Aide hijacthis et nettoyage
Résolu
lakam
-
philae83 Messages postés 12837 Date d'inscription Statut Contributeur sécurité Dernière intervention -
philae83 Messages postés 12837 Date d'inscription Statut Contributeur sécurité Dernière intervention -
bonjour
J'ai des fenetre intempestives qui s'ouvre régulierement et outlook saturé par des spams plus d'une centaine par jour comme si j'envoyé des milliers de mails et en faite je recois des messages comme quoi celui ci n'est pas distribué.
rapport hijacthis aprés un formatage et toujours le meme probleme en un peu mieux ...
merci pour votre aide .
Logfile of HijackThis v1.99.1
Scan saved at 22:27:12, on 11/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\lakam26\Bureau\Antivirus\HijackThis\analyse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\xugngtry.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B23F4519-956E-47F2-8944-D0864B0E4FA3} - C:\WINDOWS\System32\pmkjj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\System32\pmkjj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
J'ai des fenetre intempestives qui s'ouvre régulierement et outlook saturé par des spams plus d'une centaine par jour comme si j'envoyé des milliers de mails et en faite je recois des messages comme quoi celui ci n'est pas distribué.
rapport hijacthis aprés un formatage et toujours le meme probleme en un peu mieux ...
merci pour votre aide .
Logfile of HijackThis v1.99.1
Scan saved at 22:27:12, on 11/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\lakam26\Bureau\Antivirus\HijackThis\analyse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\xugngtry.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B23F4519-956E-47F2-8944-D0864B0E4FA3} - C:\WINDOWS\System32\pmkjj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\System32\pmkjj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:
- Aide hijacthis et nettoyage
- Nettoyage pc lent - Guide
- Nettoyage mac - Guide
- Nettoyage de disque - Guide
- Nettoyage - Guide
- Nettoyage pc gratuit - Guide
9 réponses
bonsoir,
* Télécharge VundoFix.exe (par Atribune) sur ton Bureau
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
* Télécharge VundoFix.exe (par Atribune) sur ton Bureau
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
BONSOIR
Voici le rapport de vundo
VundoFix V6.2.13
Checking Java version...
Scan started at 06:32:41 12/01/2007
Listing files found while scanning....
C:\WINDOWS\System32\pmkjj.dll
C:\WINDOWS\System32\jjkmp.ini
C:\WINDOWS\System32\jjkmp.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\System32\pmkjj.dll
C:\WINDOWS\System32\pmkjj.dll Could not be deleted.
Attempting to delete C:\WINDOWS\System32\jjkmp.ini
C:\WINDOWS\System32\jjkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\jjkmp.bak2
C:\WINDOWS\System32\jjkmp.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
VundoFix V6.2.13
Checking Java version...
Scan started at 06:50:38 12/01/2007
Listing files found while scanning....
No infected files were found.
et le rapport hijacthis
Logfile of HijackThis v1.99.1
Scan saved at 22:26:49, on 12/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\lakam26\Bureau\Antivirus\HijackThis\analyse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\xugngtry.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {ACEC02B7-A346-4FC6-8AE8-5FF40FA48C7D} - C:\WINDOWS\System32\pmkjj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\bbqmalxm.dll",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\System32\pmkjj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Merci de votre aide
Voici le rapport de vundo
VundoFix V6.2.13
Checking Java version...
Scan started at 06:32:41 12/01/2007
Listing files found while scanning....
C:\WINDOWS\System32\pmkjj.dll
C:\WINDOWS\System32\jjkmp.ini
C:\WINDOWS\System32\jjkmp.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\System32\pmkjj.dll
C:\WINDOWS\System32\pmkjj.dll Could not be deleted.
Attempting to delete C:\WINDOWS\System32\jjkmp.ini
C:\WINDOWS\System32\jjkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\jjkmp.bak2
C:\WINDOWS\System32\jjkmp.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
VundoFix V6.2.13
Checking Java version...
Scan started at 06:50:38 12/01/2007
Listing files found while scanning....
No infected files were found.
et le rapport hijacthis
Logfile of HijackThis v1.99.1
Scan saved at 22:26:49, on 12/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\lakam26\Bureau\Antivirus\HijackThis\analyse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\xugngtry.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {ACEC02B7-A346-4FC6-8AE8-5FF40FA48C7D} - C:\WINDOWS\System32\pmkjj.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\bbqmalxm.dll",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\System32\pmkjj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Merci de votre aide
re
* Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* double-clic sur VirtumundoBeGone.exe
* Suis les instructions à l'écran
* Quand le scan est terminé, enregistre le rapport.
* Copie/Colle le ici
ainsi qu'un nouveau rapport hijackthis
* Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
* double-clic sur VirtumundoBeGone.exe
* Suis les instructions à l'écran
* Quand le scan est terminé, enregistre le rapport.
* Copie/Colle le ici
ainsi qu'un nouveau rapport hijackthis
bonjour ,
voici les rapports
[01/13/2007, 8:38:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\lakam26\Bureau\VirtumundoBeGone.exe" )
[01/13/2007, 8:39:01] - Detected System Information:
[01/13/2007, 8:39:01] - Windows Version: 5.1.2600, Service Pack 1
[01/13/2007, 8:39:02] - Current Username: lakam26 (Admin)
[01/13/2007, 8:39:02] - Windows is in NORMAL mode.
[01/13/2007, 8:39:02] - Searching for Browser Helper Objects:
[01/13/2007, 8:39:02] - BHO 1: {22E83328-1676-487E-B750-A450AE393EB8} ()
[01/13/2007, 8:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2007, 8:39:02] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[01/13/2007, 8:39:02] - Found: HKLM\...\Winlogon\Notify\pmkjj - This is probably Virtumundo.
[01/13/2007, 8:39:02] - Assigning {22E83328-1676-487E-B750-A450AE393EB8} MSEvents Object
[01/13/2007, 8:39:02] - BHO list has been changed! Starting over...
[01/13/2007, 8:39:02] - BHO 1: {22E83328-1676-487E-B750-A450AE393EB8} (MSEvents Object)
[01/13/2007, 8:39:02] - ALERT: Found MSEvents Object!
[01/13/2007, 8:39:02] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/13/2007, 8:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2007, 8:39:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/13/2007, 8:39:02] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/13/2007, 8:39:02] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/13/2007, 8:39:02] - BHO 4: {7DA39570-5FD2-4f18-94B4-20730CB3F727} ()
[01/13/2007, 8:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2007, 8:39:02] - Checking for HKLM\...\Winlogon\Notify\xugngtry
[01/13/2007, 8:39:02] - Key not found: HKLM\...\Winlogon\Notify\xugngtry, continuing.
[01/13/2007, 8:39:02] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/13/2007, 8:39:02] - Finished Searching Browser Helper Objects
[01/13/2007, 8:39:02] - *** Detected MSEvents Object
[01/13/2007, 8:39:02] - Trying to remove MSEvents Object...
[01/13/2007, 8:39:03] - Terminating Process: IEXPLORE.EXE
[01/13/2007, 8:39:07] - Terminating Process: RUNDLL32.EXE
[01/13/2007, 8:39:07] - Disabling Automatic Shell Restart
[01/13/2007, 8:39:07] - Terminating Process: EXPLORER.EXE
[01/13/2007, 8:39:07] - Suspending the NT Session Manager System Service
[01/13/2007, 8:39:10] - Terminating Windows NT Logon/Logoff Manager
[01/13/2007, 8:39:18] - Re-enabling Automatic Shell Restart
[01/13/2007, 8:39:18] - File to disable: C:\WINDOWS\System32\pmkjj.dll
[01/13/2007, 8:39:18] - Renaming C:\WINDOWS\System32\pmkjj.dll -> C:\WINDOWS\System32\pmkjj.dll.vir
[01/13/2007, 8:39:18] - ! File rename was unsucessful.
[01/13/2007, 8:39:18] - Attempting to Deny Access to C:\WINDOWS\System32\pmkjj.dll
[01/13/2007, 8:39:18] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/13/2007, 8:39:18] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.
[01/13/2007, 8:39:18] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/13/2007, 8:39:18] - Removing HKLM\...\Browser Helper Objects\{22E83328-1676-487E-B750-A450AE393EB8}
[01/13/2007, 8:39:18] - Removing HKCR\CLSID\{22E83328-1676-487E-B750-A450AE393EB8}
[01/13/2007, 8:39:18] - Adding Kill Bit for ActiveX for GUID: {22E83328-1676-487E-B750-A450AE393EB8}
[01/13/2007, 8:39:18] - Deleting ATLEvents/MSEvents Registry entries
[01/13/2007, 8:39:18] - Removing HKLM\...\Winlogon\Notify\pmkjj
[01/13/2007, 8:39:18] - Searching for Browser Helper Objects:
[01/13/2007, 8:39:18] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/13/2007, 8:39:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2007, 8:39:18] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/13/2007, 8:39:18] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/13/2007, 8:39:18] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/13/2007, 8:39:18] - BHO 3: {7DA39570-5FD2-4f18-94B4-20730CB3F727} ()
[01/13/2007, 8:39:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2007, 8:39:18] - Checking for HKLM\...\Winlogon\Notify\xugngtry
[01/13/2007, 8:39:18] - Key not found: HKLM\...\Winlogon\Notify\xugngtry, continuing.
