Un petit log de Hijackthis

5 réponses

JMB

03/07/2004 à 10:40

Bonjour,

qui peut me donner un conseil ?

Merci

JMB

Logfile of HijackThis v1.97.7
Scan saved at 10:36:49, on 03/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
C:\Program Files\Java\j2re1.5.0\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Documents and Settings\a\Application Data\roah.exe
C:\WINDOWS\System32\wnsintcc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\Psion\PsiWin\Psconsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
c:\Program Files\PestPatrol\ppcontrol.exe
D:\A Graver\CM installation janvier 2004\Utilitaires\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://home.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft
Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program
Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "C:\Program
Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program
Files\ScanSoft\OmniPagePro14.0\PdfCnv\RegistryController.exe"
O4 - HKLM\..\Run: [SSPrnAgent] C:\Program
Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PestPatrol Control Center]
C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash
/minimized
O4 - HKCU\..\Run: [Exodus] "C:\Program Files\Exodus\Exodus.exe"
O4 - HKCU\..\Run: [Asaw] C:\Documents and Settings\a\Application
Data\roah.exe
O4 - HKCU\..\Run: [WNSC] C:\WINDOWS\System32\wnsintcc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers
communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program
Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
800-908\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert
4\PCAlert4.exe
O4 - Global Startup: Serveur de connexion PsiWin 2.3.lnk = C:\Program
Files\Psion\PsiWin\Psconsv.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone
Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word -
res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /300
O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: teleir_cert -
https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/15038bdc46c439641320/netzip/RdxIE601_fr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38009.6493287037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

5 réponses

Frederic Bezies

03/07/2004 à 10:55

Bonjour,

qui peut me donner un conseil ?

Cela vaudra que cela vaudra. A prendre avec des pincettes.

Merci

JMB

Logfile of HijackThis v1.97.7
Scan saved at 10:36:49, on 03/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE

Gnn ? Explorer avec un E majuscule ? Suspect, non ?

C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32driversCDAC11BA.EXE
C:Program FilesNorton SystemWorksNorton Antivirusnavapsvc.exe
C:PROGRA~1NORTON~1NORTON~2NPROTECT.EXE
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32oodag.exe
C:PROGRA~1NORTON~1NORTON~2SPEEDD~1NOPDB.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:Program FilesFichiers communsSymantec SharedccApp.exe
C:WINDOWSSystem32rundll32.exe
C:Program FilesScanSoftOmniPagePro14.0Opware14.exe
C:Program FilesScanSoftOmniPagePro14.0PdfPrnSPrnAgent.exe
C:Program FilesJavaj2re1.5.0binjusched.exe

A désactiver. Pas franchement utile sauf si tu veux la dernière béta de
la machine virtuelle java de sun.

C:Program FilesFichiers communsRealUpdate_OBrealsched.exe

Idem ci-dessus, mais pour Real Player.

C:Documents and SettingsaApplication Dataroah.exe

Suspect celui-ci.

C:WINDOWSSystem32wnsintcc.exe

Suspect.

C:Program FilesAdobeAcrobat 6.0Distillracrotray.exe

Tu as besoin de l'icone acrobat dans le coin droit ?

C:Program FilesSAGEMSAGEM 800-908dslmon.exe
C:Program FilesMSIPC Alert 4PCAlert4.exe
C:Program FilesPsionPsiWinPsconsv.exe
C:Program FilesZone LabsZoneAlarmzapro.exe
C:PROGRA~1PsionPsiWinElogerr.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesNorton SystemWorksNorton AntivirusSAVScan.exe
c:Program FilesPestPatrolppcontrol.exe
D:A GraverCM installation janvier 2004UtilitairesHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL > http://home.free.fr/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant > about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) > about:blank
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName > Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program
FilesAdobeAcrobat 6.0AcrobatActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program
FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
C:WINDOWS2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program
FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program
FilesNorton SystemWorksNorton AntivirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers communsSymantec
SharedccApp.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesFichiers communsScansoft
SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [WorkFlowTray] "C:Program
FilesScanSoftOmniPagePro14.0WorkFlowTray.exe"
O4 - HKLM..Run: [Opware14] "C:Program
FilesScanSoftOmniPagePro14.0Opware14.exe"
O4 - HKLM..Run: [PDF Converter Registry Controller] "C:Program
FilesScanSoftOmniPagePro14.0PdfCnvRegistryController.exe"
O4 - HKLM..Run: [SSPrnAgent] C:Program
FilesScanSoftOmniPagePro14.0PdfPrnSPrnAgent.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavaj2re1.5.0binjusched.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime

Pas franchement utile, sauf si tu veux lancer Quicktime en instantané ;p

O4 - HKLM..Run: [TkBellExe] "C:Program FilesFichiers
communsRealUpdate_OBrealsched.exe" -osboot

Idem, mais pour real player.

