Ouverture de fenetres intempestives etc...

Résolu
ronaman -  
jfkpresident Messages postés 13408 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
j ai de gros ralentissements depuis qq jours et des pb de fenetres qui s ouvrent tte seules
ci joint le log de hjt :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:53, on 06/03/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\PROGRA~1\SafeNet\SoftRemote\IPSecMon.exe
C:\PROGRA~1\SafeNet\SoftRemote\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Alert Manager\amgrsrvc.exe
C:\Program Files\Atempo\LiveBackup\amnt.exe
C:\Program Files\Nokia\Nokia D211\D211CTL.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\GSBootTimeSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Atempo\LiveBackup\wengine.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Atempo\LiveBackup\WVRULES.EXE
C:\Program Files\Atempo\LiveBackup\NAMESYNC.EXE
C:\Program Files\Atempo\LiveBackup\RESTORDB.EXE
C:\WINDOWS\System32\SLClient.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\MEMO Open Client\MCLTFC.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Nokia\Nokia D211\D211STRT.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Atempo\LiveBackup\atrayind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\SafeNet\SoftRemote\SafeCfg.exe
C:\Program Files\Micro Application\LauncherMA.exe
C:\Program Files\Atempo\LiveBackup\WACCESS.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
\FSAMBATUX-01\utilisateurs\C4852\Téléchargements\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://planetes.gicm.net:8080/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.gicm.net:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.financo.platine.org;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MCLTFC.exe] "C:\Program Files\MEMO Open Client\MCLTFC.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [D211STRT.EXE] "C:\Program Files\Nokia\Nokia D211\D211STRT.EXE"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [BEWDeactivateSafenet] C:\Program Files\CoSine Communications\IPSec Dial Client\vpn -deactivate
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Storactive] C:\Program Files\Atempo\LiveBackup\atrayind.exe
O4 - HKLM\..\Run: [Storactive2] C:\Program Files\Atempo\LiveBackup\wcheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BEW-INTRANET-FR-30SessionManager] "C:\Program Files\OrangeBusinessServices\BEW\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lanceur.lnk = C:\Program Files\Micro Application\LauncherMA.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: SoftRemoteLT.lnk = C:\Program Files\SafeNet\SoftRemote\SafeCfg.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {035F280C-1C0C-45D1-9AB0-727EF0C3520A} (HRuntime) - http://sirius.financo.platine.org:8080/HBApp.cab
O16 - DPF: {100C659D-2B0B-4BEF-B79A-34E4659B9A9C} (Pivotal ePower Lifecycle Engine (Version 5.7) - Platform Access (rdaclnt.dll)) - http://fsm-pivotprod2.gicm.net/epower/cab/RDACLNT.CAB
O16 - DPF: {154E3A83-BDE2-441E-A22C-EDAED67CF23A} (Pivotal eRelationship Active Access (Version 5.7) - Resources (rdares.dll)) - http://fsm-pivotprod2.gicm.net/epower/cab/RDARES.CAB
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/fr/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {24F10A0C-7983-4934-849D-582F940A8AC3} (Pivotal ePower Lifecycle Engine (Version 5.7) - Instantiator (rdaobjcreate.dll)) - http://fsm-pivotprod2.gicm.net/epower/cab/RdaObjCreate.cab
O16 - DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} (Pivotal eRelationship Active Access (version 5.7) - Shortcut Handler (rshortcut.dll)) - http://fsm-pivotprod2.gicm.net/epower/cab/RSHORTCUT.CAB
O16 - DPF: {309F16B3-B30C-4114-BE89-E63C4F593B41} (Pivotal eRelationship Active Access (Version 5.7) - Smart Portal (rdaprtl.dll)) - http://fsm-pivotprod2.gicm.net/epower/cab/RDAPRTL.CAB
O16 - DPF: {59A48F67-03E2-460F-9E0C-B3860634172A} (Pivotal eRelationship Active Access (Version 5.7) - Stealth Report Interface (rdaRprt.dll)) - http://fsm-pivotprod2.gicm.net/epower/cab/RDARPRT.CAB
O16 - DPF: {60927435-8441-4532-B2B7-45C9DE62945F} (Pivotal eRelationship Active Access (Version 5.7) - Portal Control Proxy (rdaui.dll)) - http://fsm-pivotprod2.gicm.net/epower/cab/RdaUI.cab
O16 - DPF: {8C42DAC2-0B6A-4F80-9794-3130E1C28345} (Pivotal eRelationship Active Access (Version 5.7) - Email Connector (rdaemail.dll)) - http://fsm-pivotprod2.gicm.net/epower/cab/RDAEMAIL.CAB
O16 - DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} (Pivotal ePower Lifecycle Engine (Version 5.7) - EMail Class (rn1sendx.dll)) - http://fsm-pivotprod2.gicm.net/epower/cab/RN1SENDX.CAB
O16 - DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} (Pivotal eRelationship Active Access (Version 5.7) - Plug-in Result Return Collection (dfoutils.dll)) - http://fsm-pivotprod2.gicm.net/epower/cab/DFOUTILS.CAB
O16 - DPF: {F4901BF2-3FB9-4948-BB0E-5BD2AFF09085} (Pivotal eRelationship Active Access (Version 5.7) - Shared Object Library Interface (rdashare.dll)) - http://fsm-pivotprod2.gicm.net/epower/cab/RDASHARE.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = financo.platine.org
O17 - HKLM\Software\..\Telephony: DomainName = financo.platine.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = financo.platine.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = financo.platine.org
O20 - Winlogon Notify: mnm_7_bta - C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\MNMEventNotify.dll
O23 - Service: McAfee Alert Manager (AlertManager) - McAfee Division of Network Associates, Inc. - C:\Program Files\Network Associates\Alert Manager\amgrsrvc.exe
O23 - Service: LiveBackup Network Service (Amnt) - Atempo, Inc. - C:\Program Files\Atempo\LiveBackup\amnt.exe
O23 - Service: Nokia D211 (D211CTL) - Nokia Corporation - C:\Program Files\Nokia\Nokia D211\D211CTL.exe
O23 - Service: LiveBackup Disaster Recovery (DreSrvc) - Atempo, Inc. - C:\Program Files\Atempo\LiveBackup\DRESrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GSBootTimeSrv - Globesoft® Corporation - C:\Program Files\GlobeSoft\MultiNetwork Manager\NTx\GSBootTimeSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\PROGRA~1\SafeNet\SoftRemote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\PROGRA~1\SafeNet\SoftRemote\IreIKE.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\System32\SLClient.exe
O23 - Service: LiveBackup Client Service (WEngine) - Atempo, Inc. - C:\Program Files\Atempo\LiveBackup\wengine.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)

