Virus - WinAntivirus Pro 2007 - Problème à enlever
Dernière réponse : dans Sécurité
Bonjour,
J'ai un peu de difficulté à enlever WinAntivirus Pro 2007 de mon ordinateur. SVP pouvez-vous m'aider.
Voici un rapport HijackThis:
------------------
Logfile of HijackThis v1.99.1
Scan saved at 21:45:41, on 17/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Network Associates\McShield\mcshield.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Cristal\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www3.sympatico.ca/denise190
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\mxwiechw.dll",forkonce
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?9cbaedbaad874f77bdd9526dfb532cba
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?9cbaedbaad874f77bdd9526dfb532cba
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - C:\Program Files\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\mcshield.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Unknown owner - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (file missing)
--------------
Voilà. Je dois avouer que j'ai beaucoup de difficulté à comprendre ce rapport.
Merci
J'ai un peu de difficulté à enlever WinAntivirus Pro 2007 de mon ordinateur. SVP pouvez-vous m'aider.
Voici un rapport HijackThis:
------------------
Logfile of HijackThis v1.99.1
Scan saved at 21:45:41, on 17/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Network Associates\McShield\mcshield.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Cristal\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www3.sympatico.ca/denise190
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\mxwiechw.dll",forkonce
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?9cbaedbaad874f77bdd9526dfb532cba
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?9cbaedbaad874f77bdd9526dfb532cba
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - C:\Program Files\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\mcshield.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Unknown owner - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (file missing)
--------------
Voilà. Je dois avouer que j'ai beaucoup de difficulté à comprendre ce rapport.
Merci
Autres pages sur : virus winantivirus pro 2007 probleme enlever
Lassé par la pub ? Créez un compte
Bonjour
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
Démarre ton PC à nouveau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
Démarre ton PC à nouveau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt
Voici le rapport Combofix:
"Cristal" - 2007-07-19 19:23:22 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\geecc.dll
C:\WINDOWS\system32\cceeg.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiSpyware 2006
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiSpyware 2006\Logs\update.log
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\CookieList.dat
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\history.db
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat
C:\Documents and Settings\Cristal.\err.log
C:\Documents and Settings\Cristal.\ResErrors.log
C:\Program Files\Fichiers communs\winantivirus pro 2007
C:\Program Files\Fichiers communs\winantivirus pro 2007\err.log
C:\Program Files\Fichiers communs\winantivirus pro 2007\mfc71.dll
C:\Program Files\Fichiers communs\winantivirus pro 2007\msvcp71.dll
C:\Program Files\Fichiers communs\winantivirus pro 2007\msvcr71.dll
C:\WINDOWS\system32\aethftvy.exe
C:\WINDOWS\system32\ixuwksfu.exe
C:\WINDOWS\system32\mkackmtf.exe
C:\WINDOWS\system32\orqubtvr.exe
C:\WINDOWS\system32\raknaccd.exe
C:\WINDOWS\system32\sdmxanwx.exe
C:\WINDOWS\system32\xbkijtwa.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))
2007-07-19 19:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 19:17 <REP> d-------- C:\WINDOWS\system32\appmgmt
2007-07-19 18:20 <REP> d-------- C:\Program Files\LIUtilities
2007-07-19 18:16 <REP> d-------- C:\VundoFix Backups
2007-07-18 20:49 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-17 21:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-17 20:50 <REP> d-------- C:\Program Files\ewido anti-malware
2007-07-17 20:48 <REP> d-------- C:\Program Files\CCleaner
2007-07-17 19:52 <REP> d--hs---- C:\WINDOWS\CSC
2007-07-17 19:16 <REP> d-------- C:\Program Files\Symantec
2007-07-17 19:16 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-07-17 19:16 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-16 17:28 <REP> d-------- C:\WINDOWS\NKCCDViewerSetting
2007-07-14 16:36 92,616 --a------ C:\DOCUME~1\Cristal\APPLIC~1\winantispyware2006freeinstall_fr[1].exe
2007-07-06 19:00 <REP> d--hs---- C:\UWA7PV
2007-07-06 18:57 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-07-06 18:57 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-07-06 18:57 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-06 18:57 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-06 18:57 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-07-06 18:57 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-07-03 09:11 186,368 --a------ C:\DOCUME~1\Cristal\vxs.exe
