Sujet Précédent Sujet Suivant

Virus, reboot, Pokepoke

Fermé
Oone - 29 oct. 2005 à 13:01
 Goudax - 29 nov. 2007 à 12:44
Bonsoir, je vous écris à partir d'un PC complètement à la ramasse :o

Depuis quelques jours déjà (voir quelques mois), mon ordinateur se voit régulièrement (ré)infecté par les mêmes virus, qui visibilement font partis de cette catégorie qui s'accroche réellement. De mémoire, les deux plus "énervants" en tout cas ceux qui me posent le plus de problêmes actuellement, il s'agit de : Trojan.Win32.Elitebar.g et Pokepoke76. Le premier ralentis, voir reboot mon pc à plusieurs reprises, le second ne cesse de m'ouvrir IE et semble faire une fixation sur un certain Winfixer 2005.

Donc bref, j'ai déjà Hijack, LQFix et CCleaner pour me charger du nettoyage, me manque que la méthode. Histoire de pas perdre de temps, je poste directement mon rapport Hijack :

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1MOZILL~1FIREFOX.EXE
D:HijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.directsearchzone.com/sp2.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.directsearchzone.com/sp2.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.directsearchzone.com/sp2.php
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = local.,
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:WINDOWSSystem32mljge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe"
O4 - HKLM..Run: [Smapp] C:Program FilesAnalog DevicesSoundMAXSMTray.exe
O4 - HKLM..Run: [Windows Svshost Service Update 32] svcsshost32.exe
O4 - HKLM..Run: [Wind0ws Sharing] ssprotecter.exe
O4 - HKLM..Run: [Microsoft Update] wuamkop32.exe
O4 - HKLM..Run: [System Update Service] update.pif
O4 - HKLM..Run: [TkBellExe] "C:Program FilesFichiers communsRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [Windows Security Service] windows.pif
O4 - HKLM..Run: [DAEMON Tools-1033] "D:Program FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [MSDOS Security Service] msdos.pif
O4 - HKLM..Run: [iTunesHelper] "D:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_04binjusched.exe
O4 - HKLM..Run: [KAVPersonal50] "D:Program FilesKaspersky LabKaspersky Anti-Virus Personalkav.exe" /minimize
O4 - HKLM..Run: [MS Security] systm.pif
O4 - HKLM..Run: [Windows Security] ms32.pif
O4 - HKLM..Run: [Win Security] msw32.pif
O4 - HKLM..Run: [OS Security] mswind32.pif
O4 - HKLM..Run: [SVCH Service] svch32.pif
O4 - HKLM..Run: [HTML Help System] hhs.pif
O4 - HKLM..Run: [HTML32 Help System] hhs32.pif
O4 - HKLM..Run: [Internet Help Svc] IHSVC.EXE
O4 - HKLM..Run: [MNI.UWFX5V_0001_LP] "C:DOCUME~1quintLOCALS~1Templsas.exe"
O4 - HKLM..Run: [System service78] C:WINDOWSetbpokapoka78.exe
O4 - HKLM..RunServices: [SERV PacK2] nure.exe
O4 - HKLM..RunServices: [Windows Svshost Service Update 32] svcsshost32.exe
O4 - HKLM..RunServices: [Wind0ws Sharing] ssprotecter.exe
O4 - HKLM..RunServices: [Microsoft Update] wuamkop32.exe
O4 - HKLM..RunServices: [Windows Updating Service] updating.pif
O4 - HKLM..RunServices: [MS UniX] navupdate64.exe
O4 - HKLM..RunServices: [System Update Service] update.pif
O4 - HKLM..RunServices: [Windows Security Service] windows.pif
O4 - HKLM..RunServices: [MS-DOS Boot Service] boot32.pif
O4 - HKLM..RunServices: [MS-DOS Security Service] ms-dos.pif
O4 - HKLM..RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM..RunServices: [System Updates Service] updates.pif
O4 - HKLM..RunServices: [MS Unix Binary] hypertrm.exe
O4 - HKLM..RunServices: [MS Security] systm.pif
O4 - HKLM..RunServices: [Windows Security] ms32.pif
O4 - HKLM..RunServices: [Win Security] msw32.pif
O4 - HKLM..RunServices: [Wind Security] mswi32.pif
O4 - HKLM..RunServices: [OS Security] mswind32.pif
