Raport hijackthis ?

6 réponses

Dj-Ol

23/05/2005 à 14:13

Bonjour,

Je me permet de coller mon raport de hijackthis, car depuis quelque temp
j'ai une fenetre intempesive dans ma barre des taches.Cela devien tres
agacant.

Merci de me dire si quelque chose ne tourne rond.

Logfile of HijackThis v1.99.1
Scan saved at 14:06:06, on 23/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\khooker.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\vsnpp106.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\SCHMITT olivier\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yolabiza.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
file://C:\APPS\IE\offline\fr.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yolabiza.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard
Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program
Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SNPP106] C:\WINDOWS\vsnpp106.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://212.157.152.82/AxisCamControl.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: MySqlInventime - Unknown owner -
c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
Corporation - C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -
Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp
Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

6 réponses

E. Jasko

23/05/2005 à 14:22

Juste une remarque : dans les running processes ; smss.exe et csrss.exe sont
2 variantes du virus que Norton Antivirus a supprimé de mes
fichiers (Répertoire c:windowshelp) . J'étais préalablement infesté d'envoi
de messages parasites tous azimuths analysés par Norton dans une fenetre
pop-up.

"Dj-Ol" wrote:

Bonjour,

Je me permet de coller mon raport de hijackthis, car depuis quelque temp
j'ai une fenetre intempesive dans ma barre des taches.Cela devien tres
agacant.

Merci de me dire si quelque chose ne tourne rond.

Logfile of HijackThis v1.99.1
Scan saved at 14:06:06, on 23/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1FICHIE~1AOLACSAOLacsd.exe
C:Program FilesFichiers communsSymantec SharedccProxy.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wdfmgr.exe
C:Program FilesFichiers communsSymantec SharedSecurity CenterSymWSC.exe
C:WINDOWSSystem32alg.exe
C:Program FilesApoint2KApoint.exe
C:WINDOWSsystem32khooker.exe
C:Program FilesJavaj2re1.4.2_05binjusched.exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesFichiers communsSymantec SharedccApp.exe
C:AppsPowercinemaPCMService.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesApoint2KApntex.exe
C:Program FilesApoint2KHidFind.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSsystem32sistray.EXE
C:WINDOWSvsnpp106.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:Program FilesCursorXPCursorXP.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:WINDOWSsystem32rsvp.exe
C:Program FilesOutlook Expressmsimn.exe
C:Documents and SettingsSCHMITT olivierBureauHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.yolabiza.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
file://C:APPSIEofflinefr.htm
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.yolabiza.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Packard
Bell
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:Program FilesFichiers communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:program filesgooglegoogletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program
FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:Program FilesFichiers communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program
filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM..Run: [PHIME2002ASync]
C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE
/IMEName
O4 - HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 - HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 - HKLM..Run: [SiS KHooker] C:WINDOWSsystem32khooker.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavaj2re1.4.2_05binjusched.exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers communsSymantec
SharedccApp.exe"
O4 - HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton Internet
SecurityUrlLstCk.exe
O4 - HKLM..Run: [PCMService] "c:AppsPowercinemaPCMService.exe"
O4 - HKLM..Run: [Symantec NetDriver Monitor]
C:PROGRA~1SYMNET~1SNDMon.exe /Consumer
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software
UpdateHPWuSchd2.exe
O4 - HKLM..Run: [HP Component Manager] "C:Program
FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [SiS Tray] C:WINDOWSsystem32sistray.EXE
O4 - HKLM..Run: [SNPP106] C:WINDOWSvsnpp106.exe
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe
O8 - Extra context menu item: &Google Search - res://c:program
filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:program
filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:program
filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:WINDOWSsystem32msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:WINDOWSsystem32Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:APPSIEofflinefr.htm
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid6467&clcid=0x409
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://212.157.152.82/AxisCamControl.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
C:PROGRA~1FICHIE~1AOLACSAOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
O23 - Service: MySqlInventime - Unknown owner -
c:mysqlbinmysqld-max-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
Corporation - C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton
Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:PROGRA~1FICHIE~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -
Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program
FilesFichiers communsSymantec SharedSecurity CenterSymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp
Software GmbH - C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe

Juste une remarque : dans les running processes ; smss.exe et csrss.exe sont
2 variantes du virus W32.sober.0@mm que Norton Antivirus a supprimé de mes
fichiers (Répertoire c:windowshelp) . J'étais préalablement infesté d'envoi
de messages parasites tous azimuths analysés par Norton dans une fenetre
pop-up.

