport hijackthis

[S-P-Q-R]

bonjour à tous,quelqu'un serait il capable de me dire si mon pc est infecté merci

Scan saved at 17:45:57 , on 24/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works

 

Shared\WkUFind.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\Magentic\bin\MgApp.exe

C:\Program Files\Logitech\Video\VideoEffectsWatcher.exe

C:\Program Files\Logitech\Video\COCIManager.exe

c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Fichiers

 

communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows

 

Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\ZebHelpProcess 2\ZHP2.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE

 

ORIGINALE.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://fr9.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

 

= http://srch-fr9.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

 

= http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

 

http://srch-fr9.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName

 

= Liens

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3}

 

- C:\PROGRA~1\COPERN~1\COPERN~1.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader -

 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers

 

communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} -

 

c:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: Spybot-S&D IE Protection -

 

{53707962-6F74-2D53-2644-206D7942484F} -

 

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

 

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -

 

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers

 

communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper -

 

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

 

files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO -

 

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

 

Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -

 

c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

 

c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital

 

Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers

 

communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI

 

Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card

 

Reader\shwicon2k.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

 

Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program

 

Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program

 

Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program

 

Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program

 

Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKCU\..\Run: [swg] C:\Program

 

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search

 

& Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

 

"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

 

Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program

 

Files\Google\Google Updater\GoogleUpdater.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

 

present

O8 - Extra context menu item: &Add animation to IncrediMail Style Box -

 

C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Chercher avec Copernic Agent -

 

res://C:\Program Files\Copernic

 

Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

O8 - Extra context menu item: E&xporter vers Microsoft Excel -

 

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

 

C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) -

 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -

 

C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent -

 

{193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} -

 

C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Ajout Direct -

 

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

 

Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer -

 

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

 

Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Copernic Agent -

 

{688DC797-DC11-46A7-9F1B-445F4F58CE6E} -

 

C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

 

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

 

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

 

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

 

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -

 

c:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

 

C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

 

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

 

Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -

 

http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

 

-

 

http://www.update.microsoft.com/windowsupd...ols/en/x86/clie

 

nt/wuweb_site.cab?1196184990640

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)

 

-

 

http://www.update.microsoft.com/microsoftu...trols/en/x86/cl

 

ient/muweb_site.cab?1197193791843

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class)

 

- http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games -

 

Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient

 

Class) -

 

http://messenger.zone.msn.com/binary/Messe...ent.cab56907.ca

 

b

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B}

 

- C:\Program Files\Logitech\Desktop

 

Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

 

C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

 

C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -

 

C:\Program Files\Windows Live\Mail\mailcomm.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

 

C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft -

 

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software

 

- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program

 

Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program

 

Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program

 

Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

 

Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers

 

communs\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program

 

Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program

 

Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero

 

BackItUp\NBService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -

 

C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -

 

C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp

 

Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

[Gof]

Bonsoir S-P-Q-R :

 

Messages: 2

Bienvenue sur les forums de Zebulon.

 

Quelques liens pour t'aider à commencer :

• Comment participer à un forum
  
• retrouver ses messages et activer la notification par email
  

Tu sembles en effet infecté. Poste un nouveau rapport HijackThis, ton rapport est difficilement exploitable, à cause du format de la "casse".

 

A ce rapport, joins en également un comme ceci :

 

Télécharge DiagHelp.zip de Malekal_morte sur ton bureau.

• Décompresse le, sur ton bureau par exemple.
  
• Un nouveau dossier chercher va être créé DiagHelp.
  
• Ouvre le et double-clique sur go.cmd (le .cmd peut ne pas apparaître)
  
• Une fenêtre va s'ouvrir, choisis l'option 1
  
• L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
  
• Copie/colle le contenu du bloc-note qui s'ouvre et joins le à ta prochaine réponse.