2007-07-02 14:28 189,440 --a------ C:\DOCUME~1\Cristal\fset.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-19 01:43:47 -------- d-----w C:\DOCUME~1\Cristal\APPLIC~1\LimeWire
2007-07-18 00:08:07 -------- d-----w C:\DOCUME~1\Cristal\APPLIC~1\Lavasoft
2007-07-06 23:28:44 -------- d-----r C:\Program Files\Common Files
2007-07-06 23:09:10 -------- d-----w C:\Program Files\MSN Messenger
2007-07-06 01:45:50 768 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-07-02 18:23:28 44,288 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-13 02:09:24 0 ----a-w C:\WINDOWS\nsreg.dat
2007-06-03 18:10:21 -------- d-----w C:\Program Files\Macrogaming
2007-06-03 17:35:56 -------- d-----w C:\Program Files\LimeWire
2007-05-24 18:08:06 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-05-24 18:08:06 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-05-22 20:45:20 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-05-22 20:31:02 90 ----a-w C:\WINDOWS\dun.bat
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2005-01-10 04:26:14 596 ----a-w C:\Program Files\INSTALL.LOG
2004-04-30 01:24:50 271 --sha-w C:\Program Files\desktop.ini
2004-04-30 01:24:50 23,357 -c-ha-w C:\Program Files\folder.htt
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 07:02 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
2006-11-05 16:44 548992 -ra------ C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41119F92-AD90-4D62-99A7-6C056FAFC1C0}]
C:\WINDOWS\system32\hgdaa.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBF44511-93B6-4984-8F97-71E68F33E3B1}]
C:\WINDOWS\system32\iiffc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" []
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-10-02 18:41]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 11:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Program Files\ewido anti-malware\shellhook.dll" [2004-09-30 08:21]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffc]
C:\WINDOWS\system32\iiffc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\setup.exe -q
Contents of the 'Scheduled Tasks' folder
2007-07-19 22:03:03 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-19 19:32:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-19 19:34:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-19 19:34
--- E O F ---
Voici un autre rapport
ComboFix-quarantined-files.txt
[ code]
2004-10-07 14:39 1060864 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mfc71.dll.vir
2004-10-07 14:39 348160 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcr71.dll.vir
2004-10-07 14:39 499712 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcp71.dll.vir
2007-02-23 12:24 356 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat.vir
2007-07-06 18:57 21 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode.vir
2007-07-06 18:57 6 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr.vir
2007-07-06 18:59 0 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\WinAntiVirus Pro 2007\err.log.vir
2007-07-06 18:59 36 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode.vir
2007-07-06 19:00 0 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat.vir
2007-07-07 11:45 2537 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log.vir
2007-07-09 12:44 0 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Cristal\err.log.vir
2007-07-09 16:06 136 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log.vir
2007-07-09 16:06 2560 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\CookieList.dat.vir
2007-07-10 15:53 60948 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log.vir
2007-07-10 15:54 107520 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\history.db.vir
2007-07-10 15:54 5488 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Cristal\ResErrors.log.vir
2007-07-12 17:04 266336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\geecc.dll.vir
2007-07-12 17:05 322 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cceeg.ini.vir
2007-07-14 08:10 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\aethftvy.exe.vir
2007-07-15 08:10 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\raknaccd.exe.vir
2007-07-16 08:11 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sdmxanwx.exe.vir
2007-07-16 12:22 6048 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiSpyware 2006\Logs\update.log.vir
2007-07-17 08:09 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\orqubtvr.exe.vir
2007-07-18 08:11 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xbkijtwa.exe.vir
2007-07-19 08:14 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mkackmtf.exe.vir
2007-07-19 18:35 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ixuwksfu.exe.vir