O4 - HKLM..Run: [PestPatrol Control Center]
C:PROGRA~1PESTPA~1PPControl.exe
O4 - HKLM..Run: [PPMemCheck] C:PROGRA~1PESTPA~1PPMemCheck.exe
O4 - HKLM..Run: [CookiePatrol] C:PROGRA~1PESTPA~1CookiePatrol.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe"
/background
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash
/minimized
O4 - HKCU..Run: [Exodus] "C:Program FilesExodusExodus.exe"
O4 - HKCU..Run: [Asaw] C:Documents and SettingsaApplication
Dataroah.exe
O4 - HKCU..Run: [WNSC] C:WINDOWSSystem32wnsintcc.exe

A virer.

O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesFichiers
communsAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:Program
FilesAdobeAcrobat 6.0Distillracrotray.exe
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM
800-908dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOfficeOSA9.EXE
O4 - Global Startup: PC Alert 4.lnk = C:Program FilesMSIPC Alert
4PCAlert4.exe
O4 - Global Startup: Serveur de connexion PsiWin 2.3.lnk = C:Program
FilesPsionPsiWinPsconsv.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:Program FilesZone
LabsZoneAlarmzapro.exe
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word -
res://C:Program FilesScanSoftOmniPagePro14.0PdfCnvIEShellExt.dll /300
O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: teleir_cert -
https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/15038bdc46c439641320/netzip/RdxIE601_fr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38009.6493287037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Désolé de ne pas pouvoir en dire plus, mais essaye de limiter le nombre
de programmes se lançant au démarrage. Surtout les outils Symantec ;p

--
Frédéric Béziès -

Site Perso : http://perso.wanadoo.fr/frederic.bezies/
Fourre-tout : http://perso.wanadoo.fr/frederic.bezies/pratique/
Blog : http://fredbezies.blogspot.com/

Bonjour,

qui peut me donner un conseil ?

Cela vaudra que cela vaudra. A prendre avec des pincettes.

Merci

JMB

Logfile of HijackThis v1.97.7
Scan saved at 10:36:49, on 03/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE

Gnn ? Explorer avec un E majuscule ? Suspect, non ?

C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32driversCDAC11BA.EXE
C:Program FilesNorton SystemWorksNorton Antivirusnavapsvc.exe
C:PROGRA~1NORTON~1NORTON~2NPROTECT.EXE
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32oodag.exe
C:PROGRA~1NORTON~1NORTON~2SPEEDD~1NOPDB.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:Program FilesFichiers communsSymantec SharedccApp.exe
C:WINDOWSSystem32rundll32.exe
C:Program FilesScanSoftOmniPagePro14.0Opware14.exe
C:Program FilesScanSoftOmniPagePro14.0PdfPrnSPrnAgent.exe
C:Program FilesJavaj2re1.5.0binjusched.exe

A désactiver. Pas franchement utile sauf si tu veux la dernière béta de
la machine virtuelle java de sun.

C:Program FilesFichiers communsRealUpdate_OBrealsched.exe

Idem ci-dessus, mais pour Real Player.

C:Documents and SettingsaApplication Dataroah.exe

Suspect celui-ci.

C:WINDOWSSystem32wnsintcc.exe

Suspect.

C:Program FilesAdobeAcrobat 6.0Distillracrotray.exe

Tu as besoin de l'icone acrobat dans le coin droit ?

C:Program FilesSAGEMSAGEM F@st 800-908dslmon.exe
C:Program FilesMSIPC Alert 4PCAlert4.exe
C:Program FilesPsionPsiWinPsconsv.exe
C:Program FilesZone LabsZoneAlarmzapro.exe
C:PROGRA~1PsionPsiWinElogerr.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesNorton SystemWorksNorton AntivirusSAVScan.exe
c:Program FilesPestPatrolppcontrol.exe
D:A GraverCM installation janvier 2004UtilitairesHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL > http://home.free.fr/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant > about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) > about:blank
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName > Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program
FilesAdobeAcrobat 6.0AcrobatActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program
FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
C:WINDOWS2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program
FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program
FilesNorton SystemWorksNorton AntivirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers communsSymantec
SharedccApp.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesFichiers communsScansoft
SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [WorkFlowTray] "C:Program
FilesScanSoftOmniPagePro14.0WorkFlowTray.exe"
O4 - HKLM..Run: [Opware14] "C:Program
FilesScanSoftOmniPagePro14.0Opware14.exe"
O4 - HKLM..Run: [PDF Converter Registry Controller] "C:Program
FilesScanSoftOmniPagePro14.0PdfCnvRegistryController.exe"
O4 - HKLM..Run: [SSPrnAgent] C:Program
FilesScanSoftOmniPagePro14.0PdfPrnSPrnAgent.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavaj2re1.5.0binjusched.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime

Pas franchement utile, sauf si tu veux lancer Quicktime en instantané ;p

O4 - HKLM..Run: [TkBellExe] "C:Program FilesFichiers
communsRealUpdate_OBrealsched.exe" -osboot

Idem, mais pour real player.

