System doctor - que faire ?

ostma Messages postés 7 Statut Membre -  
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,

j'ai un problème avec mon ordinateur: lorsque je le démarre, il est d'abord tout normal, mais ensuite toutes les couleurs sont changées, les icônes sur le bureau clignotent... Et puis j'ai un message de SystemDoctor qui me demande d'acheter leur produit, disant que j'ai des milliers d'erreurs... Est-ce que quelqu'un peut avoir l'amabilité de m'indiquer ce que je devrais faire? Est-ce un virus?

Fichier log Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 11:57:57, on 13/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\SystemDoctor 2006 Free\sd2006.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Maria OESTBERG\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {561E4750-B38E-ADAA-A729-20B1ACB680D5} - C:\DOCUME~1\MARIAO~1\APPLIC~1\MOREIN~1\closegrey.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [Eq Show Glue Bend] C:\Documents and Settings\All Users\Application Data\Balm Byte Eq Show\shim bags.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [each 32] C:\DOCUME~1\MARIAO~1\APPLIC~1\AUDIOE~1\VcForkJunk.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

Fichier log blacklight:

07/13/06 12:01:28 [Info]: BlackLight Engine 1.0.42 initialized
07/13/06 12:01:28 [Info]: OS: 5.1 build 2600 (Service Pack 1)
07/13/06 12:01:28 [Note]: 7019 4
07/13/06 12:01:28 [Note]: 7005 0
07/13/06 12:01:31 [Note]: 7006 0
07/13/06 12:01:31 [Note]: 7011 1280
07/13/06 12:01:31 [Note]: 7026 0
07/13/06 12:01:31 [Note]: 7026 0
07/13/06 12:01:37 [Note]: FSRAW library version 1.7.1019
07/13/06 12:03:42 [Note]: 7007 0
Configuration: TOSHIBA
Microsoft XP
Version familiale
v 2002
CPU 2,4 GHz
RAM 240 Mo

7 réponses

  1. Maya* Messages postés 181 Date d'inscription   Statut Membre Dernière intervention   229
     
    Bonjour Ostma,
    Oui il faut que tu te débarrasses de systemdoctor. Voici un lien pour commencer, en attendant que quelqu'un t'aide à désinfecter ton pc :
    virus methode preliminaire de desinfection version fr
    Bonne continuation.
    0
    1. ostma Messages postés 7 Statut Membre
       
      Bonjour Maya,

      merci de votre aide. J'ai fait ce qui était indiqué: voici les fichiers log, je serais très reconnaissante si quelqu'un pouvait m'aider ! Merci à l'avance.

      ---------------------------------------------------------
      ewido anti-spyware - Scan Report
      ---------------------------------------------------------

      + Created at: 20:10:45 13/07/2006

      + Scan result:



      C:\Program Files\NewDotNet -> Adware.NewDotNet : No action taken.
      C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : No action taken.
      C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : No action taken.
      C:\Program Files\NewDotNet\uninstall7_22.exe -> Adware.NewDotNet : No action taken.
      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP2\A0000082.dll -> Adware.NewDotNet : No action taken.
      C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : No action taken.
      [1000] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : No action taken.
      [1024] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : No action taken.
      [1108] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : No action taken.
      [1316] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : No action taken.
      [1436] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : No action taken.
      [156] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL -> Adware.NewDotNet : No action taken.
      [164] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL -> Adware.NewDotNet : No action taken.
      [1852] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL -> Adware.NewDotNet : No action taken.
      [1916] C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL -> Adware.NewDotNet : No action taken.
      [2900] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : No action taken.
      [3940] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : No action taken.
      [452] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : No action taken.
      [652] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : No action taken.
      [812] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : No action taken.
      [856] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Local Settings\Temporary Internet Files\Content.IE5\SEFG1950\WarezP2P[1].exe -> Downloader.Small : No action taken.
      C:\fichiers telechargés\WarezP2P_CWS.exe -> Downloader.Small : No action taken.
      [1280] C:\DOCUME~1\MARIAO~1\APPLIC~1\MOREIN~1\closegrey.exe -> Downloader.Swizzor.bo : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@com[1].txt -> TrackingCookie.Com : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@estat[1].txt -> TrackingCookie.Estat : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@as1.falkag[2].txt -> TrackingCookie.Falkag : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@ehg-ads.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@ehg-alt64.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@hotlog[2].txt -> TrackingCookie.Hotlog : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@vegasred[2].txt -> TrackingCookie.Vegasred : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@www.vegasred[2].txt -> TrackingCookie.Vegasred : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@zedo[2].txt -> TrackingCookie.Zedo : No action taken.


