Sujet Précédent Sujet Suivant

Virus infecte

Fermé
jacounette Messages postés 37 Date d'inscription vendredi 6 mai 2005 Statut Membre Dernière intervention 30 août 2006 - 21 mai 2006 à 11:27
 bernie61 - 22 mai 2006 à 21:25
BONJOUR

JE N'ARRIVE PAS A ENLEVER LES VIRUS SUIVANTS:
WIN WORM VIRUS, BACKDOOR TROJAN , TROJAN STARTPAGE1381. comment faire

MALGRE LE SCAN N'ARRIVE PAS A LE METTRE EN QUARANTAINE

MERCI DE L'AIDE JACOUNETTE

4 réponses

Réponse 1 / 4
bernie61
21 mai 2006 à 11:36
hello
un antivirus a toujours du mal avec les trojans
installes et scan avec Ewido
Ewido http://users.skynet.be/BernieClub/index.html#antitrojan

et ensuite ce scan en ligne
https://www.bitdefender.com/toolbox/
a+
0
Réponse 2 / 4
jacounette Messages postés 37 Date d'inscription vendredi 6 mai 2005 Statut Membre Dernière intervention 30 août 2006
21 mai 2006 à 17:38
REBONJOUR
VOICI L'ANALYSE FAITE AVEC HIJACKTHIS

StartupList report, 21/05/2006, 17:27:55
StartupList version: 1.52.2
Started from : C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX60.656\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\DrWeb\DRWEBSCD.EXE
C:\PROGRA~1\DrWeb\spidernt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX60.656\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
NeroFilterCheck = C:\WINDOWS\System32\NeroCheck.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
eBayToolbar = C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
AOLDialer = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
WindowsServicesStartup = C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe 1
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
Install5G = E:\AOLbox\Install.exe /SI=1
DrWebScheduler = "C:\Program Files\DrWeb\DRWEBSCD.EXE"
SpIDerNT = C:\PROGRA~1\DrWeb\spidernt.exe /agent

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
a-squared = "C:\Program Files\a-squared\a2guard.exe"

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\MAT.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

HP Usg Daily FY04.job
Maintenance en 1 clic.job

--------------------------------------------------

Enumerating Download Program Files:

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE = http://aolcc.aol.fr/computercheckup/qdiagcc.cab

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = https://www.trendmicro.com/en_us/forHome/products/housecall.html

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

[Canal+ Active MSWAY]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msway.dll
CODEBASE = http://servicesv4.canalplusactive.com/cabs/msway42.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #2: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #3: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #4: C:\WINDOWS\system32\DRWEBSP.DLL

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:StartupList report, 21/05/2006, 17:19:16
StartupList version: 1.52.2
Started from : C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX05.969\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX05.969\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
NeroFilterCheck = C:\WINDOWS\System32\NeroCheck.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
eBayToolbar = C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
AOLDialer = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
WindowsServicesStartup = C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe 1
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
Install5G = E:\AOLbox\Install.exe /SI=1
DrWebScheduler = "C:\Program Files\DrWeb\DRWEBSCD.EXE"
SpIDerNT = C:\PROGRA~1\DrWeb\spidernt.exe /agent

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
a-squared = "C:\Program Files\a-squared\a2guard.exe"

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\MAT.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

HP Usg Daily FY04.job
Maintenance en 1 clic.job

--------------------------------------------------

Enumerating Download Program Files:

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE = http://aolcc.aol.fr/computercheckup/qdiagcc.cab

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = https://www.trendmicro.com/en_us/forHome/products/housecall.html

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

[Canal+ Active MSWAY]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msway.dll
CODEBASE = http://servicesv4.canalplusactive.com/cabs/msway42.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #2: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #3: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #4: C:\WINDOWS\system32\DRWEBSP.DLL

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 7 411 bytes
Report generated in 0,047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 7 573 bytes
Report generated in 0,047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
J'AI FAIT AUSSI DES SCANS AVREC AVG ET EWIDO
CAR CELA RALENTI CONSIDERABLEMENT LE SYSTEME IMPOSSIBLE DE TROUVER LE POURQUOI

MERCI POUR L'AIDE APPORTE JACOUNETTE
0
Réponse 3 / 4
bernie61
21 mai 2006 à 17:53
re
désactive un moment AVG Shields et relances Ewido
colle le rapport ici

fais un hijackthis selon ceci
Tu charges HijackThis là et enregistre le dans un répertoire spécifique comme c:\ProgramFiles\Hijack\ :
HijackThis direct download: http://209.133.47.12/~merijn/files/HijackThis.exe
http://ww11.spywareinfo.com/~merijn/downloads.html
Ou là
http://www.spychecker.com/download/download_hijackthis.html
tu le lances « Do a system scan and save log » et sauves le fichier hijackthis.log ou tu copie/colle avec cliq droit de la souris ici
tutor là
http://pageperso.aol.fr/balltrap34/demohijack.htm (merci Balltrap)

a+
0
jacounette Messages postés 37 Date d'inscription vendredi 6 mai 2005 Statut Membre Dernière intervention 30 août 2006
21 mai 2006 à 19:40
StartupList report, 21/05/2006, 19:40:38
StartupList version: 1.52.2
Started from :

C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe
C:\Program Files\Adobe\Photoshop Album Edition

Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\PROGRA~1\DrWeb\spidernt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu

Démarrer\Programmes\Démarrage]
AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\microsoft

office\office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
NeroFilterCheck = C:\WINDOWS\System32\NeroCheck.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update = C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
TkBellExe = "C:\Program Files\Fichiers

communs\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
eBayToolbar = C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
AOLDialer = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
Picasa Media Detector = C:\Program

Files\Picasa2\PicasaMediaDetector.exe
WindowsServicesStartup = C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe

1
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album

Edition Découverte\3.0\Apps\apdproxy.exe"
Install5G = E:\AOLbox\Install.exe /SI=1
DrWebScheduler = "C:\Program Files\DrWeb\DRWEBSCD.EXE"
SpIDerNT = C:\PROGRA~1\DrWeb\spidernt.exe /agent

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\MAT.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll -

{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll -

{53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

HP Usg Daily FY04.job
Maintenance en 1 clic.job

--------------------------------------------------

Enumerating Download Program Files:

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE = http://aolcc.aol.fr/computercheckup/qdiagcc.cab

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE =

https://www.trendmicro.com/en_us/forHome/products/housecall.html

housecall/xscan53.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE =

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

[Canal+ Active MSWAY]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msway.dll
CODEBASE = http://servicesv4.canalplusactive.com/cabs/msway42.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #2: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #3: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #4: C:\WINDOWS\system32\DRWEBSP.DLL

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations:

C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\_iu14D2N.tmp|||C

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 7 799 bytes
Report generated in 0,047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of

platform
/history - to list version history only
0
Réponse 4 / 4
bernie61
22 mai 2006 à 21:25
re
NON je souhaite le rapport hijackthis du pgm donné dans le lien 3 pas le hijack de A2

a+
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses