resultat hijackthis et cmd.exe et pv.exe

Twitter iPhone pliant OnePlus 11 PS5 Disney+ Orange Livebox Windows 11

Entraide Windows Windows XP Discussions Générales resultat hijackthis et cmd.exe et pv.exe

2 réponses

laroun

29/01/2005 à 13:26

Bonjour
J'ai execut=E9 HikackThis derniere version, et voici le=20
fichier log
Les deux processus sont pv.exe et cmd.exe
Une ligne m'a interpell=E9: winupdate/service.exe
Norton m'avait parl=E9 d'une cl=E9 de reg=20
system32/service.exe =E0 virer mais je ne l'ai pas trouv=E9e
Que faut-il supprimer svp?

Logfile of HijackThis v1.99.0
Scan saved at 13:16:06, on 29/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Symantec=20
Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec=20
Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec=20
Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton=20
AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Fichiers communs\Symantec=20
Shared\SNDSrvc.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Fichiers communs\Symantec=20
Shared\ccEvtMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton Internet Security\Norton=20
AntiVirus\SAVScan.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\BRQIKMON.EXE
C:\WINDOWS\update\start.exe
C:\WINDOWS\update\WinUpdate.exe
C:\Documents and Settings\Les enfants\Mes=20
documents\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\update\pv.exe

R1 - HKCU\Software\Microsoft\Internet=20
Explorer\Main,Search Bar =3D=20
http://www.krofjftaycypox.net/iGWzpdwd6/E7l10CrcL8tvoceJBV
GzkZN_NIQ2gMZUgmVlO/OsGGQEetrVVMnMjv.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start=20
Page =3D http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start=20
Page =3D http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet=20
Explorer\Toolbar,LinksFolderName =3D Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-
0B5F309A0E64} - c:\Program Files\Microsoft=20
Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-
298DDF1699E1} - C:\Program Files\Fichiers=20
communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton Internet=20
Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-
A37C9A5676A7} - C:\Program Files\Fichiers=20
communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton Internet=20
Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE=20
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers=20
communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton=20
Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [RealTray] C:\Program=20
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1
\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program=20
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft=20
AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32
\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program=20
Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [update] C:\WINDOWS\update\hide=20
C:\WINDOWS\update\ess.bat
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program=20
Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk =3D C:\Program=20
Files\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk =3D=20
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk =3D C:\Program=20
Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet=20
Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet=20
Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet=20
Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet=20
Explorer\Control Panel present
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-
A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-
4e1f-A54D-A2CD196348E9} - C:\Program=20
Files\ICQLite\ICQLite.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-
A9046DEA8A21} - c:\Program Files\Microsoft=20
Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -=20
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program=20
Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}=20
(Checkers Class) -=20
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}=20
(Minesweeper Flags Class) -=20
http://messenger.zone.msn.com/binary/MineSweeper.cab28578.
cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49}=20
(FileSharingCtrl Class) -=20
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/
FileSharing/fr/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}=20
(MessengerStatsClient Class) -=20
http://messenger.zone.msn.com/binary/MessengerStatsClient.
cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}=20
(Solitaire Showdown Class) -=20
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: BrSplService - brother Industries Ltd -=20
C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -=20
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec=20
Corporation - C:\Program Files\Fichiers communs\Symantec=20
Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec=20
Corporation - C:\Program Files\Fichiers communs\Symantec=20
Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec=20
Corporation - C:\Program Files\Fichiers communs\Symantec=20
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec=20
Corporation - C:\Program Files\Fichiers communs\Symantec=20
Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire=20
de disque logique - Unknown - C:\WINDOWS\System32
\dmadmin.exe
O23 - Service: Journal des =E9v=E9nements - Unknown -=20
C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown - C:\WINDOWS\system32
\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI -=20
Unknown - C:\WINDOWS\System32\imapi.exe
O23 - Service: IomegaAccess - Unknown - C:\Program=20
Files\Iomega\Tools_NT\IOMEGAACCESS.EXE (file missing)
O23 - Service: Partage de Bureau =E0 distance NetMeeting -=20
Unknown - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect -=20
Symantec Corporation - C:\Program Files\Norton Internet=20
Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA=20
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown -=20
C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le=20
Bureau =E0 distance - Unknown - C:\WINDOWS\system32
\sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation -=20
C:\Program Files\Norton Internet Security\Norton=20
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec=20
Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1
\SBServ.exe
O23 - Service: Carte =E0 puce - Unknown -=20
C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe=20
(file missing)
O23 - Service: Symantec Network Drivers Service -=20
Symantec Corporation - C:\Program Files\Fichiers=20
communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Journaux et alertes de performance -=20
Unknown - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Clich=E9 instantan=E9 de volume - Unknown -=20
C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI - Unknown -=20
C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: ZipToA - Unknown - C:\WINDOWS\System32
\ZipToA.exe

2 réponses

°°° KLP °°°

29/01/2005 à 13:49

Bonjour,
Aller faire l'analyse du log en ligne :
http://hijackthis.de/fr

KLP

"laroun" a écrit dans le message de news:24af01c505fd$b5d8b470$
Bonjour
J'ai executé HikackThis derniere version, et voici le
fichier log
Les deux processus sont pv.exe et cmd.exe
Une ligne m'a interpellé: winupdate/service.exe
Norton m'avait parlé d'une clé de reg
system32/service.exe à virer mais je ne l'ai pas trouvée
Que faut-il supprimer svp?