3 réponses

Réponse 1 / 3
jfkpresident Messages postés 13408 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 175
 
Bonsoir,

Télécharge ZhpDiag de Nicolas Coolman .

Une fois le téléchargement achevé, double clique sur ZHPDiag.exe(clic droit ,"éxécuter en tant qu'administrateur" pour Vista/7).

Une fois installé le programme s'ouvre automatiquement .

Clique sur la loupe pour lancer l'analyse.

A la fin de l'analyse, clique sur la "disquette" (enregistrer sous..) .

Rend toi sur ce site : http://www.cijoint.fr/index.php

Clique sur parcourir et sélectionne le fichier ZhpDiag.txt (Une aide au cas ou])

Un lien va etre créer ,poste ce lien dans ta prochaine réponse.
0
Réponse 2 / 3
ronaman Messages postés 131 Date d'inscription   Statut Membre Dernière intervention   2
 
je n arrive pas a creer le lien
et impossible de copier coller il me met syntax error
0
Réponse 3 / 3
jfkpresident Messages postés 13408 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 175
 
Comment as tu fait pour copier/coller le rapport Hijackthis ?

Utilise ce site pour héberger sinon : https://www.cjoint.com/
0

Discussions similaires

Verrouillage par fermeture de coque Samsung Galaxy
jicece33 -
Sylv -

6 réponses
Ouverture de session yahoo mail
Guendouz -
Gaston -

1 réponse
Samsung S22 Allumage écran à l ouverture clapet ?
broccoli -
Pierr10 -

3 réponses
Verrouiller écran lors de la fermeture du clapet
helyane -
HelpiOS -

13 réponses
ouvrir ma session yahoo.fr
doudou -
HelpiOS -

1 réponse