      ::Report end



      BitDefender Online Scanner



      Scan report generated at: Fri, Jul 14, 2006 - 00:56:38





      Scan path: C:\;D:\;







      Statistics

      Time
      04:42:14

      Files
      561571

      Folders
      2098

      Boot Sectors
      2

      Archives
      8242

      Packed Files
      83026




      Results

      Identified Viruses
      6

      Infected Files
      9

      Suspect Files
      0

      Warnings
      0

      Disinfected
      0

      Deleted Files
      6




      Engines Info

      Virus Definitions
      407675

      Engine build
      AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

      Scan plugins
      13

      Archive plugins
      39

      Unpack plugins
      5

      E-mail plugins
      6

      System plugins
      1




      Scan Settings

      First Action
      Disinfect

      Second Action
      Delete

      Heuristics
      Yes

      Enable Warnings
      Yes

      Scanned Extensions
      *;

      Exclude Extensions


      Scan Emails
      Yes

      Scan Archives
      Yes

      Scan Packed
      Yes

      Scan Files
      Yes

      Scan Boot
      Yes




      Scanned File
      Status

      C:\Documents and Settings\All Users\Application Data\Balm Byte Eq Show\shim bags.exe
      Infected with: GenPack:Trojan.Swizzor.IA

      C:\Documents and Settings\All Users\Application Data\Balm Byte Eq Show\shim bags.exe
      Disinfection failed

      C:\Documents and Settings\All Users\Application Data\Balm Byte Eq Show\shim bags.exe
      Delete failed

      C:\Documents and Settings\Maria OESTBERG\Local Settings\Temp\bis6.exe
      Infected with: GenPack:Trojan.Downloader.Swizzor.FE

      C:\Documents and Settings\Maria OESTBERG\Local Settings\Temp\bis6.exe
      Disinfection failed

      C:\Documents and Settings\Maria OESTBERG\Local Settings\Temp\bis6.exe
      Deleted

      C:\Documents and Settings\Maria OESTBERG\Application Data\Audio error cash\VcForkJunk.exe
      Infected with: GenPack:Trojan.Downloader.Swizzor.FE

      C:\Documents and Settings\Maria OESTBERG\Application Data\Audio error cash\VcForkJunk.exe
      Disinfection failed

      C:\Documents and Settings\Maria OESTBERG\Application Data\Audio error cash\VcForkJunk.exe
      Delete failed

      C:\Documents and Settings\Maria OESTBERG\Application Data\Audio error cash\pjdgdcbv.exe
      Infected with: GenPack:Trojan.Swizzor.IA

      C:\Documents and Settings\Maria OESTBERG\Application Data\Audio error cash\pjdgdcbv.exe
      Disinfection failed

      C:\Documents and Settings\Maria OESTBERG\Application Data\Audio error cash\pjdgdcbv.exe
      Deleted

      C:\Documents and Settings\Maria OESTBERG\Application Data\MOREINTER\closegrey.exe
      Infected with: GenPack:Trojan.Downloader.Swizzor.BO

      C:\Documents and Settings\Maria OESTBERG\Application Data\MOREINTER\closegrey.exe
      Disinfection failed

      C:\Documents and Settings\Maria OESTBERG\Application Data\MOREINTER\closegrey.exe
      Delete failed

      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP2\A0000082.dll
      Detected with: Application.Adware.NewDotNet.A

      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP2\A0000082.dll
      Disinfection failed

      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP2\A0000082.dll
      Deleted

      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP2\A0000083.exe
      Detected with: Application.Adware.NewDotNet.C

      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP2\A0000083.exe
      Disinfection failed

      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP2\A0000083.exe
      Deleted

      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP8\A0001179.exe
      Infected with: GenPack:Trojan.Downloader.Swizzor.CB

      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP8\A0001179.exe
      Disinfection failed

      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP8\A0001179.exe
      Deleted

      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP9\A0001182.exe
      Infected with: GenPack:Trojan.Swizzor.IA

      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP9\A0001182.exe
      Disinfection failed

      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP9\A0001182.exe
      Deleted