Logfile of HijackThis v1.99.0
Scan saved at 13:16:06, on 29/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32brsvc01a.exe
C:WINDOWSSystem32brss01a.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesFichiers communsSymantec
SharedccApp.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32ntvdm.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
C:Program FilesOpenOffice.org1.1.3programsoffice.exe
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesFichiers communsSymantec
SharedccProxy.exe
C:Program FilesFichiers communsSymantec
SharedccSetMgr.exe
C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSsystem32slserv.exe
C:Program FilesFichiers communsSymantec
SharedSNDSrvc.exe
C:WINDOWSsystem32cmd.exe
C:Program FilesFichiers communsSymantec
SharedccEvtMgr.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesNorton Internet SecurityNorton
AntiVirusSAVScan.exe
C:WINDOWSSystem32spoolDRIVERSW32X862BRQIKMON.EXE
C:WINDOWSupdatestart.exe
C:WINDOWSupdateWinUpdate.exe
C:Documents and SettingsLes enfantsMes
documentshijackthisHijackThis.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSupdatepv.exe

R1 - HKCUSoftwareMicrosoftInternet
ExplorerMain,Search Bar =
http://www.krofjftaycypox.net/iGWzpdwd6/E7l10CrcL8tvoceJBV
GzkZN_NIQ2gMZUgmVlO/OsGGQEetrVVMnMjv.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start
Page = http://www.google.fr/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start
Page = http://www.google.fr/
R0 - HKCUSoftwareMicrosoftInternet
ExplorerToolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0
ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-
0B5F309A0E64} - c:Program FilesMicrosoft
MoneySystemmnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-
298DDF1699E1} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:Program FilesNorton Internet
SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-
A37C9A5676A7} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:Program FilesNorton Internet
SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32
NeroCheck.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers
communsSymantec SharedccApp.exe"
O4 - HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton
Internet SecurityUrlLstCk.exe
O4 - HKLM..Run: [RealTray] C:Program
FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1
SYMNET~1SNDMon.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32
ctfmon.exe
O4 - HKCU..Run: [MoneyAgent] "c:Program
FilesMicrosoft MoneySystemmnyexpr.exe"
O4 - HKCU..Run: [update] C:WINDOWSupdatehide
C:WINDOWSupdateess.bat
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program
FilesSpybot - Search & DestroyTeaTimer.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:Program
FilesOpenOffice.org1.1.3programquickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk =
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program
FilesMicrosoft OfficeOffice10OSA.EXE
O6 - HKCUSoftwarePoliciesMicrosoftInternet
ExplorerRestrictions present
O6 - HKCUSoftwarePoliciesMicrosoftInternet
ExplorerControl Panel present
O6 - HKLMSoftwarePoliciesMicrosoftInternet
ExplorerRestrictions present
O6 - HKLMSoftwarePoliciesMicrosoftInternet
ExplorerControl Panel present
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-
A2CD196348E9} - C:Program FilesICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-
4e1f-A54D-A2CD196348E9} - C:Program
FilesICQLiteICQLite.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-
A9046DEA8A21} - c:Program FilesMicrosoft
MoneySystemmnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
(Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}
(Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab28578.
cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49}
(FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/
FileSharing/fr/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.
cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}
(Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: BrSplService - brother Industries Ltd -
C:WINDOWSSystem32brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -
C:WINDOWSsystem32driversCDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccProxy.exe
O23 - Service: Symantec Password Validation - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire
de disque logique - Unknown - C:WINDOWSSystem32
dmadmin.exe
O23 - Service: Journal des événements - Unknown -
C:WINDOWSsystem32services.exe
O23 - Service: Fax - Unknown - C:WINDOWSsystem32
fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI -
Unknown - C:WINDOWSSystem32imapi.exe
O23 - Service: IomegaAccess - Unknown - C:Program
FilesIomegaTools_NTIOMEGAACCESS.EXE (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting -
Unknown - C:WINDOWSSystem32mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect -
Symantec Corporation - C:Program FilesNorton Internet
SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA
Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown -
C:WINDOWSsystem32services.exe
O23 - Service: Gestionnaire de session d'aide sur le
Bureau à distance - Unknown - C:WINDOWSsystem32
sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation -
C:Program FilesNorton Internet SecurityNorton
AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec
Corporation - C:PROGRA~1FICHIE~1SYMANT~1SCRIPT~1
SBServ.exe
O23 - Service: Carte à puce - Unknown -
C:WINDOWSSystem32SCardSvr.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe
(file missing)
O23 - Service: Symantec Network Drivers Service -
Symantec Corporation - C:Program FilesFichiers
communsSymantec SharedSNDSrvc.exe
O23 - Service: Journaux et alertes de performance -
Unknown - C:WINDOWSsystem32smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown -
C:WINDOWSSystem32vssvc.exe
O23 - Service: Carte de performance WMI - Unknown -
C:WINDOWSSystem32wbemwmiapsrv.exe
O23 - Service: ZipToA - Unknown - C:WINDOWSSystem32
ZipToA.exe

Bonjour,
Aller faire l'analyse du log en ligne :
http://hijackthis.de/fr

KLP

"laroun" <anonymous@discussions.microsoft.com> a écrit dans le message de news:24af01c505fd$b5d8b470$a601280a@phx.gbl...
Bonjour
J'ai executé HikackThis derniere version, et voici le
fichier log
Les deux processus sont pv.exe et cmd.exe
Une ligne m'a interpellé: winupdate/service.exe
Norton m'avait parlé d'une clé de reg
system32/service.exe à virer mais je ne l'ai pas trouvée
Que faut-il supprimer svp?