O4 - HKLM..Run: [PestPatrol Control Center]
C:PROGRA~1PESTPA~1PPControl.exe
O4 - HKLM..Run: [PPMemCheck] C:PROGRA~1PESTPA~1PPMemCheck.exe
O4 - HKLM..Run: [CookiePatrol] C:PROGRA~1PESTPA~1CookiePatrol.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe"
/background
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash
/minimized
O4 - HKCU..Run: [Exodus] "C:Program FilesExodusExodus.exe"
O4 - HKCU..Run: [Asaw] C:Documents and SettingsaApplication
Dataroah.exe
O4 - HKCU..Run: [WNSC] C:WINDOWSSystem32wnsintcc.exe

A virer.

O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesFichiers
communsAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:Program
FilesAdobeAcrobat 6.0Distillracrotray.exe
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st
800-908dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOfficeOSA9.EXE
O4 - Global Startup: PC Alert 4.lnk = C:Program FilesMSIPC Alert
4PCAlert4.exe
O4 - Global Startup: Serveur de connexion PsiWin 2.3.lnk = C:Program
FilesPsionPsiWinPsconsv.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:Program FilesZone
LabsZoneAlarmzapro.exe
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word -
res://C:Program FilesScanSoftOmniPagePro14.0PdfCnvIEShellExt.dll /300
O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: teleir_cert -
https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/15038bdc46c439641320/netzip/RdxIE601_fr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38009.6493287037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Désolé de ne pas pouvoir en dire plus, mais essaye de limiter le nombre
de programmes se lançant au démarrage. Surtout les outils Symantec ;p

--
Frédéric Béziès - mozjf@alussinan.org

Site Perso : http://perso.wanadoo.fr/frederic.bezies/
Fourre-tout : http://perso.wanadoo.fr/frederic.bezies/pratique/
Blog : http://fredbezies.blogspot.com/

Vous avez filtré cet utilisateur ! Consultez son message

Bonjour,

qui peut me donner un conseil ?

Cela vaudra que cela vaudra. A prendre avec des pincettes.

Merci

JMB

Logfile of HijackThis v1.97.7
Scan saved at 10:36:49, on 03/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesFichiers communsSymantec SharedccSetMgr.exe
C:WINDOWSExplorer.EXE

Gnn ? Explorer avec un E majuscule ? Suspect, non ?

C:Program FilesFichiers communsSymantec SharedccEvtMgr.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSSystem32driversCDAC11BA.EXE
C:Program FilesNorton SystemWorksNorton Antivirusnavapsvc.exe
C:PROGRA~1NORTON~1NORTON~2NPROTECT.EXE
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32oodag.exe
C:PROGRA~1NORTON~1NORTON~2SPEEDD~1NOPDB.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:Program FilesFichiers communsSymantec SharedccApp.exe
C:WINDOWSSystem32rundll32.exe
C:Program FilesScanSoftOmniPagePro14.0Opware14.exe
C:Program FilesScanSoftOmniPagePro14.0PdfPrnSPrnAgent.exe
C:Program FilesJavaj2re1.5.0binjusched.exe

A désactiver. Pas franchement utile sauf si tu veux la dernière béta de
la machine virtuelle java de sun.

C:Program FilesFichiers communsRealUpdate_OBrealsched.exe

Idem ci-dessus, mais pour Real Player.

C:Documents and SettingsaApplication Dataroah.exe

Suspect celui-ci.

C:WINDOWSSystem32wnsintcc.exe

Suspect.

C:Program FilesAdobeAcrobat 6.0Distillracrotray.exe

Tu as besoin de l'icone acrobat dans le coin droit ?