O4 - HKLM..RunServices: [SVCH Service] svch32.pif
O4 - HKLM..RunServices: [HTML Help System] hhs.pif
O4 - HKLM..RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM..RunServices: [Internet Help Svc] IHSVC.EXE
O4 - HKCU..Run: [Windows Svshost Service Update 32] svcsshost32.exe
O4 - HKCU..Run: [Windows Updating Service] updating.pif
O4 - HKCU..Run: [MS UniX] navupdate64.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background
O4 - HKCU..Run: [Steam] "d:program filesvalvesteamsteam.exe" -silent
O4 - HKCU..Run: [Windows Security Service] windows.pif
O4 - HKCU..Run: [MS-DOS Boot Service] boot32.pif
O4 - HKCU..Run: [MS-DOS Security Service] ms-dos.pif
O4 - HKCU..Run: [System Update Service] update.pif
O4 - HKCU..Run: [MSDOS Security Service] msdos.pif
O4 - HKCU..Run: [System Updates Service] updates.pif
O4 - HKCU..Run: [MS Unix Binary] hypertrm.exe
O4 - HKCU..Run: [Toijuo] C:WINDOWSSystem32n?tdde.exe
O4 - HKCU..Run: [Aaau] "C:Program Filesatuowpwt.exe" -vt ndrv
O4 - HKCU..Run: [MS Security] systm.pif
O4 - HKCU..Run: [Windows Security] ms32.pif
O4 - HKCU..Run: [Win Security] msw32.pif
O4 - HKCU..Run: [Wind Security] mswi32.pif
O4 - HKCU..Run: [OS Security] mswind32.pif
O4 - HKCU..Run: [HTML Help System] hhs.pif
O4 - HKCU..Run: [HTML32 Help System] hhs32.pif
O4 - HKCU..Run: [Internet Help Svc] IHSVC.EXE
O4 - HKCU..RunServices: [Windows Updating Service] updating.pif
O4 - HKCU..RunServices: [Windows Security Service] windows.pif
O4 - HKCU..RunServices: [MS-DOS Boot Service] boot32.pif
O4 - HKCU..RunServices: [MS-DOS Security Service] ms-dos.pif
O4 - HKCU..RunServices: [System Update Service] update.pif
O4 - HKCU..RunServices: [MSDOS Security Service] msdos.pif
O4 - HKCU..RunServices: [System Updates Service] updates.pif
O4 - HKCU..RunServices: [MS Security] systm.pif
O4 - HKCU..RunServices: [Windows Security] ms32.pif
O4 - HKCU..RunServices: [Win Security] msw32.pif
O4 - HKCU..RunServices: [Wind Security] mswi32.pif
O4 - HKCU..RunServices: [OS Security] mswind32.pif
O4 - HKCU..RunServices: [HTML Help System] hhs.pif
O4 - HKCU..RunServices: [HTML32 Help System] hhs32.pif
O4 - HKCU..RunServices: [Internet Help Svc] IHSVC.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:WinZipWZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_pao_med.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Za [...] ge-c11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcca - ddcca.dll (file missing)
O20 - Winlogon Notify: mljge - C:WINDOWSSystem32mljge.dll
O20 - Winlogon Notify: mljgg - mljgg.dll (file missing)
O20 - Winlogon Notify: ssttt - ssttt.dll (file missing)
O20 - Winlogon Notify: vtuts - C:WINDOWSSystem32vtuts.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesFichiers communsInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:Program FilesKaspersky LabKaspersky Anti-Virus Personalkavsvc.exe
O23 - Service: Local Security Authority Server (LSA Server) - Unknown owner - C:WINDOWSSystem32lsasrv.exe (file missing)
O23 - Service: MSGSERVICE - Unknown owner - C:WINDOWSmsgsrv.exe (file missing)
O23 - Service: TCP/IP NetBIOS Connections (nbconn) - Unknown owner - C:WINDOWSwinstub.exe (file missing)
O23 - Service: netinfo - Unknown owner - C:WINDOWSnetinfo.exe (file missing)
O23 - Service: NTFSprotect (ntfsdiscman) - Unknown owner - C:WINDOWSntfsprotect.exe (file missing)
O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:WINDOWSSystem32Perfhmon.exe (file missing)
O23 - Service: System Manager Service (SMSC) - Unknown owner - C:WINDOWSsmsc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: WindowsSysBoot - Unknown owner - C:WINDOWSwinsys.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:WINDOWSsystem32wincntrl.exe