Logfile of HijackThis v1.99.0
Scan saved at 13:16:06, on 29/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32brsvc01a.exe
C:WINDOWSSystem32brss01a.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesFichiers communsSymantec
SharedccApp.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32ntvdm.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
C:Program FilesOpenOffice.org1.1.3programsoffice.exe
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesFichiers communsSymantec
SharedccProxy.exe
C:Program FilesFichiers communsSymantec
SharedccSetMgr.exe
C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSsystem32slserv.exe
C:Program FilesFichiers communsSymantec
SharedSNDSrvc.exe
C:WINDOWSsystem32cmd.exe
C:Program FilesFichiers communsSymantec
SharedccEvtMgr.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesNorton Internet SecurityNorton
AntiVirusSAVScan.exe
C:WINDOWSSystem32spoolDRIVERSW32X862BRQIKMON.EXE
C:WINDOWSupdatestart.exe
C:WINDOWSupdateWinUpdate.exe
C:Documents and SettingsLes enfantsMes
documentshijackthisHijackThis.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSupdatepv.exe

R1 - HKCUSoftwareMicrosoftInternet
ExplorerMain,Search Bar =
http://www.krofjftaycypox.net/iGWzpdwd6/E7l10CrcL8tvoceJBV
GzkZN_NIQ2gMZUgmVlO/OsGGQEetrVVMnMjv.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start
Page = http://www.google.fr/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start
Page = http://www.google.fr/
R0 - HKCUSoftwareMicrosoftInternet
ExplorerToolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0
ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-
0B5F309A0E64} - c:Program FilesMicrosoft
MoneySystemmnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-
298DDF1699E1} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:Program FilesNorton Internet
SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-
A37C9A5676A7} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:Program FilesNorton Internet
SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32
NeroCheck.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers
communsSymantec SharedccApp.exe"
O4 - HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton
Internet SecurityUrlLstCk.exe
O4 - HKLM..Run: [RealTray] C:Program
FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1
SYMNET~1SNDMon.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32
ctfmon.exe
O4 - HKCU..Run: [MoneyAgent] "c:Program
FilesMicrosoft MoneySystemmnyexpr.exe"
O4 - HKCU..Run: [update] C:WINDOWSupdatehide
C:WINDOWSupdateess.bat
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program
FilesSpybot - Search & DestroyTeaTimer.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:Program
FilesOpenOffice.org1.1.3programquickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk =
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program
FilesMicrosoft OfficeOffice10OSA.EXE
O6 - HKCUSoftwarePoliciesMicrosoftInternet
ExplorerRestrictions present
O6 - HKCUSoftwarePoliciesMicrosoftInternet
ExplorerControl Panel present
O6 - HKLMSoftwarePoliciesMicrosoftInternet
ExplorerRestrictions present
O6 - HKLMSoftwarePoliciesMicrosoftInternet
ExplorerControl Panel present
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-
A2CD196348E9} - C:Program FilesICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-
4e1f-A54D-A2CD196348E9} - C:Program
FilesICQLiteICQLite.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-
A9046DEA8A21} - c:Program FilesMicrosoft
MoneySystemmnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
(Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}
(Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab28578.
cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49}
(FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/
FileSharing/fr/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.
cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}
(Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: BrSplService - brother Industries Ltd -
C:WINDOWSSystem32brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -
C:WINDOWSsystem32driversCDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccProxy.exe
O23 - Service: Symantec Password Validation - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire
de disque logique - Unknown - C:WINDOWSSystem32
dmadmin.exe
O23 - Service: Journal des événements - Unknown -
C:WINDOWSsystem32services.exe
O23 - Service: Fax - Unknown - C:WINDOWSsystem32
fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI -
Unknown - C:WINDOWSSystem32imapi.exe
O23 - Service: IomegaAccess - Unknown - C:Program
FilesIomegaTools_NTIOMEGAACCESS.EXE (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting -
Unknown - C:WINDOWSSystem32mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect -
Symantec Corporation - C:Program FilesNorton Internet
SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA
Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown -
C:WINDOWSsystem32services.exe
O23 - Service: Gestionnaire de session d'aide sur le
Bureau à distance - Unknown - C:WINDOWSsystem32
sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation -
C:Program FilesNorton Internet SecurityNorton
AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec
Corporation - C:PROGRA~1FICHIE~1SYMANT~1SCRIPT~1
SBServ.exe
O23 - Service: Carte à puce - Unknown -
C:WINDOWSSystem32SCardSvr.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe
(file missing)
O23 - Service: Symantec Network Drivers Service -
Symantec Corporation - C:Program FilesFichiers
communsSymantec SharedSNDSrvc.exe
O23 - Service: Journaux et alertes de performance -
Unknown - C:WINDOWSsystem32smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown -
C:WINDOWSSystem32vssvc.exe
O23 - Service: Carte de performance WMI - Unknown -
C:WINDOWSSystem32wbemwmiapsrv.exe
O23 - Service: ZipToA - Unknown - C:WINDOWSSystem32
ZipToA.exe

Vous avez filtré cet utilisateur ! Consultez son message

Bonjour,
Aller faire l'analyse du log en ligne :
http://hijackthis.de/fr

KLP

"laroun" a écrit dans le message de news:24af01c505fd$b5d8b470$
Bonjour
J'ai executé HikackThis derniere version, et voici le
fichier log
Les deux processus sont pv.exe et cmd.exe
Une ligne m'a interpellé: winupdate/service.exe
Norton m'avait parlé d'une clé de reg
system32/service.exe à virer mais je ne l'ai pas trouvée
Que faut-il supprimer svp?

Logfile of HijackThis v1.99.0
Scan saved at 13:16:06, on 29/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32brsvc01a.exe
C:WINDOWSSystem32brss01a.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesFichiers communsSymantec
SharedccApp.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32ntvdm.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
C:Program FilesOpenOffice.org1.1.3programsoffice.exe
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesFichiers communsSymantec
SharedccProxy.exe
C:Program FilesFichiers communsSymantec
SharedccSetMgr.exe
C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSsystem32slserv.exe
C:Program FilesFichiers communsSymantec
SharedSNDSrvc.exe
C:WINDOWSsystem32cmd.exe
C:Program FilesFichiers communsSymantec
SharedccEvtMgr.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesNorton Internet SecurityNorton
AntiVirusSAVScan.exe
C:WINDOWSSystem32spoolDRIVERSW32X862BRQIKMON.EXE
C:WINDOWSupdatestart.exe
C:WINDOWSupdateWinUpdate.exe
C:Documents and SettingsLes enfantsMes
documentshijackthisHijackThis.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSupdatepv.exe