2007-07-19 19:27 352 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
Structure du dossier
Le num%u201Aro de s%u201Arie du volume est 24BF-C5FC
C:\QOOBOX
\---Quarantine
+---C
| +---Documents and Settings
| | \---Cristal
| | err.log.vir
| | ResErrors.log.vir
| |
| +---DOCUME~1
| | +---ALLUSE~1
| | | \---APPLIC~1
| | | \---WinAntiVirus Pro 2007
| | | \---Data
| | | Abbr.vir
| | | ActivationCode.vir
| | | ProductCode.vir
| | |
| | \---Cristal
| | \---APPLIC~1
| | +---WinAntiSpyware 2006
| | | \---Logs
| | | update.log.vir
| | |
| | \---WinAntiVirus Pro 2007
| | | avtasks.dat.vir
| | | CookieList.dat.vir
| | | history.db.vir
| | | PGE.dat.vir
| | |
| | \---Logs
| | update.log.vir
| | wa7Support.log.vir
| | winav.log.vir
| |
| +---Program Files
| | \---Fichiers communs
| | \---WinAntiVirus Pro 2007
| | err.log.vir
| | mfc71.dll.vir
| | msvcp71.dll.vir
| | msvcr71.dll.vir
| |
| \---WINDOWS
| \---system32
| aethftvy.exe.vir
| cceeg.ini.vir
| geecc.dll.vir
| ixuwksfu.exe.vir
| mkackmtf.exe.vir
| orqubtvr.exe.vir
| raknaccd.exe.vir
| sdmxanwx.exe.vir
| xbkijtwa.exe.vir
|
\---Registry_backups
services_nm.reg.cf
[/ code]
"Cristal" - 2007-07-19 19:23:22 - ComboFix 07-07-14.6 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\geecc.dll
C:\WINDOWS\system32\cceeg.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiSpyware 2006
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiSpyware 2006\Logs\update.log
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\CookieList.dat
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\history.db
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat
C:\Documents and Settings\Cristal.\err.log
C:\Documents and Settings\Cristal.\ResErrors.log
C:\Program Files\Fichiers communs\winantivirus pro 2007
C:\Program Files\Fichiers communs\winantivirus pro 2007\err.log
C:\Program Files\Fichiers communs\winantivirus pro 2007\mfc71.dll
C:\Program Files\Fichiers communs\winantivirus pro 2007\msvcp71.dll
C:\Program Files\Fichiers communs\winantivirus pro 2007\msvcr71.dll
C:\WINDOWS\system32\aethftvy.exe
C:\WINDOWS\system32\ixuwksfu.exe
C:\WINDOWS\system32\mkackmtf.exe
C:\WINDOWS\system32\orqubtvr.exe
C:\WINDOWS\system32\raknaccd.exe
C:\WINDOWS\system32\sdmxanwx.exe
C:\WINDOWS\system32\xbkijtwa.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\nm
((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))
2007-07-19 19:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 19:17 <REP> d-------- C:\WINDOWS\system32\appmgmt
2007-07-19 18:20 <REP> d-------- C:\Program Files\LIUtilities
2007-07-19 18:16 <REP> d-------- C:\VundoFix Backups
2007-07-18 20:49 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-17 21:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-17 20:50 <REP> d-------- C:\Program Files\ewido anti-malware
2007-07-17 20:48 <REP> d-------- C:\Program Files\CCleaner
2007-07-17 19:52 <REP> d--hs---- C:\WINDOWS\CSC
2007-07-17 19:16 <REP> d-------- C:\Program Files\Symantec
2007-07-17 19:16 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-07-17 19:16 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-16 17:28 <REP> d-------- C:\WINDOWS\NKCCDViewerSetting
2007-07-14 16:36 92,616 --a------ C:\DOCUME~1\Cristal\APPLIC~1\winantispyware2006freeinstall_fr[1].exe
2007-07-06 19:00 <REP> d--hs---- C:\UWA7PV
2007-07-06 18:57 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-07-06 18:57 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-07-06 18:57 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-06 18:57 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-06 18:57 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-07-06 18:57 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-07-03 09:11 186,368 --a------ C:\DOCUME~1\Cristal\vxs.exe
2007-07-02 14:28 189,440 --a------ C:\DOCUME~1\Cristal\fset.exe
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-19 01:43:47 -------- d-----w C:\DOCUME~1\Cristal\APPLIC~1\LimeWire
2007-07-18 00:08:07 -------- d-----w C:\DOCUME~1\Cristal\APPLIC~1\Lavasoft
2007-07-06 23:28:44 -------- d-----r C:\Program Files\Common Files
2007-07-06 23:09:10 -------- d-----w C:\Program Files\MSN Messenger
2007-07-06 01:45:50 768 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-07-02 18:23:28 44,288 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-13 02:09:24 0 ----a-w C:\WINDOWS\nsreg.dat
2007-06-03 18:10:21 -------- d-----w C:\Program Files\Macrogaming
2007-06-03 17:35:56 -------- d-----w C:\Program Files\LimeWire
2007-05-24 18:08:06 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-05-24 18:08:06 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-05-22 20:45:20 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-05-22 20:31:02 90 ----a-w C:\WINDOWS\dun.bat
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2005-01-10 04:26:14 596 ----a-w C:\Program Files\INSTALL.LOG
2004-04-30 01:24:50 271 --sha-w C:\Program Files\desktop.ini