C:Program FilesSAGEMSAGEM 800-908dslmon.exe
C:Program FilesMSIPC Alert 4PCAlert4.exe
C:Program FilesPsionPsiWinPsconsv.exe
C:Program FilesZone LabsZoneAlarmzapro.exe
C:PROGRA~1PsionPsiWinElogerr.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesNorton SystemWorksNorton AntivirusSAVScan.exe
c:Program FilesPestPatrolppcontrol.exe
D:A GraverCM installation janvier 2004UtilitairesHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL > http://home.free.fr/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant > about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) > about:blank
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName > Liens
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program
FilesAdobeAcrobat 6.0AcrobatActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program
FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
C:WINDOWS2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program
FilesAdobeAcrobat 6.0AcrobatAcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program
FilesNorton SystemWorksNorton AntivirusNavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [ccApp] "C:Program FilesFichiers communsSymantec
SharedccApp.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesFichiers communsScansoft
SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [WorkFlowTray] "C:Program
FilesScanSoftOmniPagePro14.0WorkFlowTray.exe"
O4 - HKLM..Run: [Opware14] "C:Program
FilesScanSoftOmniPagePro14.0Opware14.exe"
O4 - HKLM..Run: [PDF Converter Registry Controller] "C:Program
FilesScanSoftOmniPagePro14.0PdfCnvRegistryController.exe"
O4 - HKLM..Run: [SSPrnAgent] C:Program
FilesScanSoftOmniPagePro14.0PdfPrnSPrnAgent.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavaj2re1.5.0binjusched.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime

Pas franchement utile, sauf si tu veux lancer Quicktime en instantané ;p

O4 - HKLM..Run: [TkBellExe] "C:Program FilesFichiers
communsRealUpdate_OBrealsched.exe" -osboot

Idem, mais pour real player.

O4 - HKLM..Run: [PestPatrol Control Center]
C:PROGRA~1PESTPA~1PPControl.exe
O4 - HKLM..Run: [PPMemCheck] C:PROGRA~1PESTPA~1PPMemCheck.exe
O4 - HKLM..Run: [CookiePatrol] C:PROGRA~1PESTPA~1CookiePatrol.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe"
/background
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash
/minimized
O4 - HKCU..Run: [Exodus] "C:Program FilesExodusExodus.exe"
O4 - HKCU..Run: [Asaw] C:Documents and SettingsaApplication
Dataroah.exe
O4 - HKCU..Run: [WNSC] C:WINDOWSSystem32wnsintcc.exe

A virer.

O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesFichiers
communsAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:Program
FilesAdobeAcrobat 6.0Distillracrotray.exe
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM
800-908dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft
OfficeOfficeOSA9.EXE
O4 - Global Startup: PC Alert 4.lnk = C:Program FilesMSIPC Alert
4PCAlert4.exe
O4 - Global Startup: Serveur de connexion PsiWin 2.3.lnk = C:Program
FilesPsionPsiWinPsconsv.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:Program FilesZone
LabsZoneAlarmzapro.exe
O8 - Extra context menu item: Ouvrir le fichier PDF dans Word -
res://C:Program FilesScanSoftOmniPagePro14.0PdfCnvIEShellExt.dll /300
O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: teleir_cert -
https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/15038bdc46c439641320/netzip/RdxIE601_fr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38009.6493287037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

JMB

03/07/2004 à 12:06

Cela vaudra que cela vaudra. A prendre avec des pincettes.

merci de ton aide

JMB

joke0

03/07/2004 à 15:05

Salut,

JMB:

C:Documents and SettingsaApplication Dataroah.exe
C:WINDOWSSystem32wnsintcc.exe

Cocher ces 2 là.

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} -
C:WINDOWS2_0_1browserhelper2.dll (file missing)

A cocher (c'est vide)

O4 - HKCU..Run: [Asaw] C:Documents and SettingsaApplication
Dataroah.exe
O4 - HKCU..Run: [WNSC] C:WINDOWSSystem32wnsintcc.exe

2 spywares. A cocher.

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

A cocher. Adware.

Le explorer.exe en majuscule c'est normal.

Je crois que tu connais la suite de la procédure, sinon:
<http://joke0.free.fr/ht.html>

--
joke0

JMB

04/07/2004 à 01:02

merci

Je reviens d'une longue journée hors de la maison et ne ferai la réparation
que demain.

C'est fou ce que l'on peux choper comme merde !

JMB

JMB

04/07/2004 à 20:56

C:WINDOWSSystem32wnsintcc.exe

Un petite information pour le groupe.

Visilement, ce truc proviendrait de www.purityscan.com (un site anti-porno
!) qui offre le désinstaller... et ça a l'air de marcher.

J'ai vu cela parce que Zone alarm me demandait si Sear1 MFC application
(wnsintcc.exe) pouvait accéder à internet. La recherche sur le wnsintcc.exe
ne donnait pas grand-chose, si ce n'est le lien avec Hijackthis (d'où mon
message). mais je viens de regarder avec Sear1 et j'ai trouvé cette
solution.

JMB

Un petit log de Hijackthis

5 réponses

Veuillez sélectionner un problème