R1 - HKCUSoftwareMicrosoftInternet
ExplorerMain,Search Bar =
http://www.krofjftaycypox.net/iGWzpdwd6/E7l10CrcL8tvoceJBV
GzkZN_NIQ2gMZUgmVlO/OsGGQEetrVVMnMjv.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start
Page = http://www.google.fr/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start
Page = http://www.google.fr/
R0 - HKCUSoftwareMicrosoftInternet
ExplorerToolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0
ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-
0B5F309A0E64} - c:Program FilesMicrosoft
MoneySystemmnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-
298DDF1699E1} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:Program FilesNorton Internet
SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-
A37C9A5676A7} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:Program FilesNorton Internet
SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32
NeroCheck.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers
communsSymantec SharedccApp.exe"
O4 - HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton
Internet SecurityUrlLstCk.exe
O4 - HKLM..Run: [RealTray] C:Program
FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1
SYMNET~1SNDMon.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32
ctfmon.exe
O4 - HKCU..Run: [MoneyAgent] "c:Program
FilesMicrosoft MoneySystemmnyexpr.exe"
O4 - HKCU..Run: [update] C:WINDOWSupdatehide
C:WINDOWSupdateess.bat
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program
FilesSpybot - Search & DestroyTeaTimer.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:Program
FilesOpenOffice.org1.1.3programquickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk =
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program
FilesMicrosoft OfficeOffice10OSA.EXE
O6 - HKCUSoftwarePoliciesMicrosoftInternet
ExplorerRestrictions present
O6 - HKCUSoftwarePoliciesMicrosoftInternet
ExplorerControl Panel present
O6 - HKLMSoftwarePoliciesMicrosoftInternet
ExplorerRestrictions present
O6 - HKLMSoftwarePoliciesMicrosoftInternet
ExplorerControl Panel present
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-
A2CD196348E9} - C:Program FilesICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-
4e1f-A54D-A2CD196348E9} - C:Program
FilesICQLiteICQLite.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-
A9046DEA8A21} - c:Program FilesMicrosoft
MoneySystemmnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
(Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}
(Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab28578.
cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49}
(FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/
FileSharing/fr/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.
cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}
(Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: BrSplService - brother Industries Ltd -
C:WINDOWSSystem32brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -
C:WINDOWSsystem32driversCDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccProxy.exe
O23 - Service: Symantec Password Validation - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire
de disque logique - Unknown - C:WINDOWSSystem32
dmadmin.exe
O23 - Service: Journal des événements - Unknown -
C:WINDOWSsystem32services.exe
O23 - Service: Fax - Unknown - C:WINDOWSsystem32
fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI -
Unknown - C:WINDOWSSystem32imapi.exe
O23 - Service: IomegaAccess - Unknown - C:Program
FilesIomegaTools_NTIOMEGAACCESS.EXE (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting -
Unknown - C:WINDOWSSystem32mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect -
Symantec Corporation - C:Program FilesNorton Internet
SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA
Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown -
C:WINDOWSsystem32services.exe
O23 - Service: Gestionnaire de session d'aide sur le
Bureau à distance - Unknown - C:WINDOWSsystem32
sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation -
C:Program FilesNorton Internet SecurityNorton
AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec
Corporation - C:PROGRA~1FICHIE~1SYMANT~1SCRIPT~1
SBServ.exe
O23 - Service: Carte à puce - Unknown -
C:WINDOWSSystem32SCardSvr.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe
(file missing)
O23 - Service: Symantec Network Drivers Service -
Symantec Corporation - C:Program FilesFichiers
communsSymantec SharedSNDSrvc.exe
O23 - Service: Journaux et alertes de performance -
Unknown - C:WINDOWSsystem32smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown -
C:WINDOWSSystem32vssvc.exe
O23 - Service: Carte de performance WMI - Unknown -
C:WINDOWSSystem32wbemwmiapsrv.exe
O23 - Service: ZipToA - Unknown - C:WINDOWSSystem32
ZipToA.exe

Pierre

29/01/2005 à 14:02

Bonjour,
Je l'ai fait ill fautr que tu supprimer ca
C:WINDOWSupdateWinUpdate.exe
Méchant Tâche en cours. (WinUpdate.exe)
Added as a result of the GAOBOT.BIA VIRUS! Méchant ! Terminez cette
tâche manuellement et essayez de l'effacer !

NeroCheck.exe
Méchant Tâche en cours. (NeroCheck.exe)
Tâche ne se trouve pas dans le répertoire System32 ! Méchant, cette
tâche devrait se trouver dans le répertoire System32.
Eventuellement méchant! Selon notre base de données, ce processus s'exécute
normalement dans c:windowssystem32! Vérifiez si vous connaissez ce
processus et arrangez un contrôle antivirus si nécessaire.

O4 - Global Startup: InterVideo WinCinema Manager.lnk Méchant Added as a result of the RPCBOT.F VIRUS!
Taux de précision: 22 % (Résultats) Effacer à tout prix !

--
-----------------------------------------------------
Pierre
http://www.assistancewindows.net
"°°° KLP °°°" a écrit dans le message de news:

Bonjour,
Aller faire l'analyse du log en ligne :
http://hijackthis.de/fr

KLP

"laroun" a écrit dans le message de
news:24af01c505fd$b5d8b470$
Bonjour
J'ai executé HikackThis derniere version, et voici le
fichier log
Les deux processus sont pv.exe et cmd.exe
Une ligne m'a interpellé: winupdate/service.exe
Norton m'avait parlé d'une clé de reg
system32/service.exe à virer mais je ne l'ai pas trouvée
Que faut-il supprimer svp?