2004-04-30 01:24:50 23,357 -c-ha-w C:\Program Files\folder.htt
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 07:02 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
2006-11-05 16:44 548992 -ra------ C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41119F92-AD90-4D62-99A7-6C056FAFC1C0}]
C:\WINDOWS\system32\hgdaa.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBF44511-93B6-4984-8F97-71E68F33E3B1}]
C:\WINDOWS\system32\iiffc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" []
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-10-02 18:41]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 11:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Program Files\ewido anti-malware\shellhook.dll" [2004-09-30 08:21]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffc]
C:\WINDOWS\system32\iiffc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\setup.exe -q
Contents of the 'Scheduled Tasks' folder
2007-07-19 22:03:03 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
**************************************************************************
catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-19 19:32:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-19 19:34:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-19 19:34
--- E O F ---
Voici un autre rapport
ComboFix-quarantined-files.txt
[ code]
2004-10-07 14:39 1060864 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mfc71.dll.vir
2004-10-07 14:39 348160 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcr71.dll.vir
2004-10-07 14:39 499712 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcp71.dll.vir
2007-02-23 12:24 356 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat.vir
2007-07-06 18:57 21 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode.vir
2007-07-06 18:57 6 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr.vir
2007-07-06 18:59 0 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\WinAntiVirus Pro 2007\err.log.vir
2007-07-06 18:59 36 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode.vir
2007-07-06 19:00 0 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat.vir
2007-07-07 11:45 2537 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log.vir
2007-07-09 12:44 0 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Cristal\err.log.vir
2007-07-09 16:06 136 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log.vir
2007-07-09 16:06 2560 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\CookieList.dat.vir
2007-07-10 15:53 60948 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log.vir
2007-07-10 15:54 107520 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\history.db.vir
2007-07-10 15:54 5488 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Cristal\ResErrors.log.vir
2007-07-12 17:04 266336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\geecc.dll.vir
2007-07-12 17:05 322 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cceeg.ini.vir
2007-07-14 08:10 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\aethftvy.exe.vir
2007-07-15 08:10 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\raknaccd.exe.vir
2007-07-16 08:11 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sdmxanwx.exe.vir
2007-07-16 12:22 6048 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiSpyware 2006\Logs\update.log.vir
2007-07-17 08:09 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\orqubtvr.exe.vir
2007-07-18 08:11 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xbkijtwa.exe.vir
2007-07-19 08:14 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mkackmtf.exe.vir
2007-07-19 18:35 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ixuwksfu.exe.vir
2007-07-19 19:27 352 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
Structure du dossier
Le num%u201Aro de s%u201Arie du volume est 24BF-C5FC
C:\QOOBOX
\---Quarantine
+---C
| +---Documents and Settings
| | \---Cristal
| | err.log.vir
| | ResErrors.log.vir
| |
| +---DOCUME~1
| | +---ALLUSE~1
| | | \---APPLIC~1
| | | \---WinAntiVirus Pro 2007
| | | \---Data
| | | Abbr.vir
| | | ActivationCode.vir
| | | ProductCode.vir
| | |
| | \---Cristal
| | \---APPLIC~1
| | +---WinAntiSpyware 2006
| | | \---Logs
| | | update.log.vir
| | |
| | \---WinAntiVirus Pro 2007
| | | avtasks.dat.vir
| | | CookieList.dat.vir
| | | history.db.vir
| | | PGE.dat.vir
| | |
| | \---Logs
| | update.log.vir
| | wa7Support.log.vir
| | winav.log.vir
| |
| +---Program Files
| | \---Fichiers communs
| | \---WinAntiVirus Pro 2007
| | err.log.vir
| | mfc71.dll.vir
| | msvcp71.dll.vir
| | msvcr71.dll.vir
| |
| \---WINDOWS
| \---system32
| aethftvy.exe.vir
| cceeg.ini.vir
| geecc.dll.vir
| ixuwksfu.exe.vir
| mkackmtf.exe.vir
| orqubtvr.exe.vir
| raknaccd.exe.vir
| sdmxanwx.exe.vir
| xbkijtwa.exe.vir
|
\---Registry_backups
services_nm.reg.cf
[/ code]
Voici le rapport VundoFix:
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 18:16:18 19/07/2007
Listing files found while scanning....
