Ralentissement sur mon pc - HijackThis
LEFEVREMALIKA
Messages postés
2
Statut
Membre
-
^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention -
^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention -
bonjour à tous
j'ai de gros soucis de ralentissement sur mon pc, pourriez-vous m'aider svp
merci d'avance
Logfile of HijackThis v1.99.1
Scan saved at 11:56:52, on 05/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Windows\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Windows\system32\BESCH.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Windows\system32\PROMon.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\WinFax Plus\CapFax.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\winmaes\cbsrv.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MALIKA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.254
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [BackupExecScheduler] BESCH.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ICQ Net] C:\Windows\winlogon.exe -stealth
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\WinFax Plus\CapFax.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Gestionnaire d'applications Sage.lnk = C:\Program Files\WINMAES\cbsrv.Exe
O4 - Global Startup: Gestionnaire d'applications Sage.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
j'ai de gros soucis de ralentissement sur mon pc, pourriez-vous m'aider svp
merci d'avance
Logfile of HijackThis v1.99.1
Scan saved at 11:56:52, on 05/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Windows\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Windows\system32\BESCH.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Windows\system32\PROMon.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\WinFax Plus\CapFax.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\winmaes\cbsrv.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MALIKA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.254
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [BackupExecScheduler] BESCH.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ICQ Net] C:\Windows\winlogon.exe -stealth
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\WinFax Plus\CapFax.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Gestionnaire d'applications Sage.lnk = C:\Program Files\WINMAES\cbsrv.Exe
O4 - Global Startup: Gestionnaire d'applications Sage.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
A voir également:
- Ralentissement sur mon pc - HijackThis
- Ralentissement pc - Guide
- Télécharger musique gratuitement sur pc - Télécharger - Conversion & Extraction
- Plus de son sur mon pc - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
9 réponses
hello "Reine"
tu as été infectée par un courriel qui contenait une saloperie, semble-t-il
=============
plusieurs actions à mener d abord
- faire une défragmentation en sans échec - opération très longue si inhabituelle
- nettoyage préliminaire avec
3/ - Ewido (download)- gratuit même après 14 jours d’essai
http://perso.wanadoo.fr/entraide-hijackthis/Ewido/
Copie/COLLE le rapport généré sur ce forum
- tjrs nettoyer avec
6/ - Scan online avec BitDefender (fonctionne uniquement sous Internet Explorer en acceptant l’ activX)
https://assiste.com/404_La_page_demandee_n_existe_pas.php
Copie/COLLE le rapport entier
- continuer de nettoyer avec
6/ - Scan online avec BitDefender (fonctionne uniquement sous Internet Explorer en acceptant l’ activX)
https://assiste.com/404_La_page_demandee_n_existe_pas.php
Copie/COLLE le rapport entier
- à l issue de la réception des 2 rapports ddés, tu me remettras un rapport hijack et m en occuperai alors
tu as été infectée par un courriel qui contenait une saloperie, semble-t-il
=============
plusieurs actions à mener d abord
- faire une défragmentation en sans échec - opération très longue si inhabituelle
- nettoyage préliminaire avec
3/ - Ewido (download)- gratuit même après 14 jours d’essai
http://perso.wanadoo.fr/entraide-hijackthis/Ewido/
Copie/COLLE le rapport généré sur ce forum
- tjrs nettoyer avec
6/ - Scan online avec BitDefender (fonctionne uniquement sous Internet Explorer en acceptant l’ activX)
https://assiste.com/404_La_page_demandee_n_existe_pas.php
Copie/COLLE le rapport entier
- continuer de nettoyer avec
6/ - Scan online avec BitDefender (fonctionne uniquement sous Internet Explorer en acceptant l’ activX)
https://assiste.com/404_La_page_demandee_n_existe_pas.php
Copie/COLLE le rapport entier
- à l issue de la réception des 2 rapports ddés, tu me remettras un rapport hijack et m en occuperai alors
bonjour,
ci joint rapport concernant ewido, réponse tardive suite à problème de connexion
Merci d'avance
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 11:30:30, 09/05/2006
+ Somme de contrôle: 95F26510
+ Résultats du scan:
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom\CurVer -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools\PI -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\Hotbar -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\Hotbar\Install -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-21-1106520001-4271176276-1453689397-1004\Software\EGDHTML -> Dialer.Generic : Nettoyer et sauvegarder