Logfile of HijackThis v1.99.0
Scan saved at 13:16:06, on 29/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32brsvc01a.exe
C:WINDOWSSystem32brss01a.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesFichiers communsSymantec
SharedccApp.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32ntvdm.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
C:Program FilesOpenOffice.org1.1.3programsoffice.exe
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesFichiers communsSymantec
SharedccProxy.exe
C:Program FilesFichiers communsSymantec
SharedccSetMgr.exe
C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSsystem32slserv.exe
C:Program FilesFichiers communsSymantec
SharedSNDSrvc.exe
C:WINDOWSsystem32cmd.exe
C:Program FilesFichiers communsSymantec
SharedccEvtMgr.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesNorton Internet SecurityNorton
AntiVirusSAVScan.exe
C:WINDOWSSystem32spoolDRIVERSW32X862BRQIKMON.EXE
C:WINDOWSupdatestart.exe
C:WINDOWSupdateWinUpdate.exe
C:Documents and SettingsLes enfantsMes
documentshijackthisHijackThis.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSupdatepv.exe

R1 - HKCUSoftwareMicrosoftInternet
ExplorerMain,Search Bar http://www.krofjftaycypox.net/iGWzpdwd6/E7l10CrcL8tvoceJBV
GzkZN_NIQ2gMZUgmVlO/OsGGQEetrVVMnMjv.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start
Page = http://www.google.fr/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start
Page = http://www.google.fr/
R0 - HKCUSoftwareMicrosoftInternet
ExplorerToolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0
ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-
0B5F309A0E64} - c:Program FilesMicrosoft
MoneySystemmnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-
298DDF1699E1} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:Program FilesNorton Internet
SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-
A37C9A5676A7} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:Program FilesNorton Internet
SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32
NeroCheck.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers
communsSymantec SharedccApp.exe"
O4 - HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton
Internet SecurityUrlLstCk.exe
O4 - HKLM..Run: [RealTray] C:Program
FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1
SYMNET~1SNDMon.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32
ctfmon.exe
O4 - HKCU..Run: [MoneyAgent] "c:Program
FilesMicrosoft MoneySystemmnyexpr.exe"
O4 - HKCU..Run: [update] C:WINDOWSupdatehide
C:WINDOWSupdateess.bat
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program
FilesSpybot - Search & DestroyTeaTimer.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:Program
FilesOpenOffice.org1.1.3programquickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program
FilesMicrosoft OfficeOffice10OSA.EXE
O6 - HKCUSoftwarePoliciesMicrosoftInternet
ExplorerRestrictions present
O6 - HKCUSoftwarePoliciesMicrosoftInternet
ExplorerControl Panel present
O6 - HKLMSoftwarePoliciesMicrosoftInternet
ExplorerRestrictions present
O6 - HKLMSoftwarePoliciesMicrosoftInternet
ExplorerControl Panel present
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-
A2CD196348E9} - C:Program FilesICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-
4e1f-A54D-A2CD196348E9} - C:Program
FilesICQLiteICQLite.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-
A9046DEA8A21} - c:Program FilesMicrosoft
MoneySystemmnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
(Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}
(Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab28578.
cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49}
(FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/
FileSharing/fr/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.
cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}
(Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: BrSplService - brother Industries Ltd -
C:WINDOWSSystem32brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -
C:WINDOWSsystem32driversCDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccProxy.exe
O23 - Service: Symantec Password Validation - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire
de disque logique - Unknown - C:WINDOWSSystem32
dmadmin.exe
O23 - Service: Journal des événements - Unknown -
C:WINDOWSsystem32services.exe
O23 - Service: Fax - Unknown - C:WINDOWSsystem32
fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI -
Unknown - C:WINDOWSSystem32imapi.exe
O23 - Service: IomegaAccess - Unknown - C:Program
FilesIomegaTools_NTIOMEGAACCESS.EXE (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting -
Unknown - C:WINDOWSSystem32mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect -
Symantec Corporation - C:Program FilesNorton Internet
SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA
Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown -
C:WINDOWSsystem32services.exe
O23 - Service: Gestionnaire de session d'aide sur le
Bureau à distance - Unknown - C:WINDOWSsystem32
sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation -
C:Program FilesNorton Internet SecurityNorton
AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec
Corporation - C:PROGRA~1FICHIE~1SYMANT~1SCRIPT~1
SBServ.exe
O23 - Service: Carte à puce - Unknown -
C:WINDOWSSystem32SCardSvr.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe
(file missing)
O23 - Service: Symantec Network Drivers Service -
Symantec Corporation - C:Program FilesFichiers
communsSymantec SharedSNDSrvc.exe
O23 - Service: Journaux et alertes de performance -
Unknown - C:WINDOWSsystem32smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown -
C:WINDOWSSystem32vssvc.exe
O23 - Service: Carte de performance WMI - Unknown -
C:WINDOWSSystem32wbemwmiapsrv.exe
O23 - Service: ZipToA - Unknown - C:WINDOWSSystem32
ZipToA.exe

begin 666 boese.gif
M1TE&.#EA'@`>`-4``````/___]X``-,``-0("-4*"M4.#N(?']@?']LN+MPR
M,N8_/]]#0^^QO;^9L;.9Q<>=S<^Y_?^E_?_&/C^R.CNV7E^^AH?"G
MI_6OK_>_O_.O/C4U/O?/OEY?WO[____P``````````````````````
M````````````````````````````````````````````````````````````
M`````````````````````````````````"'Y! $``"(`+ `````>`!X```;_
M0)%P2,Q$& @"`<&(9(C0J+!#20RNV&R"(I5>%-EP6''I##Y%@,68G9
*&-?N)8 I8#E)H5PU#&P*)BA-##5AR1!=8$$2(BHF,0Q!895-@`X:5
MEYA0C@,*0Q17!5&6EYE$@ -<(E8#=U"NBU$85PD@&5<&7:,"%5)P`T97%L2C
M&U(65Ty@>C'EU72-5="Z-F5TG=4@^7!^$#2N11$Y<+Z4OL4!J7#^E,Z*[
M4AS;$<S,+!@(KXNT`4Z$F5DX)-D36[B@%(,&I=> !$)4#6 596(46;0Z? I%
MQ",14ZB&2-)?81 E7S6Z)$)N8`(C4</@CYX";9%4AFOHA9
6>JH30RJVF&[IP%#*D21+FCPQ$P0`.P``
`
end

Bonjour,
Je l'ai fait ill fautr que tu supprimer ca
C:WINDOWSupdateWinUpdate.exe
Méchant Tâche en cours. (WinUpdate.exe)
Added as a result of the GAOBOT.BIA VIRUS! Méchant ! Terminez cette
tâche manuellement et essayez de l'effacer !