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 18:37:30 19/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\aadgh.bak1
C:\WINDOWS\system32\aadgh.bak2
C:\WINDOWS\system32\aadgh.ini
C:\WINDOWS\system32\aadgh.ini2
C:\WINDOWS\system32\aadgh.tmp
C:\WINDOWS\system32\asrohxsn.dll
C:\windows\system32\cfwwbifo.dll
C:\windows\system32\chrfnsvu.ini
C:\windows\system32\cxganjur.dll
C:\windows\system32\ecastxne.exe
C:\windows\system32\fpjoqrxu.dll
C:\windows\system32\havrsghg.dll
C:\WINDOWS\system32\hgdaa.dll
C:\WINDOWS\system32\iiffc.dll
C:\windows\system32\kehqaxlo.ini
C:\windows\system32\khfppfug.exe
C:\windows\system32\ldecxnhn.ini
C:\windows\system32\lyxduflo.ini
C:\windows\system32\nhnxcedl.dll
C:\windows\system32\nohwsxgr.dll
C:\windows\system32\ofibwwfc.ini
C:\windows\system32\olfudxyl.dll
C:\windows\system32\olxaqhek.dll
C:\windows\system32\oyaoiogp.dll
C:\windows\system32\pgoioayo.ini
C:\windows\system32\pkfxyetg.dll
C:\windows\system32\qhpuaagw.dll
C:\windows\system32\qvydfilf.dll
C:\windows\system32\rckcanuu.dll
C:\windows\system32\rgxswhon.ini
C:\WINDOWS\system32\shpuoupw.dll
C:\windows\system32\uunackcr.ini
C:\windows\system32\uvsnfrhc.dll
C:\windows\system32\wifoaohf.dll
C:\windows\system32\wpuouphs.ini
C:\windows\system32\xvkyrhgu.exe
C:\WINDOWS\system32\yqxxqhps.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\aadgh.bak1
C:\WINDOWS\system32\aadgh.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\aadgh.bak2
C:\WINDOWS\system32\aadgh.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\aadgh.ini
C:\WINDOWS\system32\aadgh.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\aadgh.ini2
C:\WINDOWS\system32\aadgh.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\aadgh.tmp
C:\WINDOWS\system32\aadgh.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\asrohxsn.dll
C:\WINDOWS\system32\asrohxsn.dll Has been deleted!
Attempting to delete C:\windows\system32\cfwwbifo.dll
C:\windows\system32\cfwwbifo.dll Has been deleted!
Attempting to delete C:\windows\system32\chrfnsvu.ini
C:\windows\system32\chrfnsvu.ini Has been deleted!
Attempting to delete C:\windows\system32\cxganjur.dll
C:\windows\system32\cxganjur.dll Has been deleted!
Attempting to delete C:\windows\system32\ecastxne.exe
C:\windows\system32\ecastxne.exe Has been deleted!
Attempting to delete C:\windows\system32\fpjoqrxu.dll
C:\windows\system32\fpjoqrxu.dll Has been deleted!
Attempting to delete C:\windows\system32\havrsghg.dll
C:\windows\system32\havrsghg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgdaa.dll
C:\WINDOWS\system32\hgdaa.dll Has been deleted!
Attempting to delete C:\windows\system32\kehqaxlo.ini
C:\windows\system32\kehqaxlo.ini Has been deleted!
Attempting to delete C:\windows\system32\khfppfug.exe
C:\windows\system32\khfppfug.exe Has been deleted!
Attempting to delete C:\windows\system32\ldecxnhn.ini
C:\windows\system32\ldecxnhn.ini Has been deleted!
Attempting to delete C:\windows\system32\lyxduflo.ini
C:\windows\system32\lyxduflo.ini Has been deleted!
