|
| |
| blindbaker$ blindbaker 28/11 :: 14:00
Invité
| | bonjour, j'ai un petit problème avec un hijacker du nom de windupdate qui exécute le programme wintaskad.exe. Ad aware le détecte mais lorsque je veux l'effacer, ad aware se bloque et impossible d'aller plus loin. Impossible également de le virer manuellement car le processus est en cours d'utilisation et si je l'enlève il redémarre automatiquement. J'aimerais savoir avant d'entreprendre quoique ce soit contre ce programme ce qui ne va pas dans mon log hijackthis svp. Merci de m'aider ^^'
Logfile of HijackThis v1.98.2 Scan saved at 14:54:30, on 28/11/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\ATI2EVXX.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\SSDPSRV.EXE C:\WINDOWS\SYSTEM\MDM.EXE C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SOUNDMAN.EXE C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\HPZTSB04.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE C:\PROGRAM FILES\MSN APPS\UPDATER\01.02.3000.1001\FR\MSNAPPAU.EXE C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE C:\WINDOWS\APPLICATION DATA\MYKEY\MYKEY.EXE C:\PROGRAM FILES\WINDOWS TASKAD\WINSCHED.EXE C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE C:\PROGRAM FILES\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE C:\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\FR\MSNTB.DLL O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\FR\MSNTB.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Apvxdwin.exe" /s O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe" O4 - HKLM\..\Run: [Windows TaskAd] C:\PROGRAM FILES\WINDOWS TASKAD\WINTASKAD.EXE O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavsched.exe" O4 - HKLM\..\RunServices: [PAVFIRES] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\Pavfires.exe" O4 - HKCU\..\Run: [MyKey] C:\WINDOWS\Application Data\MyKey\MyKey.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O12 - Plugin for .bmp: D:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin8.dll O12 - Plugin for .m3u: D:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin8.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA1E71} (RdxIE Class) - http://207.188.7.150/182154f22b38f0dee721/netzip/RdxIE601_fr.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20030625/qtinstall.info.apple.com/abarth/fr/win/QuickTimeInstaller.exe O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup151.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = wanadoo.fr O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 193.252.19.3,193.252.19.4
| |
| Louny$2003355 Louny 28/11 :: 14:18
Arrivante
| | Désactiver la restauration automatique (restore) ensuite redémarrer en mode sans échec. Refaire un scan avec Ad-Aware, corriger les problèmes. Te rendre dans C:\PROGRAM FILES\WINDOWS TASKAD supprimer ce dossier et vider la corbeille
Relancer la machine, puis reposter un rapport à la suite de celui ci. | |
Forum en lecture seule
|
|