"Dj-Ol" wrote:

Bonjour,

Je me permet de coller mon raport de hijackthis, car depuis quelque temp
j'ai une fenetre intempesive dans ma barre des taches.Cela devien tres
agacant.

Merci de me dire si quelque chose ne tourne rond.

Logfile of HijackThis v1.99.1
Scan saved at 14:06:06, on 23/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1FICHIE~1AOLACSAOLacsd.exe
C:Program FilesFichiers communsSymantec SharedccProxy.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wdfmgr.exe
C:Program FilesFichiers communsSymantec SharedSecurity CenterSymWSC.exe
C:WINDOWSSystem32alg.exe
C:Program FilesApoint2KApoint.exe
C:WINDOWSsystem32khooker.exe
C:Program FilesJavaj2re1.4.2_05binjusched.exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesFichiers communsSymantec SharedccApp.exe
C:AppsPowercinemaPCMService.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesApoint2KApntex.exe
C:Program FilesApoint2KHidFind.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSsystem32sistray.EXE
C:WINDOWSvsnpp106.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:Program FilesCursorXPCursorXP.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:WINDOWSsystem32rsvp.exe
C:Program FilesOutlook Expressmsimn.exe
C:Documents and SettingsSCHMITT olivierBureauHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.yolabiza.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
file://C:APPSIEofflinefr.htm
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.yolabiza.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Packard
Bell
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:Program FilesFichiers communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:program filesgooglegoogletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program
FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:Program FilesFichiers communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program
filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM..Run: [PHIME2002ASync]
C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE
/IMEName
O4 - HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 - HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 - HKLM..Run: [SiS KHooker] C:WINDOWSsystem32khooker.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavaj2re1.4.2_05binjusched.exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers communsSymantec
SharedccApp.exe"
O4 - HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton Internet
SecurityUrlLstCk.exe
O4 - HKLM..Run: [PCMService] "c:AppsPowercinemaPCMService.exe"
O4 - HKLM..Run: [Symantec NetDriver Monitor]
C:PROGRA~1SYMNET~1SNDMon.exe /Consumer
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software
UpdateHPWuSchd2.exe
O4 - HKLM..Run: [HP Component Manager] "C:Program
FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [SiS Tray] C:WINDOWSsystem32sistray.EXE
O4 - HKLM..Run: [SNPP106] C:WINDOWSvsnpp106.exe
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe
O8 - Extra context menu item: &Google Search - res://c:program
filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:program
filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:program
filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:WINDOWSsystem32msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:WINDOWSsystem32Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:APPSIEofflinefr.htm
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid6467&clcid=0x409
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://212.157.152.82/AxisCamControl.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
C:PROGRA~1FICHIE~1AOLACSAOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
O23 - Service: MySqlInventime - Unknown owner -
c:mysqlbinmysqld-max-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
Corporation - C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton
Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:PROGRA~1FICHIE~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -
Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program
FilesFichiers communsSymantec SharedSecurity CenterSymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp
Software GmbH - C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe

Vous avez filtré cet utilisateur ! Consultez son message

Bonjour,

Je me permet de coller mon raport de hijackthis, car depuis quelque temp
j'ai une fenetre intempesive dans ma barre des taches.Cela devien tres
agacant.

Merci de me dire si quelque chose ne tourne rond.

Logfile of HijackThis v1.99.1
Scan saved at 14:06:06, on 23/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1FICHIE~1AOLACSAOLacsd.exe
C:Program FilesFichiers communsSymantec SharedccProxy.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wdfmgr.exe
C:Program FilesFichiers communsSymantec SharedSecurity CenterSymWSC.exe
C:WINDOWSSystem32alg.exe
C:Program FilesApoint2KApoint.exe
C:WINDOWSsystem32khooker.exe
C:Program FilesJavaj2re1.4.2_05binjusched.exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesFichiers communsSymantec SharedccApp.exe
C:AppsPowercinemaPCMService.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesApoint2KApntex.exe
C:Program FilesApoint2KHidFind.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSsystem32sistray.EXE
C:WINDOWSvsnpp106.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:Program FilesCursorXPCursorXP.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:WINDOWSsystem32rsvp.exe
C:Program FilesOutlook Expressmsimn.exe
C:Documents and SettingsSCHMITT olivierBureauHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.yolabiza.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
file://C:APPSIEofflinefr.htm
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.yolabiza.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Packard
Bell
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:Program FilesFichiers communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:program filesgooglegoogletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program
FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:Program FilesFichiers communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program
filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM..Run: [PHIME2002ASync]
C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE
/IMEName
O4 - HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 - HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 - HKLM..Run: [SiS KHooker] C:WINDOWSsystem32khooker.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavaj2re1.4.2_05binjusched.exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers communsSymantec
SharedccApp.exe"
O4 - HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton Internet
SecurityUrlLstCk.exe
O4 - HKLM..Run: [PCMService] "c:AppsPowercinemaPCMService.exe"
O4 - HKLM..Run: [Symantec NetDriver Monitor]
C:PROGRA~1SYMNET~1SNDMon.exe /Consumer
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software
UpdateHPWuSchd2.exe
O4 - HKLM..Run: [HP Component Manager] "C:Program
FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [SiS Tray] C:WINDOWSsystem32sistray.EXE
O4 - HKLM..Run: [SNPP106] C:WINDOWSvsnpp106.exe
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe
O8 - Extra context menu item: &Google Search - res://c:program
filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:program
filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:program
filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:WINDOWSsystem32msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:WINDOWSsystem32Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:APPSIEofflinefr.htm
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid6467&clcid=0x409
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://212.157.152.82/AxisCamControl.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
C:PROGRA~1FICHIE~1AOLACSAOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
O23 - Service: MySqlInventime - Unknown owner -
c:mysqlbinmysqld-max-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
Corporation - C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton
Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:PROGRA~1FICHIE~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -
Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program
FilesFichiers communsSymantec SharedSecurity CenterSymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp
Software GmbH - C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe

E. Jasko

23/05/2005 à 14:27

Complement d'info sur mon message precedent : idem pour "services.exe" ...
Les fichiers étaient dans "c:windowsconnexion WizardStatus" et non pas
dans "c:windowshelp" comme indiqué par erreur dans le message précédent

"Dj-Ol" wrote:

Bonjour,

Je me permet de coller mon raport de hijackthis, car depuis quelque temp
j'ai une fenetre intempesive dans ma barre des taches.Cela devien tres
agacant.

Merci de me dire si quelque chose ne tourne rond.

Logfile of HijackThis v1.99.1
Scan saved at 14:06:06, on 23/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1FICHIE~1AOLACSAOLacsd.exe
C:Program FilesFichiers communsSymantec SharedccProxy.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wdfmgr.exe
C:Program FilesFichiers communsSymantec SharedSecurity CenterSymWSC.exe
C:WINDOWSSystem32alg.exe
C:Program FilesApoint2KApoint.exe
C:WINDOWSsystem32khooker.exe
C:Program FilesJavaj2re1.4.2_05binjusched.exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesFichiers communsSymantec SharedccApp.exe
C:AppsPowercinemaPCMService.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesApoint2KApntex.exe
C:Program FilesApoint2KHidFind.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSsystem32sistray.EXE
C:WINDOWSvsnpp106.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:Program FilesCursorXPCursorXP.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:WINDOWSsystem32rsvp.exe
C:Program FilesOutlook Expressmsimn.exe
C:Documents and SettingsSCHMITT olivierBureauHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.yolabiza.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
file://C:APPSIEofflinefr.htm
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.yolabiza.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Packard
Bell
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:Program FilesFichiers communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:program filesgooglegoogletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program
FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:Program FilesFichiers communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program
filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM..Run: [PHIME2002ASync]
C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE
/IMEName
O4 - HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 - HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 - HKLM..Run: [SiS KHooker] C:WINDOWSsystem32khooker.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavaj2re1.4.2_05binjusched.exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers communsSymantec
SharedccApp.exe"
O4 - HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton Internet
SecurityUrlLstCk.exe
O4 - HKLM..Run: [PCMService] "c:AppsPowercinemaPCMService.exe"
O4 - HKLM..Run: [Symantec NetDriver Monitor]
C:PROGRA~1SYMNET~1SNDMon.exe /Consumer
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software
UpdateHPWuSchd2.exe
O4 - HKLM..Run: [HP Component Manager] "C:Program
FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [SiS Tray] C:WINDOWSsystem32sistray.EXE
O4 - HKLM..Run: [SNPP106] C:WINDOWSvsnpp106.exe
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe
O8 - Extra context menu item: &Google Search - res://c:program
filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:program
filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:program
filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:WINDOWSsystem32msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:WINDOWSsystem32Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:APPSIEofflinefr.htm
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid6467&clcid=0x409
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://212.157.152.82/AxisCamControl.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
C:PROGRA~1FICHIE~1AOLACSAOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
O23 - Service: MySqlInventime - Unknown owner -
c:mysqlbinmysqld-max-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
Corporation - C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton
Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:PROGRA~1FICHIE~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -
Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program
FilesFichiers communsSymantec SharedSecurity CenterSymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp
Software GmbH - C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe

Vous avez filtré cet utilisateur ! Consultez son message

Bonjour,

Je me permet de coller mon raport de hijackthis, car depuis quelque temp
j'ai une fenetre intempesive dans ma barre des taches.Cela devien tres
agacant.

Merci de me dire si quelque chose ne tourne rond.

Logfile of HijackThis v1.99.1
Scan saved at 14:06:06, on 23/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
C:WINDOWSExplorer.EXE
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1FICHIE~1AOLACSAOLacsd.exe
C:Program FilesFichiers communsSymantec SharedccProxy.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusnavapsvc.exe
C:Program FilesNorton Internet SecurityNorton AntiVirusSAVScan.exe
C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32wdfmgr.exe
C:Program FilesFichiers communsSymantec SharedSecurity CenterSymWSC.exe
C:WINDOWSSystem32alg.exe
C:Program FilesApoint2KApoint.exe
C:WINDOWSsystem32khooker.exe
C:Program FilesJavaj2re1.4.2_05binjusched.exe
C:WINDOWSAGRSMMSG.exe
C:Program FilesFichiers communsSymantec SharedccApp.exe
C:AppsPowercinemaPCMService.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesApoint2KApntex.exe
C:Program FilesApoint2KHidFind.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSsystem32sistray.EXE
C:WINDOWSvsnpp106.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:Program FilesCursorXPCursorXP.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesMSN Messengermsnmsgr.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:WINDOWSsystem32rsvp.exe
C:Program FilesOutlook Expressmsimn.exe
C:Documents and SettingsSCHMITT olivierBureauHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.yolabiza.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
file://C:APPSIEofflinefr.htm
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.yolabiza.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Packard
Bell
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
C:Program FilesFichiers communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:program filesgooglegoogletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program
FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} -
C:Program FilesFichiers communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:Program FilesNorton Internet SecurityNorton AntiVirusNavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program
filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [IMJPMIG8.1] "C:WINDOWSIMEimjp8_1IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM..Run: [PHIME2002ASync]
C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 - HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE
/IMEName
O4 - HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 - HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 - HKLM..Run: [SiS KHooker] C:WINDOWSsystem32khooker.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavaj2re1.4.2_05binjusched.exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers communsSymantec
SharedccApp.exe"
O4 - HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton Internet
SecurityUrlLstCk.exe
O4 - HKLM..Run: [PCMService] "c:AppsPowercinemaPCMService.exe"
O4 - HKLM..Run: [Symantec NetDriver Monitor]
C:PROGRA~1SYMNET~1SNDMon.exe /Consumer
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software
UpdateHPWuSchd2.exe
O4 - HKLM..Run: [HP Component Manager] "C:Program
FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [SiS Tray] C:WINDOWSsystem32sistray.EXE
O4 - HKLM..Run: [SNPP106] C:WINDOWSvsnpp106.exe
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [CursorXP] C:Program FilesCursorXPCursorXP.exe
O8 - Extra context menu item: &Google Search - res://c:program
filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Pages liées - res://c:program
filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:program
filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:WINDOWSsystem32msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:WINDOWSsystem32Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:APPSIEofflinefr.htm
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid6467&clcid=0x409
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://212.157.152.82/AxisCamControl.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. -
C:PROGRA~1FICHIE~1AOLACSAOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
O23 - Service: MySqlInventime - Unknown owner -
c:mysqlbinmysqld-max-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec
Corporation - C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:Program FilesNorton
Internet SecurityNorton AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:PROGRA~1FICHIE~1SYMANT~1SCRIPT~1SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:Program FilesFichiers communsSymantec SharedSNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) -
Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:Program
FilesFichiers communsSymantec SharedSecurity CenterSymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp
Software GmbH - C:Program FilesTuneUp Utilities 2004WinStylerThemeSvc.exe