Voilà, en esperant recevoir des réponses positives ainsi qu'un peu d'aide. Merci d'avance.

PS: Je signale par précaution que je n'arrive pas à lancer le mode sans échec classique. Il bloque. Je passe par le mode sans échec avec prise en charge de réseaux, j'espere que ça pose pas de problême. Re-merci.
A voir également:

16 réponses

Réponse 1 / 16
Utilisateur anonyme
29 oct. 2005 à 13:14
Salut,
dit nous tu es sous quelle version de windows?!
Ensuite telecharge ces logiciels gratuit fait un scan avec chacun puis seulement après remet un rapport hijack:
installe vite un anti virus:
avast! Edition Familiale:
Un antivirus gratuit et en français!
Avast Edition Familiale


SpyBot - Search & Destroy en français:
Spybot Search & Destroy

a² free: Contre les trojans et malware.
a² free

Ad-Aware SE Personal:(en anglais)
Ad-aware

Le patch pour le faire fonctionner en français:
Patch FR pour Ad-aware
0
Oone
29 oct. 2005 à 13:18
Merci de me répondre :)

Je suis sous Windows XP Professionnal edition SP1.

Je possède déjà Kaspersky comme anti-virus, à la place de Avast ça suffira ? Je télécharge quand même a² free pour voir, le reste j'ai déjà.
0
Utilisateur anonyme > Oone
29 oct. 2005 à 13:21
Ok,
met a jour ton windows alors:
Demarrer, tous les programmes, (tout en haut) windows update, puis laisse toi guider.
Oui telecharge a² free il sera utile, puis fait un scan.
je regarde ton rapport en anntendant que tu fasses les mises à jour ;)
Laisse tomber avast si tu as kapersky.
0
Réponse 2 / 16
Utilisateur anonyme
29 oct. 2005 à 13:39
Re,
tu peux fixer ceci:

R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.directsearchzone.com/sp2.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.directsearchzone.com/sp2.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.directsearchzone.com/sp2.php
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:WINDOWSSystem32mljge.dll
O4 - HKLM..Run: [Windows Svshost Service Update 32] svcsshost32.exe
O4 - HKLM..Run: [Wind0ws Sharing] ssprotecter.exe
O4 - HKLM..Run: [Microsoft Update] wuamkop32.exe
O4 - HKLM..Run: [System Update Service] update.pif
O4 - HKLM..Run: [Windows Security Service] windows.pif
O4 - HKLM..Run: [MSDOS Security Service] msdos.pif
O4 - HKLM..Run: [MS Security] systm.pif
O4 - HKLM..Run: [Windows Security] ms32.pif
O4 - HKLM..Run: [Win Security] msw32.pif
O4 - HKLM..Run: [OS Security] mswind32.pif
O4 - HKLM..Run: [SVCH Service] svch32.pif
O4 - HKLM..Run: [HTML Help System] hhs.pif
O4 - HKLM..Run: [HTML32 Help System] hhs32.pif
O4 - HKLM..Run: [Internet Help Svc] IHSVC.EXE
O4 - HKLM..Run: [System service78] C:WINDOWSetbpokapoka78.exe
O4 - HKLM..RunServices: [SERV PacK2] nure.exe
O4 - HKLM..RunServices: [Windows Svshost Service Update 32] svcsshost32.exe
O4 - HKLM..RunServices: [Wind0ws Sharing] ssprotecter.exe
O4 - HKLM..RunServices: [Microsoft Update] wuamkop32.exe
O4 - HKLM..RunServices: [Windows Updating Service] updating.pif
O4 - HKLM..RunServices: [MS UniX] navupdate64.exe
O4 - HKLM..RunServices: [System Update Service] update.pif
O4 - HKLM..RunServices: [Windows Security Service] windows.pif
O4 - HKLM..RunServices: [MS-DOS Boot Service] boot32.pif
O4 - HKLM..RunServices: [MS-DOS Security Service] ms-dos.pif
O4 - HKLM..RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM..RunServices: [System Updates Service] updates.pif
O4 - HKLM..RunServices: [MS Unix Binary] hypertrm.exe
O4 - HKLM..RunServices: [MS Security] systm.pif
O4 - HKLM..RunServices: [Windows Security] ms32.pif
O4 - HKLM..RunServices: [Win Security] msw32.pif
O4 - HKLM..RunServices: [Wind Security] mswi32.pif
O4 - HKLM..RunServices: [OS Security] mswind32.pif
O4 - HKLM..RunServices: [SVCH Service] svch32.pif
O4 - HKLM..RunServices: [HTML Help System] hhs.pif
O4 - HKLM..RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM..RunServices: [Internet Help Svc] IHSVC.EXE
O4 - HKCU..Run: [Windows Svshost Service Update 32] svcsshost32.exe
O4 - HKCU..Run: [Windows Updating Service] updating.pif
O4 - HKCU..Run: [MS UniX] navupdate64.exe
O4 - HKCU..Run: [Windows Security Service] windows.pif
O4 - HKCU..Run: [MS-DOS Boot Service] boot32.pif
O4 - HKCU..Run: [MS-DOS Security Service] ms-dos.pif
O4 - HKCU..Run: [System Update Service] update.pif
O4 - HKCU..Run: [MSDOS Security Service] msdos.pif
O4 - HKCU..Run: [System Updates Service] updates.pif
O4 - HKCU..Run: [MS Unix Binary] hypertrm.exe
O4 - HKCU..Run: [Toijuo] C:WINDOWSSystem32n?tdde.exe
O4 - HKCU..Run: [Aaau] "C:Program Filesatuowpwt.exe" -vt ndrv
O4 - HKCU..Run: [MS Security] systm.pif
O4 - HKCU..Run: [Windows Security] ms32.pif
O4 - HKCU..Run: [Win Security] msw32.pif
O4 - HKCU..Run: [Wind Security] mswi32.pif
O4 - HKCU..Run: [OS Security] mswind32.pif
O4 - HKCU..Run: [HTML Help System] hhs.pif
O4 - HKCU..Run: [HTML32 Help System] hhs32.pif
O4 - HKCU..Run: [Internet Help Svc] IHSVC.EXE
O4 - HKCU..RunServices: [Windows Updating Service] updating.pif
O4 - HKCU..RunServices: [Windows Security Service] windows.pif
O4 - HKCU..RunServices: [MS-DOS Boot Service] boot32.pif
O4 - HKCU..RunServices: [MS-DOS Security Service] ms-dos.pif
O4 - HKCU..RunServices: [System Update Service] update.pif
O4 - HKCU..RunServices: [MSDOS Security Service] msdos.pif
O4 - HKCU..RunServices: [System Updates Service] updates.pif
O4 - HKCU..RunServices: [MS Security] systm.pif
O4 - HKCU..RunServices: [Windows Security] ms32.pif
O4 - HKCU..RunServices: [Win Security] msw32.pif
O4 - HKCU..RunServices: [Wind Security] mswi32.pif
O4 - HKCU..RunServices: [OS Security] mswind32.pif
O4 - HKCU..RunServices: [HTML Help System] hhs.pif
O4 - HKCU..RunServices: [HTML32 Help System] hhs32.pif
O4 - HKCU..RunServices: [Internet Help Svc] IHSVC.EXE
O10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_pao_med.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Za [...] ge-c11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O20 - Winlogon Notify: ddcca - ddcca.dll (file missing)
O20 - Winlogon Notify: mljge - C:WINDOWSSystem32mljge.dll
O20 - Winlogon Notify: mljgg - mljgg.dll (file missing)
O20 - Winlogon Notify: ssttt - ssttt.dll (file missing)
O20 - Winlogon Notify: vtuts - C:WINDOWSSystem32vtuts.dll
O23 - Service: Local Security Authority Server (LSA Server) - Unknown owner - C:WINDOWSSystem32lsasrv.exe (file missing)
O23 - Service: MSGSERVICE - Unknown owner - C:WINDOWSmsgsrv.exe (file missing)
O23 - Service: TCP/IP NetBIOS Connections (nbconn) - Unknown owner - C:WINDOWSwinstub.exe (file missing)
O23 - Service: netinfo - Unknown owner - C:WINDOWSnetinfo.exe (file missing)
O23 - Service: NTFSprotect (ntfsdiscman) - Unknown owner - C:WINDOWSntfsprotect.exe (file missing)
O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:WINDOWSSystem32Perfhmon.exe (file missing)
O23 - Service: System Manager Service (SMSC) - Unknown owner - C:WINDOWSsmsc.exe (file missing)