Attempting to delete C:\windows\system32\nhnxcedl.dll
C:\windows\system32\nhnxcedl.dll Has been deleted!
Attempting to delete C:\windows\system32\nohwsxgr.dll
C:\windows\system32\nohwsxgr.dll Has been deleted!
Attempting to delete C:\windows\system32\ofibwwfc.ini
C:\windows\system32\ofibwwfc.ini Has been deleted!
Attempting to delete C:\windows\system32\olfudxyl.dll
C:\windows\system32\olfudxyl.dll Has been deleted!
Attempting to delete C:\windows\system32\olxaqhek.dll
C:\windows\system32\olxaqhek.dll Has been deleted!
Attempting to delete C:\windows\system32\oyaoiogp.dll
C:\windows\system32\oyaoiogp.dll Has been deleted!
Attempting to delete C:\windows\system32\pgoioayo.ini
C:\windows\system32\pgoioayo.ini Has been deleted!
Attempting to delete C:\windows\system32\pkfxyetg.dll
C:\windows\system32\pkfxyetg.dll Has been deleted!
Attempting to delete C:\windows\system32\qhpuaagw.dll
C:\windows\system32\qhpuaagw.dll Has been deleted!
Attempting to delete C:\windows\system32\qvydfilf.dll
C:\windows\system32\qvydfilf.dll Has been deleted!
Attempting to delete C:\windows\system32\rckcanuu.dll
C:\windows\system32\rckcanuu.dll Has been deleted!
Attempting to delete C:\windows\system32\rgxswhon.ini
C:\windows\system32\rgxswhon.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\shpuoupw.dll
C:\WINDOWS\system32\shpuoupw.dll Has been deleted!
Attempting to delete C:\windows\system32\uunackcr.ini
C:\windows\system32\uunackcr.ini Has been deleted!
Attempting to delete C:\windows\system32\uvsnfrhc.dll
C:\windows\system32\uvsnfrhc.dll Has been deleted!
Attempting to delete C:\windows\system32\wifoaohf.dll
C:\windows\system32\wifoaohf.dll Has been deleted!
Attempting to delete C:\windows\system32\wpuouphs.ini
C:\windows\system32\wpuouphs.ini Has been deleted!
Attempting to delete C:\windows\system32\xvkyrhgu.exe
C:\windows\system32\xvkyrhgu.exe Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 18:55:29 19/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\cffii.bak1
C:\WINDOWS\system32\cffii.bak2
C:\WINDOWS\system32\cffii.ini
C:\WINDOWS\system32\iiffc.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cffii.bak1
C:\WINDOWS\system32\cffii.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cffii.bak2
C:\WINDOWS\system32\cffii.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cffii.ini
C:\WINDOWS\system32\cffii.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 19:05:48 19/07/2007
Listing files found while scanning....
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 19:12:18 19/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\iiffc.dll
Beginning removal...
Performing Repairs to the registry.
Done!
Nouveau rapport HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 19:35:50, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Cristal\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www3.sympatico.ca/denise190
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {41119F92-AD90-4D62-99A7-6C056FAFC1C0} - C:\WINDOWS\system32\hgdaa.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DBF44511-93B6-4984-8F97-71E68F33E3B1} - C:\WINDOWS\system32\iiffc.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?9cbaedbaad874f77bdd9526dfb532cba
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?9cbaedbaad874f77bdd9526dfb532cba
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: iiffc - C:\WINDOWS\system32\iiffc.dll (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\mcshield.exe
Merci!![:)]( ":)")
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 18:16:18 19/07/2007
Listing files found while scanning....