NeroCheck.exe
Méchant Tâche en cours. (NeroCheck.exe)
Tâche ne se trouve pas dans le répertoire System32 ! Méchant, cette
tâche devrait se trouver dans le répertoire System32.
Eventuellement méchant! Selon notre base de données, ce processus s'exécute
normalement dans c:windowssystem32! Vérifiez si vous connaissez ce
processus et arrangez un contrôle antivirus si nécessaire.

O4 - Global Startup: InterVideo WinCinema Manager.lnk Méchant Added as a result of the RPCBOT.F VIRUS!
Taux de précision: 22 % (Résultats) Effacer à tout prix !

--
-----------------------------------------------------
Pierre
http://www.assistancewindows.net
"°°° KLP °°°" <adresse_pas_bonne@tant.pis> a écrit dans le message de news:
ezktEEgBFHA.1836@tk2msftngp13.phx.gbl...
Bonjour,
Aller faire l'analyse du log en ligne :
http://hijackthis.de/fr

KLP

"laroun" <anonymous@discussions.microsoft.com> a écrit dans le message de
news:24af01c505fd$b5d8b470$a601280a@phx.gbl...
Bonjour
J'ai executé HikackThis derniere version, et voici le
fichier log
Les deux processus sont pv.exe et cmd.exe
Une ligne m'a interpellé: winupdate/service.exe
Norton m'avait parlé d'une clé de reg
system32/service.exe à virer mais je ne l'ai pas trouvée
Que faut-il supprimer svp?

Logfile of HijackThis v1.99.0
Scan saved at 13:16:06, on 29/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32brsvc01a.exe
C:WINDOWSSystem32brss01a.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesFichiers communsSymantec
SharedccApp.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32ntvdm.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
C:Program FilesOpenOffice.org1.1.3programsoffice.exe
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesFichiers communsSymantec
SharedccProxy.exe
C:Program FilesFichiers communsSymantec
SharedccSetMgr.exe
C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSsystem32slserv.exe
C:Program FilesFichiers communsSymantec
SharedSNDSrvc.exe
C:WINDOWSsystem32cmd.exe
C:Program FilesFichiers communsSymantec
SharedccEvtMgr.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesNorton Internet SecurityNorton
AntiVirusSAVScan.exe
C:WINDOWSSystem32spoolDRIVERSW32X862BRQIKMON.EXE
C:WINDOWSupdatestart.exe
C:WINDOWSupdateWinUpdate.exe
C:Documents and SettingsLes enfantsMes
documentshijackthisHijackThis.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSupdatepv.exe

R1 - HKCUSoftwareMicrosoftInternet
ExplorerMain,Search Bar http://www.krofjftaycypox.net/iGWzpdwd6/E7l10CrcL8tvoceJBV
GzkZN_NIQ2gMZUgmVlO/OsGGQEetrVVMnMjv.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start
Page = http://www.google.fr/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start
Page = http://www.google.fr/
R0 - HKCUSoftwareMicrosoftInternet
ExplorerToolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0
ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-
0B5F309A0E64} - c:Program FilesMicrosoft
MoneySystemmnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-
298DDF1699E1} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:Program FilesNorton Internet
SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-
A37C9A5676A7} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:Program FilesNorton Internet
SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32
NeroCheck.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers
communsSymantec SharedccApp.exe"
O4 - HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton
Internet SecurityUrlLstCk.exe
O4 - HKLM..Run: [RealTray] C:Program
FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1
SYMNET~1SNDMon.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32
ctfmon.exe
O4 - HKCU..Run: [MoneyAgent] "c:Program
FilesMicrosoft MoneySystemmnyexpr.exe"
O4 - HKCU..Run: [update] C:WINDOWSupdatehide
C:WINDOWSupdateess.bat
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program
FilesSpybot - Search & DestroyTeaTimer.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:Program
FilesOpenOffice.org1.1.3programquickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program
FilesMicrosoft OfficeOffice10OSA.EXE
O6 - HKCUSoftwarePoliciesMicrosoftInternet
ExplorerRestrictions present
O6 - HKCUSoftwarePoliciesMicrosoftInternet
ExplorerControl Panel present
O6 - HKLMSoftwarePoliciesMicrosoftInternet
ExplorerRestrictions present
O6 - HKLMSoftwarePoliciesMicrosoftInternet
ExplorerControl Panel present
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-
A2CD196348E9} - C:Program FilesICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-
4e1f-A54D-A2CD196348E9} - C:Program
FilesICQLiteICQLite.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-
A9046DEA8A21} - c:Program FilesMicrosoft
MoneySystemmnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
(Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}
(Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab28578.
cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49}
(FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/
FileSharing/fr/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.
cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}
(Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: BrSplService - brother Industries Ltd -
C:WINDOWSSystem32brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -
C:WINDOWSsystem32driversCDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccProxy.exe
O23 - Service: Symantec Password Validation - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire
de disque logique - Unknown - C:WINDOWSSystem32
dmadmin.exe
O23 - Service: Journal des événements - Unknown -
C:WINDOWSsystem32services.exe
O23 - Service: Fax - Unknown - C:WINDOWSsystem32
fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI -
Unknown - C:WINDOWSSystem32imapi.exe
O23 - Service: IomegaAccess - Unknown - C:Program
FilesIomegaTools_NTIOMEGAACCESS.EXE (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting -
Unknown - C:WINDOWSSystem32mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect -
Symantec Corporation - C:Program FilesNorton Internet
SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA
Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown -
C:WINDOWSsystem32services.exe
O23 - Service: Gestionnaire de session d'aide sur le
Bureau à distance - Unknown - C:WINDOWSsystem32
sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation -
C:Program FilesNorton Internet SecurityNorton
AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec
Corporation - C:PROGRA~1FICHIE~1SYMANT~1SCRIPT~1
SBServ.exe
O23 - Service: Carte à puce - Unknown -
C:WINDOWSSystem32SCardSvr.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe
(file missing)
O23 - Service: Symantec Network Drivers Service -
Symantec Corporation - C:Program FilesFichiers
communsSymantec SharedSNDSrvc.exe
O23 - Service: Journaux et alertes de performance -
Unknown - C:WINDOWSsystem32smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown -
C:WINDOWSSystem32vssvc.exe
O23 - Service: Carte de performance WMI - Unknown -
C:WINDOWSSystem32wbemwmiapsrv.exe
O23 - Service: ZipToA - Unknown - C:WINDOWSSystem32
ZipToA.exe