JacK [MVP]

23/05/2005 à 14:52

Dj-Ol a couché sur son écran :

Bonjour,

Je me permet de coller mon raport de hijackthis, car depuis quelque temp j'ai
une fenetre intempesive dans ma barre des taches.Cela devien tres agacant.

Merci de me dire si quelque chose ne tourne rond.

'lut,

Fixer ceci :

C:WINDOWSvsnpp106.exe
O4 - HKLM..Run: [SNPP106] C:WINDOWSvsnpp106.exe

IE/OE ne doivent pas être lancés.

--
http://www.optimix.be.tf MVP Windows Security
http://websecurite.org
http://www.msmvps.com/XPditif/
http://experts.microsoft.fr/longhorn4u/
Helping you void your warranty since 2000
---**ANTISPAM**---
Click on the link to answer -Cliquez sur le lien pour répondre
http://www.cerbermail.com/?csaLJS6yvZ
@(0)@ JacK

Tsilefy

23/05/2005 à 14:59

Dans news:,
E. Jasko a écrit:

Juste une remarque : dans les running processes ;
smss.exe et csrss.exe sont 2 variantes du virus
que Norton Antivirus a supprimé de mes
fichiers (Répertoire c:windowshelp) . J'étais
préalablement infesté d'envoi de messages parasites tous
azimuths analysés par Norton dans une fenetre pop-up.

Attention quand même à bien rappeller que smss.exe et csrss dans

windows/system32/ sont des fichiers systèmes légitimes appartenant à windows
et que si on les effaces (si c'est possible d'ailleurs, win ne manquant
surement pas de produire un beau message d'erreur si on le tente), il est
possible que windows ne démarre plus.

--
Tsilefy

Dj-Ol

23/05/2005 à 18:04

Vous avez trouver quelque chose à suprimer ?
"JacK [MVP]" a écrit dans le message de news:

Dj-Ol a couché sur son écran :
Bonjour,

Je me permet de coller mon raport de hijackthis, car depuis quelque temp
j'ai une fenetre intempesive dans ma barre des taches.Cela devien tres
agacant.

Merci de me dire si quelque chose ne tourne rond.

'lut,

Fixer ceci :

C:WINDOWSvsnpp106.exe
O4 - HKLM..Run: [SNPP106] C:WINDOWSvsnpp106.exe

IE/OE ne doivent pas être lancés.

--
http://www.optimix.be.tf MVP Windows Security http://websecurite.org
http://www.msmvps.com/XPditif/ http://experts.microsoft.fr/longhorn4u/
Helping you void your warranty since 2000
---**ANTISPAM**---
Click on the link to answer -Cliquez sur le lien pour répondre
http://www.cerbermail.com/?csaLJS6yvZ
@(0)@ JacK

Jacquouille la Fripouille

23/05/2005 à 19:05

"Dj-Ol" a écrit dans le message de
news:%
| Vous avez trouver quelque chose à suprimer ?

Jack vient de te répondre.
"Fixer" chez hijacktest, ça veut dire cocher puis clic sur "fix...". ce qui
éradique les lignes dont les cases sont cochées.

--
Jacquouille

Raport hijackthis ?

6 réponses

Veuillez sélectionner un problème