recherche ces fichiers sur ton pc et supprime si present:
svcsshost32.exe
ssprotecter.exe
wuamkop32.exe
update.pif
windows.pif
msdos.pif
systm.pif
ms32.pif
msw32.pif
mswind32.pif
svch32.pif
hhs.pif
hhs32.pif
pokapoka78.exe
nure.exe
svcsshost32.exe
ssprotecter.exe
wuamkop32.exe
navupdate64.exe
windows.pif
boot32.pif
msdos.pif
hypertrm.exe
systm.pif
ms32.pif
msw32.pif
mswi32.pif
svch32.pif
hhs.pif
hhs32.pif
svcsshost32.exe
updating.pif
navupdate64.exe
windows.pif
boot32.pif
ms-dos.pif
update.pif
msdos.pif
updates.pif
hypertrm.exe
systm.pif
ms32.pif
msw32.pif
mswi32.pif
mswind32.pif
hhs.pif
hhs32.pif
boot32.pif
ms-dos.pif
updates.pif
systm.pif
ms32.pif
msw32.pif
mswi32.pif
hhs.pif
hhs32.pif
IHSVC.EXE

Tapes dans executer " msconfig" và sur l'onglet demarrage et desactive si tu vois des fichiers similaires, fait un scan avec sypbot, ad-aware, a²free, puis remet un rapport hijack s'il te plait.
0
Oone
29 oct. 2005 à 14:33
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\mljge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [MNI.UWFX5V_0001_LP] "C:\DOCUME~1\quint\LOCALS~1\Temp\lsas.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\System32\mljge.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ILT - Unknown owner - C:\WINDOWS\ilt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Local Security Authority Server (LSA Server) - Unknown owner - C:\WINDOWS\System32\lsasrv.exe (file missing)
O23 - Service: microsoft update (msnupdate) - Unknown owner - C:\WINDOWS\windupdate.exe
O23 - Service: TCP/IP NetBIOS Connections (nbconn) - Unknown owner - C:\WINDOWS\winstub.exe (file missing)
O23 - Service: NTFSprotect (ntfsdiscman) - Unknown owner - C:\WINDOWS\ntfsprotect.exe (file missing)
O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:\WINDOWS\System32\Perfhmon.exe (file missing)
O23 - Service: System Manager Service (SMSC) - Unknown owner - C:\WINDOWS\smsc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WindowsSysBoot - Unknown owner - C:\WINDOWS\winsys.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe


voilà
0
Réponse 3 / 16
Utilisateur anonyme
29 oct. 2005 à 15:36
Re,
tu peux encore fixer ceci:

O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\mljge.dll
O23 - Service: Local Security Authority Server (LSA Server) - Unknown owner - C:\WINDOWS\System32\lsasrv.exe (file missing)
O23 - Service: microsoft update (msnupdate) - Unknown owner - C:\WINDOWS\windupdate.exe
O23 - Service: TCP/IP NetBIOS Connections (nbconn) - Unknown owner - C:\WINDOWS\winstub.exe (file missing)
O23 - Service: NTFSprotect (ntfsdiscman) - Unknown owner - C:\WINDOWS\ntfsprotect.exe (file missing)
O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:\WINDOWS\System32\Perfhmon.exe (file missing)
O23 - Service: WindowsSysBoot - Unknown owner - C:\WINDOWS\winsys.exe (file missing)

Tu peux telecharger un firewall, pour plus de sécurité:
ZoneAlarm:
Zone Alarm

Où en est ton probléme ?!
Met à jour ton windows si tu ne la pas fait.
0
Oone
29 oct. 2005 à 16:55
A première vue, plus aucun problême. En esperant que cela va durer, merci pour ton aide ;)
0
Réponse 4 / 16
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 332
29 oct. 2005 à 16:56
salut
remet nous un hijack par securite
0
Oone
29 oct. 2005 à 17:47
J'ai quand même l'impression que quelques petits intrus reviennent en permanence :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\mljge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [MNI.UWFX5V_0001_LP] "C:\DOCUME~1\quint\LOCALS~1\Temp\lsas.exe"
O4 - HKLM\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\System32\mljge.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ILT - Unknown owner - C:\WINDOWS\ilt.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Local Security Authority Server (LSA Server) - Unknown owner - C:\WINDOWS\System32\lsasrv.exe (file missing)
O23 - Service: TCP/IP NetBIOS Connections (nbconn) - Unknown owner - C:\WINDOWS\winstub.exe (file missing)
O23 - Service: NTFSprotect (ntfsdiscman) - Unknown owner - C:\WINDOWS\ntfsprotect.exe (file missing)
O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:\WINDOWS\System32\Perfhmon.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 332
29 oct. 2005 à 18:17
salut commence par ceci
telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 2
a la fin il vas reboter donne moi son rapport et refait un hijack
0
Réponse 6 / 16
Oone
29 oct. 2005 à 18:30
Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1516 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1660 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (188 bytes security) (deflated 2%)
adding: lo2.txt (188 bytes security) (deflated 49%)
adding: test.txt (188 bytes security) (stored 0%)
adding: test2.txt (188 bytes security) (stored 0%)
adding: test3.txt (188 bytes security) (stored 0%)
adding: test5.txt (188 bytes security) (stored 0%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Utilisateurs
(ID-IO) ALLOW Read BUILTIN\Utilisateurs
(ID-NI) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-IO) ALLOW Read BUILTIN\Utilisateurs avec pouvoir
(ID-NI) ALLOW Full access BUILTIN\Administrateurs
(ID-IO) ALLOW Full access BUILTIN\Administrateurs
(ID-NI) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access AUTORITE NT\SYSTEM
(ID-IO) ALLOW Full access CREATEUR PROPRIETAIRE


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... failed (GetAccountSid(Administrators)=1332

Restoring Windows Update Certificates.:


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljge]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\System32\\mljge.dll"
"Impersonate"=dword:00000000
"Startup"="SysLogon"
"Logoff"="SysLogoff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************

Hijack arrive dans quelques minutes.
0
Réponse 7 / 16
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 332
29 oct. 2005 à 18:38
oki
0
Oone
29 oct. 2005 à 18:51
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\mljge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [MNI.UWFX5V_0001_LP] "C:\DOCUME~1\quint\LOCALS~1\Temp\lsas.exe"
O4 - HKLM\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\System32\mljge.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ILT - Unknown owner - C:\WINDOWS\ilt.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Local Security Authority Server (LSA Server) - Unknown owner - C:\WINDOWS\System32\lsasrv.exe (file missing)
O23 - Service: TCP/IP NetBIOS Connections (nbconn) - Unknown owner - C:\WINDOWS\winstub.exe (file missing)
O23 - Service: NTFSprotect (ntfsdiscman) - Unknown owner - C:\WINDOWS\ntfsprotect.exe (file missing)
O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:\WINDOWS\System32\Perfhmon.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe
0
Réponse 8 / 16
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 332
29 oct. 2005 à 23:09
salut