begin 666 boese.gif
M1TE&.#EA'@`>`-4``````/___]X``-,``-0("-4*"M4.#N(?']@?']LN+MPR
M,N8_/]]#0^1@8.5G9^QO;^9L;.9Q<>=S<^Y_?^E_?_&/C^R.CNV7E^^AH?"G
MI_6OK_>_O_.O/C4U/O?W_K@X/OEY?WO[____P``````````````````````
M````````````````````````````````````````````````````````````
M`````````````````````````````````"'Y! $``"(`+ `````>`!X```;_
M0)%P2,Q$& @"`<&(9(C0J+!#20RNV&R"(I5>%-EP6''I#B59@X5#Y%@,68G9
M@15A1*&-?N)8 I8#E)H5PU#&P*)BA-##5AR1!=8$$2(BHF,0Q!895-@`X:5
MEYA0C@,*0Q17!5&6EYE$@ -<(E8#=U"NBU$85PD@&5<&7:,"%5)P`T97%L2C
M&U(65Ty@>C'EU72-5="Z-F5TG=4@^7!^$#2N11$Y<+Z4OL4!J7#^E,Z*[
M4AS;$<S,+!@(KXNT`4Z$F5DX)-D36[B@%(,&I=> !$)4#6 596(46;0Z? I%
MQ",14ZB&2-)G4L@F?81 E7S6Z)$4.JL8_@ED)N8`(C4</@CYX";9%4AFOHA9
6>JH30RJVF&[IP%#*D21+FCPQ$P0`.P``
`
end

Vous avez filtré cet utilisateur ! Consultez son message

Bonjour,
Je l'ai fait ill fautr que tu supprimer ca
C:WINDOWSupdateWinUpdate.exe
Méchant Tâche en cours. (WinUpdate.exe)
Added as a result of the GAOBOT.BIA VIRUS! Méchant ! Terminez cette
tâche manuellement et essayez de l'effacer !

NeroCheck.exe
Méchant Tâche en cours. (NeroCheck.exe)
Tâche ne se trouve pas dans le répertoire System32 ! Méchant, cette
tâche devrait se trouver dans le répertoire System32.
Eventuellement méchant! Selon notre base de données, ce processus s'exécute
normalement dans c:windowssystem32! Vérifiez si vous connaissez ce
processus et arrangez un contrôle antivirus si nécessaire.

O4 - Global Startup: InterVideo WinCinema Manager.lnk Méchant Added as a result of the RPCBOT.F VIRUS!
Taux de précision: 22 % (Résultats) Effacer à tout prix !

--
-----------------------------------------------------
Pierre
http://www.assistancewindows.net
"°°° KLP °°°" a écrit dans le message de news:

Bonjour,
Aller faire l'analyse du log en ligne :
http://hijackthis.de/fr

KLP

"laroun" a écrit dans le message de
news:24af01c505fd$b5d8b470$
Bonjour
J'ai executé HikackThis derniere version, et voici le
fichier log
Les deux processus sont pv.exe et cmd.exe
Une ligne m'a interpellé: winupdate/service.exe
Norton m'avait parlé d'une clé de reg
system32/service.exe à virer mais je ne l'ai pas trouvée
Que faut-il supprimer svp?

Logfile of HijackThis v1.99.0
Scan saved at 13:16:06, on 29/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32brsvc01a.exe
C:WINDOWSSystem32brss01a.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:Program FilesFichiers communsSymantec
SharedccApp.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesQuickTimeqttask.exe
C:Program FilesMicrosoft AntiSpywaregcasServ.exe
C:WINDOWSsystem32ctfmon.exe
C:WINDOWSsystem32ntvdm.exe
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
C:Program FilesOpenOffice.org1.1.3programsoffice.exe
C:WINDOWSsystem32driversCDAC11BA.EXE
C:Program FilesFichiers communsSymantec
SharedccProxy.exe
C:Program FilesFichiers communsSymantec
SharedccSetMgr.exe
C:Program FilesNorton Internet SecurityNorton
AntiVirusnavapsvc.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSsystem32slserv.exe
C:Program FilesFichiers communsSymantec
SharedSNDSrvc.exe
C:WINDOWSsystem32cmd.exe
C:Program FilesFichiers communsSymantec
SharedccEvtMgr.exe
C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe
C:Program FilesNorton Internet SecurityNorton
AntiVirusSAVScan.exe
C:WINDOWSSystem32spoolDRIVERSW32X862BRQIKMON.EXE
C:WINDOWSupdatestart.exe
C:WINDOWSupdateWinUpdate.exe
C:Documents and SettingsLes enfantsMes
documentshijackthisHijackThis.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSupdatepv.exe