C:\Documents and Settings\Invité\Cookies\invité@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Invité\Cookies\invité@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\Invité\Cookies\invité@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\Invité\Cookies\invité@overture[1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@2o7[2].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\WINDOWS\system32\FFHT.0XE -> Worm.Tanatos.a : Nettoyer et sauvegarder
C:\WINDOWS\WINLOGON.0XE -> Worm.NetSky.d : Nettoyer et sauvegarder
::Fin du rapport
ci joint rapport concernant ewido, réponse tardive suite à problème de connexion
Merci d'avance
---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 11:30:30, 09/05/2006
+ Somme de contrôle: 95F26510
+ Résultats du scan:
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom\CurVer -> Dialer.Generic : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools\PI -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\Hotbar -> Adware.HotBar : Nettoyer et sauvegarder
HKLM\SOFTWARE\HbTools\Hotbar\Install -> Adware.HotBar : Nettoyer et sauvegarder
HKU\S-1-5-21-1106520001-4271176276-1453689397-1004\Software\EGDHTML -> Dialer.Generic : Nettoyer et sauvegarder
C:\Documents and Settings\Invité\Cookies\invité@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
C:\Documents and Settings\Invité\Cookies\invité@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\Invité\Cookies\invité@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\Invité\Cookies\invité@overture[1].txt -> TrackingCookie.Overture : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@2o7[2].txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\MALIKA\Cookies\malika@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
C:\WINDOWS\system32\FFHT.0XE -> Worm.Tanatos.a : Nettoyer et sauvegarder
C:\WINDOWS\WINLOGON.0XE -> Worm.NetSky.d : Nettoyer et sauvegarder
::Fin du rapport
rebonjour,
ci joint 2ème rapport demandés bitdefender,
je fais le hi jack et je vous l'envoi juste après
merci d'avance
ci joint 2ème rapport demandés bitdefender,
je fais le hi jack et je vous l'envoi juste après
merci d'avance
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ci joint dernier rapport demandé hijacking,
je te remercie d'y jeter un coup d'oeil sur l'ensemble, et de me dire si tu as une solution
a bientot
je te remercie d'y jeter un coup d'oeil sur l'ensemble, et de me dire si tu as une solution
a bientot
j 'ai omis le + important
ci joint le rapport, désolé
Logfile of HijackThis v1.99.1
Scan saved at 17:09:17, on 09/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Windows\system32\BESCH.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Windows\system32\PROMon.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\WinFax Plus\CapFax.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\winmaes\cbsrv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\System32\macromed\flash\GetFlash.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Maestria\maestria.exe
C:\Documents and Settings\MALIKA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.254
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [BackupExecScheduler] BESCH.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ICQ Net] C:\Windows\winlogon.exe -stealth
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\WinFax Plus\CapFax.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Gestionnaire d'applications Sage.lnk = C:\Program Files\WINMAES\cbsrv.Exe
O4 - Global Startup: Gestionnaire d'applications Sage.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\MALIKA\Bureau\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\MALIKA\Bureau\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
ci joint le rapport, désolé
Logfile of HijackThis v1.99.1
Scan saved at 17:09:17, on 09/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Windows\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Windows\system32\BESCH.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Windows\system32\PROMon.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\WinFax Plus\CapFax.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\winmaes\cbsrv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\System32\macromed\flash\GetFlash.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Maestria\maestria.exe
C:\Documents and Settings\MALIKA\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.254
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [BackupExecScheduler] BESCH.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ICQ Net] C:\Windows\winlogon.exe -stealth
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\WinFax Plus\CapFax.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Gestionnaire d'applications Sage.lnk = C:\Program Files\WINMAES\cbsrv.Exe
O4 - Global Startup: Gestionnaire d'applications Sage.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\MALIKA\Bureau\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\MALIKA\Bureau\ewido anti-malware\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
Je te donne les lignes à fixer que je connais :
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O4 - HKLM\..\Run: [ICQ Net] C:\Windows\winlogon.exe -stealth
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
Refais un HT
A++
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O4 - HKLM\..\Run: [ICQ Net] C:\Windows\winlogon.exe -stealth
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{74BECE1D-9DEA-460E-943A-5E1486FEBD9A}: NameServer = 193.252.19.3,193.252.19.4
Refais un HT
A++