[01/13/2007, 8:39:18] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/13/2007, 8:39:18] - Finished Searching Browser Helper Objects
[01/13/2007, 8:39:18] - Finishing up...
[01/13/2007, 8:39:18] - A restart is needed.
[01/13/2007, 8:39:23] - Attempting to Restart via STOP error (Blue Screen!)
Logfile of HijackThis v1.99.1
Scan saved at 08:45:36, on 13/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\lakam26\Bureau\Antivirus\HijackThis\analyse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {683951E7-56FC-485F-A7D3-F7669C559FDB} - C:\WINDOWS\System32\pmkjj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\xugngtry.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\bbqmalxm.dll",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\System32\pmkjj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
merci pour votre aide
voici les rapports
[01/13/2007, 8:38:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\lakam26\Bureau\VirtumundoBeGone.exe" )
[01/13/2007, 8:39:01] - Detected System Information:
[01/13/2007, 8:39:01] - Windows Version: 5.1.2600, Service Pack 1
[01/13/2007, 8:39:02] - Current Username: lakam26 (Admin)
[01/13/2007, 8:39:02] - Windows is in NORMAL mode.
[01/13/2007, 8:39:02] - Searching for Browser Helper Objects:
[01/13/2007, 8:39:02] - BHO 1: {22E83328-1676-487E-B750-A450AE393EB8} ()
[01/13/2007, 8:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2007, 8:39:02] - Checking for HKLM\...\Winlogon\Notify\pmkjj
[01/13/2007, 8:39:02] - Found: HKLM\...\Winlogon\Notify\pmkjj - This is probably Virtumundo.
[01/13/2007, 8:39:02] - Assigning {22E83328-1676-487E-B750-A450AE393EB8} MSEvents Object
[01/13/2007, 8:39:02] - BHO list has been changed! Starting over...
[01/13/2007, 8:39:02] - BHO 1: {22E83328-1676-487E-B750-A450AE393EB8} (MSEvents Object)
[01/13/2007, 8:39:02] - ALERT: Found MSEvents Object!
[01/13/2007, 8:39:02] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/13/2007, 8:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2007, 8:39:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/13/2007, 8:39:02] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/13/2007, 8:39:02] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/13/2007, 8:39:02] - BHO 4: {7DA39570-5FD2-4f18-94B4-20730CB3F727} ()
[01/13/2007, 8:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2007, 8:39:02] - Checking for HKLM\...\Winlogon\Notify\xugngtry
[01/13/2007, 8:39:02] - Key not found: HKLM\...\Winlogon\Notify\xugngtry, continuing.
[01/13/2007, 8:39:02] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/13/2007, 8:39:02] - Finished Searching Browser Helper Objects
[01/13/2007, 8:39:02] - *** Detected MSEvents Object
[01/13/2007, 8:39:02] - Trying to remove MSEvents Object...
[01/13/2007, 8:39:03] - Terminating Process: IEXPLORE.EXE
[01/13/2007, 8:39:07] - Terminating Process: RUNDLL32.EXE
[01/13/2007, 8:39:07] - Disabling Automatic Shell Restart
[01/13/2007, 8:39:07] - Terminating Process: EXPLORER.EXE
[01/13/2007, 8:39:07] - Suspending the NT Session Manager System Service
[01/13/2007, 8:39:10] - Terminating Windows NT Logon/Logoff Manager
[01/13/2007, 8:39:18] - Re-enabling Automatic Shell Restart
[01/13/2007, 8:39:18] - File to disable: C:\WINDOWS\System32\pmkjj.dll
[01/13/2007, 8:39:18] - Renaming C:\WINDOWS\System32\pmkjj.dll -> C:\WINDOWS\System32\pmkjj.dll.vir
[01/13/2007, 8:39:18] - ! File rename was unsucessful.
[01/13/2007, 8:39:18] - Attempting to Deny Access to C:\WINDOWS\System32\pmkjj.dll
[01/13/2007, 8:39:18] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/13/2007, 8:39:18] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.
[01/13/2007, 8:39:18] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/13/2007, 8:39:18] - Removing HKLM\...\Browser Helper Objects\{22E83328-1676-487E-B750-A450AE393EB8}
[01/13/2007, 8:39:18] - Removing HKCR\CLSID\{22E83328-1676-487E-B750-A450AE393EB8}
[01/13/2007, 8:39:18] - Adding Kill Bit for ActiveX for GUID: {22E83328-1676-487E-B750-A450AE393EB8}
[01/13/2007, 8:39:18] - Deleting ATLEvents/MSEvents Registry entries
[01/13/2007, 8:39:18] - Removing HKLM\...\Winlogon\Notify\pmkjj
[01/13/2007, 8:39:18] - Searching for Browser Helper Objects:
[01/13/2007, 8:39:18] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/13/2007, 8:39:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2007, 8:39:18] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/13/2007, 8:39:18] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/13/2007, 8:39:18] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/13/2007, 8:39:18] - BHO 3: {7DA39570-5FD2-4f18-94B4-20730CB3F727} ()
[01/13/2007, 8:39:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/13/2007, 8:39:18] - Checking for HKLM\...\Winlogon\Notify\xugngtry
[01/13/2007, 8:39:18] - Key not found: HKLM\...\Winlogon\Notify\xugngtry, continuing.
[01/13/2007, 8:39:18] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/13/2007, 8:39:18] - Finished Searching Browser Helper Objects
[01/13/2007, 8:39:18] - Finishing up...
[01/13/2007, 8:39:18] - A restart is needed.
[01/13/2007, 8:39:23] - Attempting to Restart via STOP error (Blue Screen!)
Logfile of HijackThis v1.99.1
Scan saved at 08:45:36, on 13/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\lakam26\Bureau\Antivirus\HijackThis\analyse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {683951E7-56FC-485F-A7D3-F7669C559FDB} - C:\WINDOWS\System32\pmkjj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\xugngtry.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\bbqmalxm.dll",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\System32\pmkjj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
merci pour votre aide
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour,
* Télécharge Pocket KillBox sur ton bureau.
http://www.downloads.subratam.org/KillBox.exe
puis
* redémarre en mode sans échec
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924
et
* lance HijackTHis pour un "scan seulement" et coche :
O2 - BHO: (no name) - {683951E7-56FC-485F-A7D3-F7669C559FDB} - C:\WINDOWS\System32\pmkjj.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\xugngtry.dll
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\bbqmalxm.dll",setvm
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\System32\pmkjj.dll
* clique sur "fixer objet"
puis
* Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
* copie d'un trait les lignes de la citation suivante :
Sur PocketKillBox --> menu "File" --> "Paste from Clipboard" (tu ne verras rien se passer).
Tu peux vérifier dans le menu déroulant que tous les fichiers sont bien présents.
- coche la case "Unregister dll before deleting" (si tu en as la possibilité)
- clique sur le bouton "All files"
- clique ensuite sur la croix rouge
Au deux messages qui vont s'afficher, tu réponds par "YES"
L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.
* redémarre normalement
* reposte un nouveau rapport HijackThis
* Télécharge Pocket KillBox sur ton bureau.
http://www.downloads.subratam.org/KillBox.exe
puis
* redémarre en mode sans échec
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924
et
* lance HijackTHis pour un "scan seulement" et coche :
O2 - BHO: (no name) - {683951E7-56FC-485F-A7D3-F7669C559FDB} - C:\WINDOWS\System32\pmkjj.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\xugngtry.dll
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\bbqmalxm.dll",setvm
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O20 - Winlogon Notify: pmkjj - C:\WINDOWS\System32\pmkjj.dll
* clique sur "fixer objet"
puis
* Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
* copie d'un trait les lignes de la citation suivante :
C:\WINDOWS\System32\pmkjj.dll C:\WINDOWS\System32\xugngtry.dll C:\WINDOWS\System32\bbqmalxm.dll C:\WINDOWS\System32\mysvcc.exe
Sur PocketKillBox --> menu "File" --> "Paste from Clipboard" (tu ne verras rien se passer).
Tu peux vérifier dans le menu déroulant que tous les fichiers sont bien présents.
- coche la case "Unregister dll before deleting" (si tu en as la possibilité)
- clique sur le bouton "All files"
- clique ensuite sur la croix rouge
Au deux messages qui vont s'afficher, tu réponds par "YES"
L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.
* redémarre normalement
* reposte un nouveau rapport HijackThis
bonsoir
voici mon dernier rapport hijacthis
Logfile of HijackThis v1.99.1
Scan saved at 23:14:00, on 18/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\lakam26\Bureau\Antivirus\HijackThis\analyse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://votreportail.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
merci
voici mon dernier rapport hijacthis
Logfile of HijackThis v1.99.1
Scan saved at 23:14:00, on 18/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\lakam26\Bureau\Antivirus\HijackThis\analyse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://votreportail.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
merci