R1 - HKCUSoftwareMicrosoftInternet
ExplorerMain,Search Bar http://www.krofjftaycypox.net/iGWzpdwd6/E7l10CrcL8tvoceJBV
GzkZN_NIQ2gMZUgmVlO/OsGGQEetrVVMnMjv.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start
Page = http://www.google.fr/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start
Page = http://www.google.fr/
R0 - HKCUSoftwareMicrosoftInternet
ExplorerToolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0
ReaderActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-
0B5F309A0E64} - c:Program FilesMicrosoft
MoneySystemmnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-
206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-
298DDF1699E1} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:Program FilesNorton Internet
SecurityNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-
209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-
A37C9A5676A7} - C:Program FilesFichiers
communsSymantec SharedAdBlockingNISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:Program FilesNorton Internet
SecurityNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32
NeroCheck.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers
communsSymantec SharedccApp.exe"
O4 - HKLM..Run: [URLLSTCK.exe] C:Program FilesNorton
Internet SecurityUrlLstCk.exe
O4 - HKLM..Run: [RealTray] C:Program
FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1
SYMNET~1SNDMon.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft
AntiSpywaregcasServ.exe"
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32
ctfmon.exe
O4 - HKCU..Run: [MoneyAgent] "c:Program
FilesMicrosoft MoneySystemmnyexpr.exe"
O4 - HKCU..Run: [update] C:WINDOWSupdatehide
C:WINDOWSupdateess.bat
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program
FilesSpybot - Search & DestroyTeaTimer.exe
O4 - Startup: OpenOffice.org 1.1.3.lnk = C:Program
FilesOpenOffice.org1.1.3programquickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk C:Program FilesInterVideoCommonBinWinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program
FilesMicrosoft OfficeOffice10OSA.EXE
O6 - HKCUSoftwarePoliciesMicrosoftInternet
ExplorerRestrictions present
O6 - HKCUSoftwarePoliciesMicrosoftInternet
ExplorerControl Panel present
O6 - HKLMSoftwarePoliciesMicrosoftInternet
ExplorerRestrictions present
O6 - HKLMSoftwarePoliciesMicrosoftInternet
ExplorerControl Panel present
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-
A2CD196348E9} - C:Program FilesICQLiteICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-
4e1f-A54D-A2CD196348E9} - C:Program
FilesICQLiteICQLite.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-
A9046DEA8A21} - c:Program FilesMicrosoft
MoneySystemmnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C}
(Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}
(Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab28578.
cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49}
(FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/
FileSharing/fr/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.
cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}
(Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: BrSplService - brother Industries Ltd -
C:WINDOWSSystem32brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision -
C:WINDOWSsystem32driversCDAC11BA.EXE
O23 - Service: Symantec Event Manager - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccProxy.exe
O23 - Service: Symantec Password Validation - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec
Corporation - C:Program FilesFichiers communsSymantec
SharedccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire
de disque logique - Unknown - C:WINDOWSSystem32
dmadmin.exe
O23 - Service: Journal des événements - Unknown -
C:WINDOWSsystem32services.exe
O23 - Service: Fax - Unknown - C:WINDOWSsystem32
fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI -
Unknown - C:WINDOWSSystem32imapi.exe
O23 - Service: IomegaAccess - Unknown - C:Program
FilesIomegaTools_NTIOMEGAACCESS.EXE (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting -
Unknown - C:WINDOWSSystem32mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect -
Symantec Corporation - C:Program FilesNorton Internet
SecurityNorton AntiVirusnavapsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA
Corporation - C:WINDOWSSystem32nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown -
C:WINDOWSsystem32services.exe
O23 - Service: Gestionnaire de session d'aide sur le
Bureau à distance - Unknown - C:WINDOWSsystem32
sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation -
C:Program FilesNorton Internet SecurityNorton
AntiVirusSAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec
Corporation - C:PROGRA~1FICHIE~1SYMANT~1SCRIPT~1
SBServ.exe
O23 - Service: Carte à puce - Unknown -
C:WINDOWSSystem32SCardSvr.exe
O23 - Service: SmartLinkService - Unknown - slserv.exe
(file missing)
O23 - Service: Symantec Network Drivers Service -
Symantec Corporation - C:Program FilesFichiers
communsSymantec SharedSNDSrvc.exe
O23 - Service: Journaux et alertes de performance -
Unknown - C:WINDOWSsystem32smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown -
C:WINDOWSSystem32vssvc.exe
O23 - Service: Carte de performance WMI - Unknown -
C:WINDOWSSystem32wbemwmiapsrv.exe
O23 - Service: ZipToA - Unknown - C:WINDOWSSystem32
ZipToA.exe

begin 666 boese.gif
M1TE&.#EA'@`>`-4``````/___]X``-,``-0("-4*"M4.#N(?']@?']LN+MPR
M,N8_/]]#0^^QO;^9L;.9Q<>=S<^Y_?^E_?_&/C^R.CNV7E^^AH?"G
MI_6OK_>_O_.O/C4U/O?/OEY?WO[____P``````````````````````
M````````````````````````````````````````````````````````````
M`````````````````````````````````"'Y! $``"(`+ `````>`!X```;_
M0)%P2,Q$& @"`<&(9(C0J+!#20RNV&R"(I5>%-EP6''I##Y%@,68G9
*&-?N)8 I8#E)H5PU#&P*)BA-##5AR1!=8$$2(BHF,0Q!895-@`X:5
MEYA0C@,*0Q17!5&6EYE$@ -<(E8#=U"NBU$85PD@&5<&7:,"%5)P`T97%L2C
M&U(65Ty@>C'EU72-5="Z-F5TG=4@^7!^$#2N11$Y<+Z4OL4!J7#^E,Z*[
M4AS;$<S,+!@(KXNT`4Z$F5DX)-D36[B@%(,&I=> !$)4#6 596(46;0Z? I%
MQ",14ZB&2-)?81 E7S6Z)$)N8`(C4</@CYX";9%4AFOHA9
6>JH30RJVF&[IP%#*D21+FCPQ$P0`.P``
`
end

resultat hijackthis et cmd.exe et pv.exe

2 réponses

Veuillez sélectionner un problème