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 18:37:30 19/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\aadgh.bak1
C:\WINDOWS\system32\aadgh.bak2
C:\WINDOWS\system32\aadgh.ini
C:\WINDOWS\system32\aadgh.ini2
C:\WINDOWS\system32\aadgh.tmp
C:\WINDOWS\system32\asrohxsn.dll
C:\windows\system32\cfwwbifo.dll
C:\windows\system32\chrfnsvu.ini
C:\windows\system32\cxganjur.dll
C:\windows\system32\ecastxne.exe
C:\windows\system32\fpjoqrxu.dll
C:\windows\system32\havrsghg.dll
C:\WINDOWS\system32\hgdaa.dll
C:\WINDOWS\system32\iiffc.dll
C:\windows\system32\kehqaxlo.ini
C:\windows\system32\khfppfug.exe
C:\windows\system32\ldecxnhn.ini
C:\windows\system32\lyxduflo.ini
C:\windows\system32\nhnxcedl.dll
C:\windows\system32\nohwsxgr.dll
C:\windows\system32\ofibwwfc.ini
C:\windows\system32\olfudxyl.dll
C:\windows\system32\olxaqhek.dll
C:\windows\system32\oyaoiogp.dll
C:\windows\system32\pgoioayo.ini
C:\windows\system32\pkfxyetg.dll
C:\windows\system32\qhpuaagw.dll
C:\windows\system32\qvydfilf.dll
C:\windows\system32\rckcanuu.dll
C:\windows\system32\rgxswhon.ini
C:\WINDOWS\system32\shpuoupw.dll
C:\windows\system32\uunackcr.ini
C:\windows\system32\uvsnfrhc.dll
C:\windows\system32\wifoaohf.dll
C:\windows\system32\wpuouphs.ini
C:\windows\system32\xvkyrhgu.exe
C:\WINDOWS\system32\yqxxqhps.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\aadgh.bak1
C:\WINDOWS\system32\aadgh.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\aadgh.bak2
C:\WINDOWS\system32\aadgh.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\aadgh.ini
C:\WINDOWS\system32\aadgh.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\aadgh.ini2
C:\WINDOWS\system32\aadgh.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\aadgh.tmp
C:\WINDOWS\system32\aadgh.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\asrohxsn.dll
C:\WINDOWS\system32\asrohxsn.dll Has been deleted!
Attempting to delete C:\windows\system32\cfwwbifo.dll
C:\windows\system32\cfwwbifo.dll Has been deleted!
Attempting to delete C:\windows\system32\chrfnsvu.ini
C:\windows\system32\chrfnsvu.ini Has been deleted!
Attempting to delete C:\windows\system32\cxganjur.dll
C:\windows\system32\cxganjur.dll Has been deleted!
Attempting to delete C:\windows\system32\ecastxne.exe
C:\windows\system32\ecastxne.exe Has been deleted!
Attempting to delete C:\windows\system32\fpjoqrxu.dll
C:\windows\system32\fpjoqrxu.dll Has been deleted!
Attempting to delete C:\windows\system32\havrsghg.dll
C:\windows\system32\havrsghg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\hgdaa.dll
C:\WINDOWS\system32\hgdaa.dll Has been deleted!
Attempting to delete C:\windows\system32\kehqaxlo.ini
C:\windows\system32\kehqaxlo.ini Has been deleted!
Attempting to delete C:\windows\system32\khfppfug.exe
C:\windows\system32\khfppfug.exe Has been deleted!
Attempting to delete C:\windows\system32\ldecxnhn.ini
C:\windows\system32\ldecxnhn.ini Has been deleted!
Attempting to delete C:\windows\system32\lyxduflo.ini
C:\windows\system32\lyxduflo.ini Has been deleted!
Attempting to delete C:\windows\system32\nhnxcedl.dll
C:\windows\system32\nhnxcedl.dll Has been deleted!
Attempting to delete C:\windows\system32\nohwsxgr.dll
C:\windows\system32\nohwsxgr.dll Has been deleted!
Attempting to delete C:\windows\system32\ofibwwfc.ini
C:\windows\system32\ofibwwfc.ini Has been deleted!
Attempting to delete C:\windows\system32\olfudxyl.dll
C:\windows\system32\olfudxyl.dll Has been deleted!
Attempting to delete C:\windows\system32\olxaqhek.dll
C:\windows\system32\olxaqhek.dll Has been deleted!
Attempting to delete C:\windows\system32\oyaoiogp.dll
C:\windows\system32\oyaoiogp.dll Has been deleted!
Attempting to delete C:\windows\system32\pgoioayo.ini
C:\windows\system32\pgoioayo.ini Has been deleted!
Attempting to delete C:\windows\system32\pkfxyetg.dll
C:\windows\system32\pkfxyetg.dll Has been deleted!
Attempting to delete C:\windows\system32\qhpuaagw.dll
C:\windows\system32\qhpuaagw.dll Has been deleted!