****************************************************************
► imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
****************************************************************
► tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore et verifie que tu as les bonnes version c est imperatif

ad-aware (1)version 1.06

(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
spybot (2)version 1.4

(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
et aussi ceci
CleanUp40.exe(3)

voir demo
http://pageperso.aol.fr/balltrap34/democleanup.htm
***
a2(4)

http://www.emsisoft.net/fr/
penser a le metre a jour avant de scanner le pc
***

****************************************************************


assure toi de ceci

Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.

Et appliquer
****************************************************************
vide tes fichiers temps et tempory internet file sur tous les utilisateur

utilise ceci pour le faire
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe


****************************************************************
relance hijack coche ces lignes et ensuite clik sur fix
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\mljge.dll
O4 - HKLM\..\Run: [MNI.UWFX5V_0001_LP] "C:\DOCUME~1\quint\LOCALS~1\Temp\lsas.exe"
O4 - HKLM\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\RunServices: [Internet Help Svc] IHSVC.EXE
O20 - Winlogon Notify: mljge - C:\WINDOWS\System32\mljge.dll
O23 - Service: ILT - Unknown owner - C:\WINDOWS\ilt.exe (file missing)
O23 - Service: Local Security Authority Server (LSA Server) - Unknown owner - C:\WINDOWS\System32\lsasrv.exe (file missing)
O23 - Service: TCP/IP NetBIOS Connections (nbconn) - Unknown owner - C:\WINDOWS\winstub.exe (file missing)
O23 - Service: NTFSprotect (ntfsdiscman) - Unknown owner - C:\WINDOWS\ntfsprotect.exe (file missing)
O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:\WINDOWS\System32\Perfhmon.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe


****************************************************************

****************************************************************
redemarre en mode sans echec

mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
****************************************************************
recherche et suppr ceci
C:\WINDOWS\System32\mljge.dll
IHSVC.EXE
C:\WINDOWS\ilt.exe
C:\WINDOWS\system32\wincntrl.exe
C:\WINDOWS\System32\Perfhmon.exe
C:\WINDOWS\ntfsprotect.exe
C:\WINDOWS\System32\lsasrv.exe

****************************************************************

****************************************************************
►passe adaware et vire tous se qu il trouve
****************************************************************
►passe spy boot et vire tous se qu il trouvent
****************************************************************
►passe a2
****************************************************************
tu vide ta poubelle et tu redemarre en mode normal et refait un hijack

et precise ou en sont tes soucis




--
0
Oone
30 oct. 2005 à 00:20
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\program files\valve\steam\steam.exe
D:\WinZip\WZQKPICK.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\mljge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\System32\mljge.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Local Security Authority Server (LSA Server) - Unknown owner - C:\WINDOWS\System32\lsasrv.exe (file missing)
O23 - Service: TCP/IP NetBIOS Connections (nbconn) - Unknown owner - C:\WINDOWS\winstub.exe (file missing)
O23 - Service: NTFSprotect (ntfsdiscman) - Unknown owner - C:\WINDOWS\ntfsprotect.exe (file missing)
O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:\WINDOWS\System32\Perfhmon.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe (file missing)


Voilà, j'en vois toujours qui reviennent.

Niveau problême j'te dirais ça demain matin, là pour le moment mon pc se porte bien (il commence à ralentir méchamment au bout de 30 minutes environ, sans signaler de virus).
0
Réponse 9 / 16
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 332
30 oct. 2005 à 00:29
j est oublier de te faire arreter les services lol


clik sur Démarrer->exécuter->tape: services.msc

Double-clique: Network Security Service (LSA Server)

Règle-le sur "Arrêté" et "Désactivé".

et fait de meme avecceci
nbconn

ntfsdiscman

Perfhmon

WinNet

et recommence la procedure
0
Oone
30 oct. 2005 à 00:39
nbconn

ntfsdiscman

Perfhmon

WinNet

Je ne trouve aucun de ces quatre là.
0
Réponse 10 / 16
balltrap34 Messages postés 16240 Date d'inscription jeudi 8 janvier 2004 Statut Contributeur sécurité Dernière intervention 28 novembre 2009 332
30 oct. 2005 à 00:47
le premier tu la trouver refait un hijack
0
Réponse 11 / 16
Utilisateur anonyme
30 oct. 2005 à 10:52
salut

en attendant balltrap, vérifie si les services n'apparaissent pas sous ces noms exact:

TCP/IP NetBIOS Connections
NTFSprotect
Performance Logs
MS Dns Service

ensuite, rend toi ici:
http://www.nod32.it/home/home.htm
Dans le menu déroulant de droite, remonte jusqu'a :
Agent.CS trojan cleaner
puis clic sur download
Dezippe AGCSCLEAN.zip

redemarre en mode sans echecs:
dans le dossier AGCSCLEAN, double clic sur le fichier AGCSCLEAN.exe

redemarre le pc et reposte un rapport hijackthis

a+
0
Oone
30 oct. 2005 à 11:24
Hop, voilà :


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\mljge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\System32\mljge.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 12 / 16
Utilisateur anonyme
30 oct. 2005 à 11:33
salut oobe

tu as bien passé le fix en mode sans echec ?

le rapport hijackthis, tu l'a fais en mode normal ?

si tu as bien passé le fix en mode sans echec, je te mettrais une autre manip pour virer celui qui resiste.

a+
0
Réponse 13 / 16
Oone
31 oct. 2005 à 12:07
Desolé, avec un peu de retard, le log Hijack en mode normal :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\D-Tools\daemon.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\program files\valve\steam\steam.exe
D:\WinZip\WZQKPICK.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {416A95BA-5B0D-02DC-2AB7-7195CEF38EC2} - C:\WINDOWS\System32\veoij.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\mljge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\System32\mljge.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 14 / 16
Oone
14 nov. 2005 à 23:15
Bonjour, je suis de retour avec des problêmes supplémentaires. C'est simple : je ne sais pas ce qui se passe. Mon ordinateur rame complètement, bloque, redemarre sans arrêt et Kaspersky ne me signale aucun problêmes. Voici donc mon Hijack en esperant recevoir une fois de plus une aide positive :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {416A95BA-5B0D-02DC-2AB7-7195CEF38EC2} - C:\WINDOWS\System32\veoij.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\mljge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [Browser Help Svc] BHSV.EXE
O4 - HKLM\..\Run: [jncLaWWVZRQZU]La]X] C:\WINDOWS\System32\cbyymuf.exe
O4 - HKLM\..\Run: [Up Service] up32.pif
O4 - HKLM\..\RunServices: [Browser Help Svc] BHSV.EXE
O4 - HKLM\..\RunServices: [jncLaWWVZRQZU]La]X] C:\WINDOWS\System32\cbyymuf.exe
O4 - HKLM\..\RunServices: [Up Service] up32.pif
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Browser Help Svc] BHSV.EXE
O4 - HKCU\..\Run: [Up Service] up32.pif
O4 - HKCU\..\RunServices: [Browser Help Svc] BHSV.EXE
O4 - HKCU\..\RunServices: [Up Service] up32.pif
O4 - Global Startup: WinZip Quick Pick.lnk = D:\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_pagl.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mljge - C:\WINDOWS\System32\mljge.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Microsoft Distributed Transaction (MSDT) - Unknown owner - C:\WINDOWS\msdt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 15 / 16
Oone
16 nov. 2005 à 16:45
Personne ne peut m'aider ? :|
0
Réponse 16 / 16
Goudax
29 nov. 2007 à 12:44
Salut,

Vas voir sur le forum de 01net, y a un type, Maekal_morte, qui se demerde pas mal du tout avec toutes ces daubes. Il m'a bien aidé, j'ai plus rien, ou du moins je ne vois plus rien, mais mon PC tourne bien.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
"Reboot and Select proper Boot Device"
Rodoxx -
Patrick -

5 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses