services.exe 100 % memoire prise

Dernière réponse : 9 Janvier 2006 09:09 dans Sécurité

7 Janvier 2006 17:43:47

Help, I'm died........

J'ai le process services.exe qui bouffe toute ma mémoire et bitdefender ne trouve rien. Ad Aware non plus. Spybot idem. Je m'en sors plus.

Avec quel outil puis je trouver le pb et l'éradiquer

Voici la Log qui me sera certainement demandée :
Logfile of HijackThis v1.99.1
Scan saved at 19:28:07, on 07/01/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\GEARSEC.EXE
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINNT\system32\netdrvr.exe
C:\WINNT\system32\oodag.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wwSecure.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\system32\tp4mon.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\System32\NILaunch.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINNT\system32\CmWatch.exe
C:\WINNT\system32\WANWGUARD.EXE
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\Program Files\a-squared\a2guard.exe
C:\Documents and Settings\Personnel IBM\Mes documents\Ekinx.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\lotus\organize\easyclip.exe
C:\lotus\smartctr\smartctr.exe
C:\Program Files\TuneUp Utilities 2006\Integrator.exe
C:\Program Files\TuneUp Utilities 2006\RegistryEditor.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\CounterSpy.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\wincmd\WINCMD32.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINNT\system32\hlwin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IBMPMSVC] %SystemRoot%\System32\ibmpmsvc.exe -helper
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINNT\System32\NILaunch.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CmCardRun] C:\WINNT\system32\CmWatch.exe
O4 - HKLM\..\Run: [System Loader] WANWGUARD.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] C:\Program Files\Softwin\BitDefender8\bdoesrv.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - HKCU\..\Run: [Ekinx] C:\Documents and Settings\Personnel IBM\Mes documents\Ekinx.exe
O4 - HKCU\..\RunOnce: [System Loader] WANWGUARD.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Envoyer l'image vers la bibliothèque - file://C:\Documents and Settings\Personnel IBM\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/...
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - https://www.fnacmusic.com/telechargementFnacmusic/FnacC...
O20 - AppInit_DLLs: 4Ysockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: 04750 - Unknown owner - \\82.216.82.237\Admin$\eraseme_48580.exe (file missing)
O23 - Service: 37746 - Unknown owner - \\82.216.82.237\Admin$\eraseme_30118.exe (file missing)
O23 - Service: 44426 - Unknown owner - \\82.216.82.237\Admin$\eraseme_46154.exe (file missing)
O23 - Service: 50730 - Unknown owner - \\82.216.82.237\Admin$\eraseme_45503.exe (file missing)
O23 - Service: 74681 - Unknown owner - \\82.216.82.237\Admin$\eraseme_54380.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\SYSTEM32\GEARSEC.EXE
O23 - Service: IBM PM Service (IBMPMSVC) - IBM Corp. - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: netinfo - Unknown owner - C:\WINNT\netinfo.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINNT\system32\wwSecure.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

J'ai réussi pcq j'ai 2 PC en //

Je rame et je galère ... Merci si vous pouvez m'aider

Autres pages sur : services exe 100 memoire prise

| Etre averti des réponses
| Alerter

Répondre à Lesquale59@IDN

Lassé par la pub ? Créez un compte

OmaR

9 Janvier 2006 09:09:45

Salut,

1) Relance HijackThis, coche ces lignes et appuie sur Fix Checked :

Citation :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINNT\system32\hlwin.dll

O4 - HKLM\..\Run: [System Loader] WANWGUARD.EXE

O4 - HKCU\..\RunOnce: [System Loader] WANWGUARD.EXE

O23 - Service: 04750 - Unknown owner - \\82.216.82.237\Admin$\eraseme_48580.exe (file missing)
O23 - Service: 37746 - Unknown owner - \\82.216.82.237\Admin$\eraseme_30118.exe (file missing)
O23 - Service: 44426 - Unknown owner - \\82.216.82.237\Admin$\eraseme_46154.exe (file missing)
O23 - Service: 50730 - Unknown owner - \\82.216.82.237\Admin$\eraseme_45503.exe (file missing)
O23 - Service: 74681 - Unknown owner - \\82.216.82.237\Admin$\eraseme_54380.exe (file missing)

O23 - Service: netinfo - Unknown owner - C:\WINNT\netinfo.exe (file missing)

2) Redémarre en mode sans échec

3) Supprime ces fichiers :
C:\WINNT\netinfo.exe
WANWGUARD.EXE
C:\WINNT\system32\hlwin.dll

4) Redémarre normalement

5) Reposte un nouveau log si tu as toujours des soucis.

| Alerter

Répondre à OmaR

Lassé par la pub ? Créez un compte

Créer un nouveau sujet

Contenus similaires :

Tags :

internet explorer

Tom's guide dans le monde