Attempting to delete C:\windows\system32\qvydfilf.dll
C:\windows\system32\qvydfilf.dll Has been deleted!
Attempting to delete C:\windows\system32\rckcanuu.dll
C:\windows\system32\rckcanuu.dll Has been deleted!
Attempting to delete C:\windows\system32\rgxswhon.ini
C:\windows\system32\rgxswhon.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\shpuoupw.dll
C:\WINDOWS\system32\shpuoupw.dll Has been deleted!
Attempting to delete C:\windows\system32\uunackcr.ini
C:\windows\system32\uunackcr.ini Has been deleted!
Attempting to delete C:\windows\system32\uvsnfrhc.dll
C:\windows\system32\uvsnfrhc.dll Has been deleted!
Attempting to delete C:\windows\system32\wifoaohf.dll
C:\windows\system32\wifoaohf.dll Has been deleted!
Attempting to delete C:\windows\system32\wpuouphs.ini
C:\windows\system32\wpuouphs.ini Has been deleted!
Attempting to delete C:\windows\system32\xvkyrhgu.exe
C:\windows\system32\xvkyrhgu.exe Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 18:55:29 19/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\cffii.bak1
C:\WINDOWS\system32\cffii.bak2
C:\WINDOWS\system32\cffii.ini
C:\WINDOWS\system32\iiffc.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\cffii.bak1
C:\WINDOWS\system32\cffii.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cffii.bak2
C:\WINDOWS\system32\cffii.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\cffii.ini
C:\WINDOWS\system32\cffii.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 19:05:48 19/07/2007
Listing files found while scanning....
VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.
Scan started at 19:12:18 19/07/2007
Listing files found while scanning....
C:\WINDOWS\system32\iiffc.dll
Beginning removal...
Performing Repairs to the registry.
Done!
Nouveau rapport HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 19:35:50, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Cristal\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www3.sympatico.ca/denise190
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {41119F92-AD90-4D62-99A7-6C056FAFC1C0} - C:\WINDOWS\system32\hgdaa.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DBF44511-93B6-4984-8F97-71E68F33E3B1} - C:\WINDOWS\system32\iiffc.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?9cbaedbaad874f77bdd9526dfb532cba
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?9cbaedbaad874f77bdd9526dfb532cba
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: iiffc - C:\WINDOWS\system32\iiffc.dll (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\mcshield.exe
Merci!
C'est mieux.
Relance un scan HijackThis et coche les lignes ci-dessous :
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {41119F92-AD90-4D62-99A7-6C056FAFC1C0} - C:\WINDOWS\system32\hgdaa.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {DBF44511-93B6-4984-8F97-71E68F33E3B1} - C:\WINDOWS\system32\iiffc.dll (file missing)
O20 - Winlogon Notify: iiffc - C:\WINDOWS\system32\iiffc.dll (file missing)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt![:p]( ":p")
aste List of Files/Folders to be moved.
C:\Documents and Settings\Cristal\Application Data\winantispyware2006freeinstall_fr[1].exe
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.
Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici avec le rapport situé dans C:\_OTMoveIt\MovedFiles
Relance un scan HijackThis et coche les lignes ci-dessous :
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {41119F92-AD90-4D62-99A7-6C056FAFC1C0} - C:\WINDOWS\system32\hgdaa.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {DBF44511-93B6-4984-8F97-71E68F33E3B1} - C:\WINDOWS\system32\iiffc.dll (file missing)
O20 - Winlogon Notify: iiffc - C:\WINDOWS\system32\iiffc.dll (file missing)
Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt
aste List of Files/Folders to be moved.C:\Documents and Settings\Cristal\Application Data\winantispyware2006freeinstall_fr[1].exe
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.
Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici avec le rapport situé dans C:\_OTMoveIt\MovedFiles
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumInfecte par winantivirus pro 2006
- ForumInfecte par winantivirus pro 2006 et autres
- ForumFenetres intempestives et winantivirus pro 06
- ForumProbleme avec pop-up winantivirus pro 2006
- ForumFenetres winantivirus pro etc.
- ForumWinantivirus pro pop up
- ForumFenetre pop up winantivirus pro
- ForumProbleme avec popup winantivirus pro et autre
- ForumVirus winantivirus, drivecleaner .
- ForumPopup infecte par winantivirus pro
- Voir plus
