Log hijack this
noop
Messages postés
11
Statut
Membre
-
^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention -
^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention -
--Salut
Voici un log, le probleme est surtout lié à un ping qui fait du yoyo
pendant les parties en ligne
[quote]Logfile of HijackThis v1.99.1
Scan saved at 22:54:30, on 06/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\program files\mailskinner\mailskinner.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\DOCUME~1\Claverie\LOCALS~1\Temp\77exmodul32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Claverie\Local Settings\Temporary Internet Files\Content.IE5\A72B6D2R\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINDOWS\system32\mscfg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Instant Access] rundll32.exe C:\WINDOWS\eg_auth_1044.dll,InstantAccess /L
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Claverie\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.ex" -silent
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1061.dll,InstantAccess
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11F1D260-129E-4EB7-B37E-57E3D97A3DF1} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1058_XP.cab
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061_XP.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/18069/CD/LeDortoir.exe
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://ww1.dlv4.com
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD3653E4-884B-43C4-970B-670802501B7F} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://acces-direct.net/15671/Choc-fetish.exe
O16 - DPF: {C9269872-E3D6-4811-8E5E-835CA8CBD0B3} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - https://www.afternic.com/domains/downloadv3.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{429D3F3C-97D4-43B2-BE72-E8CF24D55EE5}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB2E1DCC-3E33-4F64-8E8B-11BDEEAF3BE2}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{429D3F3C-97D4-43B2-BE72-E8CF24D55EE5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{429D3F3C-97D4-43B2-BE72-E8CF24D55EE5}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe[/quote]
Merci
Voici un log, le probleme est surtout lié à un ping qui fait du yoyo
pendant les parties en ligne
[quote]Logfile of HijackThis v1.99.1
Scan saved at 22:54:30, on 06/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\program files\mailskinner\mailskinner.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\DOCUME~1\Claverie\LOCALS~1\Temp\77exmodul32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Claverie\Local Settings\Temporary Internet Files\Content.IE5\A72B6D2R\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINDOWS\system32\mscfg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Instant Access] rundll32.exe C:\WINDOWS\eg_auth_1044.dll,InstantAccess /L
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Claverie\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.ex" -silent
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1061.dll,InstantAccess
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11F1D260-129E-4EB7-B37E-57E3D97A3DF1} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1058_XP.cab
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061_XP.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/18069/CD/LeDortoir.exe
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://ww1.dlv4.com
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD3653E4-884B-43C4-970B-670802501B7F} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://acces-direct.net/15671/Choc-fetish.exe
O16 - DPF: {C9269872-E3D6-4811-8E5E-835CA8CBD0B3} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - https://www.afternic.com/domains/downloadv3.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{429D3F3C-97D4-43B2-BE72-E8CF24D55EE5}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB2E1DCC-3E33-4F64-8E8B-11BDEEAF3BE2}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{429D3F3C-97D4-43B2-BE72-E8CF24D55EE5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{429D3F3C-97D4-43B2-BE72-E8CF24D55EE5}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe[/quote]
Merci
A voir également:
- Log hijack this
- Hijack this - Télécharger - Antivirus & Antimalwares
- Vpn no log - Guide
- Your browser sent a request that this server could not understand ✓ - Forum Réseaux sociaux
- Ti college plus log - Forum calculatrices
- No server is available to handle this request. - Forum Réseaux sociaux
9 réponses
salut,
Commençe par ça déjà,
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11F1D260-129E-4EB7-B37E-57E3D97A3DF1} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1058_XP.cab
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061_XP.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/18069/CD/LeDortoir.exe
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://ww1.dlv4.com
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD3653E4-884B-43C4-970B-670802501B7F} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://acces-direct.net/15671/Choc-fetish.exe
O16 - DPF: {C9269872-E3D6-4811-8E5E-835CA8CBD0B3} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - https://www.afternic.com/domains/downloadv3.com
Refais un HT
A++
J'ai un trou pour les 017....Donc à suivre les pros...
Commençe par ça déjà,
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11F1D260-129E-4EB7-B37E-57E3D97A3DF1} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2A3DFC59-8A87-49A1-85D1-42903410911F} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1058_XP.cab
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {7504F0D5-644A-4103-9D02-95488B6CB9A1} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061_XP.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/18069/CD/LeDortoir.exe
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1059_XP.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://ww1.dlv4.com
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD3653E4-884B-43C4-970B-670802501B7F} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://acces-direct.net/15671/Choc-fetish.exe
O16 - DPF: {C9269872-E3D6-4811-8E5E-835CA8CBD0B3} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {EC4AFBF3-4540-4306-AF10-4CAC509EA16B} - https://www.afternic.com/domains/downloadv3.com
Refais un HT
A++
J'ai un trou pour les 017....Donc à suivre les pros...
Bonjour noop,
Comme le dit Kris (bcp plus performant que moi, donc je suis ses conseils aussi), regarde ici :
1°/ https://www.commentcamarche.net/faq/2432-securite-proteger-un-ordinateur-contre-les-malwares
2°/ https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc
Ensuite nous continuerons le nettoyage
A++
Comme le dit Kris (bcp plus performant que moi, donc je suis ses conseils aussi), regarde ici :
1°/ https://www.commentcamarche.net/faq/2432-securite-proteger-un-ordinateur-contre-les-malwares
2°/ https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc
Ensuite nous continuerons le nettoyage
A++
Re,
- Mailskinner et Instant Access à désinstaller ppffff, Kris, c'est ou ça ??? (lol)
Noop
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINDOWS\system32\mscfg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1061.dll,InstantAccess
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB2E1DCC-3E33-4F64-8E8B-11BDEEAF3BE2}: NameServer = 80.10.246.130 80.10.246.3
SUIS quand mm la procédure du poste <4>
A++
- Mailskinner et Instant Access à désinstaller ppffff, Kris, c'est ou ça ??? (lol)
Noop
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"
O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINDOWS\system32\mscfg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1061.dll,InstantAccess
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB2E1DCC-3E33-4F64-8E8B-11BDEEAF3BE2}: NameServer = 80.10.246.130 80.10.246.3
SUIS quand mm la procédure du poste <4>
A++
Merci pour votre aide, c'est pas pour moi mais pour un membre de ma team qui a de sérieuses lacunes en sécurité...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
lol le carnage ^^
gna gna gna.....lol ^^
gna gna gna.....lol ^^
coucou Marie,
pour toi verifier les O17, sur la gauche clique sur "whois lookup" tu entres la premier ligne ex:80.10.246.130 80.10.246.3
et si tu vois france, blegique, ect..ce sont des bonne, voir plus bas dans la page tu as une description du FAI, par contre si tu vois, ukraine, bosnie, .. la tu peux fixer.
Je te dis ça car certains ont une ip fixe et après cette manip' avec hijackthis leur connexion ne fonctionnera plus ;-)
https://www.dnsstuff.com/
A++ ;-)
pour toi verifier les O17, sur la gauche clique sur "whois lookup" tu entres la premier ligne ex:80.10.246.130 80.10.246.3
et si tu vois france, blegique, ect..ce sont des bonne, voir plus bas dans la page tu as une description du FAI, par contre si tu vois, ukraine, bosnie, .. la tu peux fixer.
Je te dis ça car certains ont une ip fixe et après cette manip' avec hijackthis leur connexion ne fonctionnera plus ;-)
https://www.dnsstuff.com/
A++ ;-)
'lu,
ok, Boule, et merci
http://www.dnsstuff.com/tools/whois.ch?ip=80.10.246.130+80.10.246.3+
Y'avait un peu trop de chiffre a mon goût... Bon, je resterai vigilente.
Noop, La 017 Tu ne l'as touche pas. Escuse ma bourde, on en apprend tous les jours...
A++
ok, Boule, et merci
http://www.dnsstuff.com/tools/whois.ch?ip=80.10.246.130+80.10.246.3+
Y'avait un peu trop de chiffre a mon goût... Bon, je resterai vigilente.
Noop, La 017 Tu ne l'as touche pas. Escuse ma bourde, on en apprend tous les jours...
A++
Hello :)
^^Marie^^^, pour répondre à ta question :
- MailSkinner apparaît ici :
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
Et tu constates également qu'il apparaît dans les processus :
C:\program files\mailskinner\mailskinner.exe
- Instant Access est visible ici :
O4 - HKLM\..\Run: [Instant Access] rundll32.exe C:\WINDOWS\eg_auth_1044.dll,InstantAccess /L
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1061.dll,InstantAccess
-> Pour commencer, noop doit impérativement visiter ce lien :
https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc
Et rajouter à l'arsenal des antispywares du style :
Ad-Aware :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html
SpyBot Search & Destroy :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
Scanner son PC avec tous ces logiciels et coller les rapports :)
++
^^Marie^^^, pour répondre à ta question :
- MailSkinner apparaît ici :
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
Et tu constates également qu'il apparaît dans les processus :
C:\program files\mailskinner\mailskinner.exe
- Instant Access est visible ici :
O4 - HKLM\..\Run: [Instant Access] rundll32.exe C:\WINDOWS\eg_auth_1044.dll,InstantAccess /L
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1061.dll,InstantAccess
-> Pour commencer, noop doit impérativement visiter ce lien :
https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc
Et rajouter à l'arsenal des antispywares du style :
Ad-Aware :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html
SpyBot Search & Destroy :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
Scanner son PC avec tous ces logiciels et coller les rapports :)
++
Pour t'aider un peu :
- Pare-feu non-visible sur le log, à installer impérativement.
- Mailskinner et Instant Access à désinstaller
- Plusieurs lignes à fixer, notamment certaines O2.
- Profonde infection par des malwares, notamment le trojan BackDoor-CXT visible à cause de cette ligne :
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
Peut être commencer par consulter cette page ? :
https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc
À Toi de voir, bon courage :)
;-))