Virus infecte
jacounette
Messages postés
37
Statut
Membre
-
bernie61 -
bernie61 -
BONJOUR
JE N'ARRIVE PAS A ENLEVER LES VIRUS SUIVANTS:
WIN WORM VIRUS, BACKDOOR TROJAN , TROJAN STARTPAGE1381. comment faire
MALGRE LE SCAN N'ARRIVE PAS A LE METTRE EN QUARANTAINE
MERCI DE L'AIDE JACOUNETTE
JE N'ARRIVE PAS A ENLEVER LES VIRUS SUIVANTS:
WIN WORM VIRUS, BACKDOOR TROJAN , TROJAN STARTPAGE1381. comment faire
MALGRE LE SCAN N'ARRIVE PAS A LE METTRE EN QUARANTAINE
MERCI DE L'AIDE JACOUNETTE
4 réponses
-
hello
un antivirus a toujours du mal avec les trojans
installes et scan avec Ewido
Ewido http://users.skynet.be/BernieClub/index.html#antitrojan
et ensuite ce scan en ligne
https://www.bitdefender.com/toolbox/
a+ -
REBONJOUR
VOICI L'ANALYSE FAITE AVEC HIJACKTHIS
StartupList report, 21/05/2006, 17:27:55
StartupList version: 1.52.2
Started from : C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX60.656\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\DrWeb\DRWEBSCD.EXE
C:\PROGRA~1\DrWeb\spidernt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX60.656\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
NeroFilterCheck = C:\WINDOWS\System32\NeroCheck.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
eBayToolbar = C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
AOLDialer = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
WindowsServicesStartup = C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe 1
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
Install5G = E:\AOLbox\Install.exe /SI=1
DrWebScheduler = "C:\Program Files\DrWeb\DRWEBSCD.EXE"
SpIDerNT = C:\PROGRA~1\DrWeb\spidernt.exe /agent
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
a-squared = "C:\Program Files\a-squared\a2guard.exe"
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\MAT.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Task Scheduler jobs:
HP Usg Daily FY04.job
Maintenance en 1 clic.job
--------------------------------------------------
Enumerating Download Program Files:
[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE = http://aolcc.aol.fr/computercheckup/qdiagcc.cab
[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = https://www.trendmicro.com/en_us/forHome/products/housecall.html
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
[Canal+ Active MSWAY]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msway.dll
CODEBASE = http://servicesv4.canalplusactive.com/cabs/msway42.cab
--------------------------------------------------
Enumerating Winsock LSP files:
Protocol #1: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #2: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #3: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #4: C:\WINDOWS\system32\DRWEBSP.DLL
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:StartupList report, 21/05/2006, 17:19:16
StartupList version: 1.52.2
Started from : C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX05.969\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX05.969\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
NeroFilterCheck = C:\WINDOWS\System32\NeroCheck.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
eBayToolbar = C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
AOLDialer = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
WindowsServicesStartup = C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe 1
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
Install5G = E:\AOLbox\Install.exe /SI=1
DrWebScheduler = "C:\Program Files\DrWeb\DRWEBSCD.EXE"
SpIDerNT = C:\PROGRA~1\DrWeb\spidernt.exe /agent
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
a-squared = "C:\Program Files\a-squared\a2guard.exe"
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\MAT.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Task Scheduler jobs:
HP Usg Daily FY04.job
Maintenance en 1 clic.job
--------------------------------------------------
Enumerating Download Program Files:
[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE = http://aolcc.aol.fr/computercheckup/qdiagcc.cab
[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = https://www.trendmicro.com/en_us/forHome/products/housecall.html
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
[Canal+ Active MSWAY]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msway.dll
CODEBASE = http://servicesv4.canalplusactive.com/cabs/msway42.cab
--------------------------------------------------
Enumerating Winsock LSP files:
Protocol #1: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #2: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #3: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #4: C:\WINDOWS\system32\DRWEBSP.DLL
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 7 411 bytes
Report generated in 0,047 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 7 573 bytes
Report generated in 0,047 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
J'AI FAIT AUSSI DES SCANS AVREC AVG ET EWIDO
CAR CELA RALENTI CONSIDERABLEMENT LE SYSTEME IMPOSSIBLE DE TROUVER LE POURQUOI
MERCI POUR L'AIDE APPORTE JACOUNETTE -
re
désactive un moment AVG Shields et relances Ewido
colle le rapport ici
fais un hijackthis selon ceci
Tu charges HijackThis là et enregistre le dans un répertoire spécifique comme c:\ProgramFiles\Hijack\ :
HijackThis direct download: http://209.133.47.12/~merijn/files/HijackThis.exe
http://ww11.spywareinfo.com/~merijn/downloads.html
Ou là
http://www.spychecker.com/download/download_hijackthis.html
tu le lances « Do a system scan and save log » et sauves le fichier hijackthis.log ou tu copie/colle avec cliq droit de la souris ici
tutor là
http://pageperso.aol.fr/balltrap34/demohijack.htm (merci Balltrap)
a+-
StartupList report, 21/05/2006, 19:40:38
StartupList version: 1.52.2
Started from :
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe
C:\Program Files\Adobe\Photoshop Album Edition
Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\PROGRA~1\DrWeb\spidernt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu
Démarrer\Programmes\Démarrage]
AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
Microsoft Office.lnk = C:\Program Files\microsoft
office\office10\OSA.EXE
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
NeroFilterCheck = C:\WINDOWS\System32\NeroCheck.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update = C:\Program Files\HP\HP Software
Update\HPWuSchd2.exe
TkBellExe = "C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
eBayToolbar = C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
AOLDialer = C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
Picasa Media Detector = C:\Program
Files\Picasa2\PicasaMediaDetector.exe
WindowsServicesStartup = C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\svchost.exe
1
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album
Edition Découverte\3.0\Apps\apdproxy.exe"
Install5G = E:\AOLbox\Install.exe /SI=1
DrWebScheduler = "C:\Program Files\DrWeb\DRWEBSCD.EXE"
SpIDerNT = C:\PROGRA~1\DrWeb\spidernt.exe /agent
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\MAT.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll -
{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll -
{53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {AA58ED58-01DD-4d91-8333-CF10577473F7}
--------------------------------------------------
Enumerating Task Scheduler jobs:
HP Usg Daily FY04.job
Maintenance en 1 clic.job
--------------------------------------------------
Enumerating Download Program Files:
[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE = http://aolcc.aol.fr/computercheckup/qdiagcc.cab
[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE =
https://www.trendmicro.com/en_us/forHome/products/housecall.html
housecall/xscan53.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx
CODEBASE =
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
[Canal+ Active MSWAY]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msway.dll
CODEBASE = http://servicesv4.canalplusactive.com/cabs/msway42.cab
--------------------------------------------------
Enumerating Winsock LSP files:
Protocol #1: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #2: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #3: C:\WINDOWS\system32\DRWEBSP.DLL
Protocol #4: C:\WINDOWS\system32\DRWEBSP.DLL
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations:
C:\DOCUME~1\MAINEN~1\LOCALS~1\Temp\_iu14D2N.tmp|||C
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
--------------------------------------------------
End of report, 7 799 bytes
Report generated in 0,047 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of
platform
/history - to list version history only
-
-
re
NON je souhaite le rapport hijackthis du pgm donné dans le lien 3 pas le hijack de A2
a+
