Bonsoir, je vous écris à partir d'un PC complètement à la ramasse :o
Depuis quelques jours déjà (voir quelques mois), mon ordinateur se voit régulièrement (ré)infecté par les mêmes virus, qui visibilement font partis de cette catégorie qui s'accroche réellement. De mémoire, les deux plus "énervants" en tout cas ceux qui me posent le plus de problêmes actuellement, il s'agit de : Trojan.Win32.Elitebar.g et Pokepoke76. Le premier ralentis, voir reboot mon pc à plusieurs reprises, le second ne cesse de m'ouvrir IE et semble faire une fixation sur un certain Winfixer 2005.
Donc bref, j'ai déjà Hijack, LQFix et CCleaner pour me charger du nettoyage, me manque que la méthode. Histoire de pas perdre de temps, je poste directement mon rapport Hijack :
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1MOZILL~1FIREFOX.EXE
D:HijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.directsearchzone.com/sp2.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.directsearchzone.com/sp2.php
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.directsearchzone.com/sp2.php
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = local.,
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:WINDOWSSystem32mljge.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx
O4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe"
O4 - HKLM..Run: [Smapp] C:Program FilesAnalog DevicesSoundMAXSMTray.exe
O4 - HKLM..Run: [Windows Svshost Service Update 32] svcsshost32.exe
O4 - HKLM..Run: [Wind0ws Sharing] ssprotecter.exe
O4 - HKLM..Run: [Microsoft Update] wuamkop32.exe
O4 - HKLM..Run: [System Update Service] update.pif
O4 - HKLM..Run: [TkBellExe] "C:Program FilesFichiers communsRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..Run: [Windows Security Service] windows.pif
O4 - HKLM..Run: [DAEMON Tools-1033] "D:Program FilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [MSDOS Security Service] msdos.pif
O4 - HKLM..Run: [iTunesHelper] "D:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_04binjusched.exe
O4 - HKLM..Run: [KAVPersonal50] "D:Program FilesKaspersky LabKaspersky Anti-Virus Personalkav.exe" /minimize
O4 - HKLM..Run: [MS Security] systm.pif
O4 - HKLM..Run: [Windows Security] ms32.pif
O4 - HKLM..Run: [Win Security] msw32.pif
O4 - HKLM..Run: [OS Security] mswind32.pif
O4 - HKLM..Run: [SVCH Service] svch32.pif
O4 - HKLM..Run: [HTML Help System] hhs.pif
O4 - HKLM..Run: [HTML32 Help System] hhs32.pif
O4 - HKLM..Run: [Internet Help Svc] IHSVC.EXE
O4 - HKLM..Run: [MNI.UWFX5V_0001_LP] "C:DOCUME~1quintLOCALS~1Templsas.exe"
O4 - HKLM..Run: [System service78] C:WINDOWSetbpokapoka78.exe
O4 - HKLM..RunServices: [SERV PacK2] nure.exe
O4 - HKLM..RunServices: [Windows Svshost Service Update 32] svcsshost32.exe
O4 - HKLM..RunServices: [Wind0ws Sharing] ssprotecter.exe
O4 - HKLM..RunServices: [Microsoft Update] wuamkop32.exe
O4 - HKLM..RunServices: [Windows Updating Service] updating.pif
O4 - HKLM..RunServices: [MS UniX] navupdate64.exe
O4 - HKLM..RunServices: [System Update Service] update.pif
O4 - HKLM..RunServices: [Windows Security Service] windows.pif
O4 - HKLM..RunServices: [MS-DOS Boot Service] boot32.pif
O4 - HKLM..RunServices: [MS-DOS Security Service] ms-dos.pif
O4 - HKLM..RunServices: [MSDOS Security Service] msdos.pif
O4 - HKLM..RunServices: [System Updates Service] updates.pif
O4 - HKLM..RunServices: [MS Unix Binary] hypertrm.exe
O4 - HKLM..RunServices: [MS Security] systm.pif
O4 - HKLM..RunServices: [Windows Security] ms32.pif
O4 - HKLM..RunServices: [Win Security] msw32.pif
O4 - HKLM..RunServices: [Wind Security] mswi32.pif
O4 - HKLM..RunServices: [OS Security] mswind32.pif
O4 - HKLM..RunServices: [SVCH Service] svch32.pif
O4 - HKLM..RunServices: [HTML Help System] hhs.pif
O4 - HKLM..RunServices: [HTML32 Help System] hhs32.pif
O4 - HKLM..RunServices: [Internet Help Svc] IHSVC.EXE
O4 - HKCU..Run: [Windows Svshost Service Update 32] svcsshost32.exe
O4 - HKCU..Run: [Windows Updating Service] updating.pif
O4 - HKCU..Run: [MS UniX] navupdate64.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe" /background
O4 - HKCU..Run: [Steam] "d:program filesvalvesteamsteam.exe" -silent
O4 - HKCU..Run: [Windows Security Service] windows.pif
O4 - HKCU..Run: [MS-DOS Boot Service] boot32.pif
O4 - HKCU..Run: [MS-DOS Security Service] ms-dos.pif
O4 - HKCU..Run: [System Update Service] update.pif
O4 - HKCU..Run: [MSDOS Security Service] msdos.pif
O4 - HKCU..Run: [System Updates Service] updates.pif
O4 - HKCU..Run: [MS Unix Binary] hypertrm.exe
O4 - HKCU..Run: [Toijuo] C:WINDOWSSystem32n?tdde.exe
O4 - HKCU..Run: [Aaau] "C:Program Filesatuowpwt.exe" -vt ndrv
O4 - HKCU..Run: [MS Security] systm.pif
O4 - HKCU..Run: [Windows Security] ms32.pif
O4 - HKCU..Run: [Win Security] msw32.pif
O4 - HKCU..Run: [Wind Security] mswi32.pif
O4 - HKCU..Run: [OS Security] mswind32.pif
O4 - HKCU..Run: [HTML Help System] hhs.pif
O4 - HKCU..Run: [HTML32 Help System] hhs32.pif
O4 - HKCU..Run: [Internet Help Svc] IHSVC.EXE
O4 - HKCU..RunServices: [Windows Updating Service] updating.pif
O4 - HKCU..RunServices: [Windows Security Service] windows.pif
O4 - HKCU..RunServices: [MS-DOS Boot Service] boot32.pif
O4 - HKCU..RunServices: [MS-DOS Security Service] ms-dos.pif
O4 - HKCU..RunServices: [System Update Service] update.pif
O4 - HKCU..RunServices: [MSDOS Security Service] msdos.pif
O4 - HKCU..RunServices: [System Updates Service] updates.pif
O4 - HKCU..RunServices: [MS Security] systm.pif
O4 - HKCU..RunServices: [Windows Security] ms32.pif
O4 - HKCU..RunServices: [Win Security] msw32.pif
O4 - HKCU..RunServices: [Wind Security] mswi32.pif
O4 - HKCU..RunServices: [OS Security] mswind32.pif
O4 - HKCU..RunServices: [HTML Help System] hhs.pif
O4 - HKCU..RunServices: [HTML32 Help System] hhs32.pif
O4 - HKCU..RunServices: [Internet Help Svc] IHSVC.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:WinZipWZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_04binnpjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSSystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE (file missing)
O10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dll
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_pao_med.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Za [...] ge-c11.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activ [...] asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcca - ddcca.dll (file missing)
O20 - Winlogon Notify: mljge - C:WINDOWSSystem32mljge.dll
O20 - Winlogon Notify: mljgg - mljgg.dll (file missing)
O20 - Winlogon Notify: ssttt - ssttt.dll (file missing)
O20 - Winlogon Notify: vtuts - C:WINDOWSSystem32vtuts.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSSystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesFichiers communsInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:Program FilesKaspersky LabKaspersky Anti-Virus Personalkavsvc.exe
O23 - Service: Local Security Authority Server (LSA Server) - Unknown owner - C:WINDOWSSystem32lsasrv.exe (file missing)
O23 - Service: MSGSERVICE - Unknown owner - C:WINDOWSmsgsrv.exe (file missing)
O23 - Service: TCP/IP NetBIOS Connections (nbconn) - Unknown owner - C:WINDOWSwinstub.exe (file missing)
O23 - Service: netinfo - Unknown owner - C:WINDOWSnetinfo.exe (file missing)
O23 - Service: NTFSprotect (ntfsdiscman) - Unknown owner - C:WINDOWSntfsprotect.exe (file missing)
O23 - Service: Performance Logs (Perfhmon) - Unknown owner - C:WINDOWSSystem32Perfhmon.exe (file missing)
O23 - Service: System Manager Service (SMSC) - Unknown owner - C:WINDOWSsmsc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:Program FilesAnalog DevicesSoundMAXSMAgent.exe
O23 - Service: WindowsSysBoot - Unknown owner - C:WINDOWSwinsys.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:WINDOWSsystem32wincntrl.exe
Voilà, en esperant recevoir des réponses positives ainsi qu'un peu d'aide. Merci d'avance.
PS: Je signale par précaution que je n'arrive pas à lancer le mode sans échec classique. Il bloque. Je passe par le mode sans échec avec prise en charge de réseaux, j'espere que ça pose pas de problême. Re-merci.