      Logfile of HijackThis v1.99.1
      Scan saved at 11:57:57, on 13/07/2006
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Inventel\Gateway\wlancfg.exe
      C:\WINDOWS\System32\igfxtray.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
      C:\WINDOWS\LTSMMSG.exe
      C:\WINDOWS\System32\00THotkey.exe
      C:\WINDOWS\System32\TFNF5.exe
      C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      C:\WINDOWS\System32\TPWRTRAY.EXE
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      c:\progra~1\intern~1\iexplore.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\SystemDoctor 2006 Free\sd2006.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Warez P2P Client\warez.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Maria OESTBERG\Local Settings\Temp\Répertoire temporaire 1 pour hijackthis[1].zip\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
      O2 - BHO: (no name) - {561E4750-B38E-ADAA-A729-20B1ACB680D5} - C:\DOCUME~1\MARIAO~1\APPLIC~1\MOREIN~1\closegrey.exe
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
      O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
      O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
      O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
      O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
      O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
      O4 - HKLM\..\Run: [Eq Show Glue Bend] C:\Documents and Settings\All Users\Application Data\Balm Byte Eq Show\shim bags.exe
      O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
      O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [each 32] C:\DOCUME~1\MARIAO~1\APPLIC~1\AUDIOE~1\VcForkJunk.exe
      O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
      O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O10 - Hijacked Internet access by New.Net
      O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
      0
  2. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Bonsoir, Bonjour,

    EWIDO ==> No action taken il n'a pas fonctionné.

    Tu es vérolé par newdotnet

    Commence par ça :

    Bonjour,

    Méthode à suivre dans l'ordre...
    ----------------------------------------------------------------------------
    Télécharger ces logiciels (sauf si tu les as déjà)
    A utiliser plus tard

    A - ad-aware version 1.06
    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
    voir demo
    http://pageperso.aol.fr/balltrap34/adwseflash.zip

    B - spybot version 1.4
    (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
    voir demo d utilisation
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    Met le à jour et vaccine (voir les démos) et lance le en "mode sans echec", (mode sans echec: redémarre ton PC et tu tapotes sur la touche F8 ou F5 et tu choisis le "mode sans echec").

    C - Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..)
    Télécharge ici :
    https://www.ccleaner.com/ccleaner/download
    Tutorial ici:
    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    D - Ewido (download)- gratuit même après 14 jours d’essai
    http://perso.wanadoo.fr/entraide-hijackthis/Ewido/
    Copie/COLLE le rapport généré sur ce forum
    Pour certaines versions de Windows antérieures à XP, Ewido peut ne pas être compatible
    Dans ce cas, il te faudra utiliser a-squared free et demander une clef pour son usage gratuit
    https://www.emsisoft.com/fr/

    ----------------------------------------------------------------------------
    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !
    =================================
    Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup –s

    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab

    ============ ============================
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    ¤Vide tes fichiers temps et temporary internet file:

    Maintenant tu lances
    A/ Ad-Aware supprime quarantaine
    B/ Spybot Supprime quarantaine
    C/ Ccleaner Ewido Copier/coller le rapport
    D/
    ----------------------------------------------------------------------------
    ¤ Vide ta Corbeille.
    ----------------------------------------------------------------------------
    ¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Tiens nous au courant

    A+

    0
    1. ostma Messages postés 7 Statut Membre
       
      Bonjour Marie !

      Je vous remercie vivement de vos indications. Je les ai suivies, je vous transmets les fichiers log de ewido et hijackthis. J'ai l'impression que les logiciels ne trouvent plus grand chose, mais les couleurs du bureau sont toujours étranges. Savez-vous comment remédier à cela?

      Cordialement OSTMA

      --------------------------------------------------------
      ewido anti-spyware - Scan Report
      ---------------------------------------------------------

      + Created at: 16:39:25 14/07/2006

      + Scan result:



      C:\fichiers telechargés\WarezP2P_CWS.exe -> Downloader.Small : No action taken.


      ::Report end


      Logfile of HijackThis v1.99.1
      Scan saved at 17:18:14, on 14/07/2006
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Inventel\Gateway\wlancfg.exe
      C:\WINDOWS\System32\igfxtray.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
      C:\WINDOWS\LTSMMSG.exe
      C:\WINDOWS\System32\00THotkey.exe
      C:\WINDOWS\System32\TFNF5.exe
      C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      C:\WINDOWS\System32\TPWRTRAY.EXE
      C:\Program Files\ewido anti-spyware 4.0\ewido.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\Warez P2P Client\warez.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Documents and Settings\Maria OESTBERG\Bureau\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
      O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
      O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
      O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
      O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
      O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
      0
  3. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut,

    Ton log n'est pas complet.

    Warez13==> P2P ==> qq sources de blèmes.
    0
    1. ostma Messages postés 7 Statut Membre
       
      Ah pardon, voici la suite:

      O4 - HKLM\..\Run: [Eq Show Glue Bend] C:\Documents and Settings\All Users\Application Data\Balm Byte Eq Show\shim bags.exe
      O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [each 32] C:\DOCUME~1\MARIAO~1\APPLIC~1\AUDIOE~1\VcForkJunk.exe
      O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
      O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
      0
  4. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    remet le complet quand mm, sur une page......
    0
    1. ostma Messages postés 7 Statut Membre
       
      Le voici:

      Logfile of HijackThis v1.99.1
      Scan saved at 20:52:59, on 14/07/2006
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Inventel\Gateway\wlancfg.exe
      C:\WINDOWS\System32\igfxtray.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
      C:\WINDOWS\LTSMMSG.exe
      C:\WINDOWS\System32\00THotkey.exe
      C:\WINDOWS\System32\TFNF5.exe
      C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      C:\WINDOWS\System32\TPWRTRAY.EXE
      C:\Program Files\ewido anti-spyware 4.0\ewido.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\Warez P2P Client\warez.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
      C:\Program Files\MathType\MathType.exe
      C:\Documents and Settings\Maria OESTBERG\Bureau\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
      O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
      O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
      O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
      O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
      O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
      O4 - HKLM\..\Run: [Eq Show Glue Bend] C:\Documents and Settings\All Users\Application Data\Balm Byte Eq Show\shim bags.exe
      O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [each 32] C:\DOCUME~1\MARIAO~1\APPLIC~1\AUDIOE~1\VcForkJunk.exe
      O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
      O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut,

    Tu peux fixer ces lignes STP :

    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

    Tu redémarres et dis nous quoi 2 9 !!

    A++

    ps : Platform: Windows XP SP1 (WinNT 5.01.2600)
    Tu as essayé de passer au SP2 ???
    0
    1. ostma Messages postés 7 Statut Membre
       
      J'ai fait comme ce que tu as proposé - les couleurs sont redevenus normales! (Merci!) Il y a tout de même quelques bizarreries, je crois que c'est des cookies. J'envoie les fichiers log de hijack et d'ewido. En tout cas, tout marche bien mieux qu'avant, grand merci encore une fois!!

      Cordialement OStma

      PS J'ai téléchargé les derniers mises à jour de windows, dont SP3 normalement. Savez-vous pourquoi c'est indiqué SP1 dans le fichier de Hijackthis?

      ---------------------------------------------------------
      ewido anti-spyware - Scan Report
      ---------------------------------------------------------

      + Created at: 17:36:43 15/07/2006

      + Scan result:



      C:\System Volume Information\_restore{FE32DDCA-30FF-4C2F-A021-39EAE75462BD}\RP10\A0004403.exe -> Downloader.Small : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@247realmedia[2].txt -> TrackingCookie.247realmedia : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
      C:\Documents and Settings\Maria OESTBERG\Cookies\maria oestberg@weborama[2].txt -> TrackingCookie.Weborama : No action taken.


      ::Report end

      Logfile of HijackThis v1.99.1
      Scan saved at 17:49:42, on 15/07/2006
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Inventel\Gateway\wlancfg.exe
      C:\WINDOWS\System32\igfxtray.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
      C:\WINDOWS\LTSMMSG.exe
      C:\WINDOWS\System32\00THotkey.exe
      C:\WINDOWS\System32\TFNF5.exe
      C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      C:\WINDOWS\System32\TPWRTRAY.EXE
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\ewido anti-spyware 4.0\ewido.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\WgaTray.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Messenger\MSMSGS.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Documents and Settings\Maria OESTBERG\Bureau\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
      O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
      O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
      O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
      O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
      O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
      O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
      O4 - HKLM\..\Run: [Eq Show Glue Bend] C:\Documents and Settings\All Users\Application Data\Balm Byte Eq Show\shim bags.exe
      O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [each 32] C:\DOCUME~1\MARIAO~1\APPLIC~1\AUDIOE~1\VcForkJunk.exe
      O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_sit...
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
      0
  7. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut,

    Garde ce logiciel

    C - Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..)
    Télécharge ici :
    https://www.ccleaner.com/ccleaner/download
    Tutorial ici:
    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    Rien de spécial dans ton log

    Bonne route

    A++

    0
    1. ostma Messages postés 7 Statut Membre
       
      Le système marche nettement mieux. Merci beaucoup!!
      0
  8. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Salut,

    Perso, je ne vois rien de méchant dans ton log

    EWIDO == > no action taken ==> n'a pas fonctionné

    Prends ce lien
    https://www.malekal.com/tutorial-et-guide-ewido-v4/

    A bientôt
    0