Se connecter / S'enregistrer
Votre question

Virus - WinAntivirus Pro 2007 - Problème à enlever

Tags :
  • Network associates
  • Sécurité
Dernière réponse : dans Sécurité et virus
18 Juillet 2007 06:24:16

Bonjour,

J'ai un peu de difficulté à enlever WinAntivirus Pro 2007 de mon ordinateur. SVP pouvez-vous m'aider.

Voici un rapport HijackThis:

------------------
Logfile of HijackThis v1.99.1
Scan saved at 21:45:41, on 17/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Network Associates\McShield\mcshield.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Cristal\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www3.sympatico.ca/denise190
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\mxwiechw.dll",forkonce
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?9cbaedbaad874f77bdd9526dfb532cba
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?9cbaedbaad874f77bdd9526dfb532cba
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - C:\Program Files\Symantec AntiVirus\DefWatch.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\mcshield.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Unknown owner - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (file missing)

--------------

Voilà. Je dois avouer que j'ai beaucoup de difficulté à comprendre ce rapport.
Merci

Autres pages sur : virus winantivirus pro 2007 probleme enlever

18 Juillet 2007 14:15:05

Bonjour


Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo.
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

Démarre ton PC à nouveau.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis et le contenu du rapport situé dans C:\vundofix.txt
19 Juillet 2007 00:44:42

Merci beaucoup pour la réponse.

Je n'ai pas le temps maintenant, alors je vais faire ces étapes et je vais vous renvoyer les 2 nouveaux rapports demain.

Merci
Contenus similaires
20 Juillet 2007 05:02:48

Voici le rapport Combofix:


"Cristal" - 2007-07-19 19:23:22 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\geecc.dll
C:\WINDOWS\system32\cceeg.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiSpyware 2006
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiSpyware 2006\Logs\update.log
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\CookieList.dat
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\history.db
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log
C:\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat
C:\Documents and Settings\Cristal.\err.log
C:\Documents and Settings\Cristal.\ResErrors.log
C:\Program Files\Fichiers communs\winantivirus pro 2007
C:\Program Files\Fichiers communs\winantivirus pro 2007\err.log
C:\Program Files\Fichiers communs\winantivirus pro 2007\mfc71.dll
C:\Program Files\Fichiers communs\winantivirus pro 2007\msvcp71.dll
C:\Program Files\Fichiers communs\winantivirus pro 2007\msvcr71.dll
C:\WINDOWS\system32\aethftvy.exe
C:\WINDOWS\system32\ixuwksfu.exe
C:\WINDOWS\system32\mkackmtf.exe
C:\WINDOWS\system32\orqubtvr.exe
C:\WINDOWS\system32\raknaccd.exe
C:\WINDOWS\system32\sdmxanwx.exe
C:\WINDOWS\system32\xbkijtwa.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))


2007-07-19 19:22 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-19 19:17 <REP> d-------- C:\WINDOWS\system32\appmgmt
2007-07-19 18:20 <REP> d-------- C:\Program Files\LIUtilities
2007-07-19 18:16 <REP> d-------- C:\VundoFix Backups
2007-07-18 20:49 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-17 21:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-17 20:50 <REP> d-------- C:\Program Files\ewido anti-malware
2007-07-17 20:48 <REP> d-------- C:\Program Files\CCleaner
2007-07-17 19:52 <REP> d--hs---- C:\WINDOWS\CSC
2007-07-17 19:16 <REP> d-------- C:\Program Files\Symantec
2007-07-17 19:16 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-07-17 19:16 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-07-16 17:28 <REP> d-------- C:\WINDOWS\NKCCDViewerSetting
2007-07-14 16:36 92,616 --a------ C:\DOCUME~1\Cristal\APPLIC~1\winantispyware2006freeinstall_fr[1].exe
2007-07-06 19:00 <REP> d--hs---- C:\UWA7PV
2007-07-06 18:57 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-07-06 18:57 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-07-06 18:57 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-06 18:57 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-07-06 18:57 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-07-06 18:57 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-07-03 09:11 186,368 --a------ C:\DOCUME~1\Cristal\vxs.exe
2007-07-02 14:28 189,440 --a------ C:\DOCUME~1\Cristal\fset.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-19 01:43:47 -------- d-----w C:\DOCUME~1\Cristal\APPLIC~1\LimeWire
2007-07-18 00:08:07 -------- d-----w C:\DOCUME~1\Cristal\APPLIC~1\Lavasoft
2007-07-06 23:28:44 -------- d-----r C:\Program Files\Common Files
2007-07-06 23:09:10 -------- d-----w C:\Program Files\MSN Messenger
2007-07-06 01:45:50 768 ----a-w C:\WINDOWS\system32\d3d8caps.dat
2007-07-02 18:23:28 44,288 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-13 02:09:24 0 ----a-w C:\WINDOWS\nsreg.dat
2007-06-03 18:10:21 -------- d-----w C:\Program Files\Macrogaming
2007-06-03 17:35:56 -------- d-----w C:\Program Files\LimeWire
2007-05-24 18:08:06 48,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-05-24 18:08:06 367,658 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-05-22 20:45:20 -------- d-----w C:\Program Files\Windows Live Toolbar
2007-05-22 20:31:02 90 ----a-w C:\WINDOWS\dun.bat
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2005-01-10 04:26:14 596 ----a-w C:\Program Files\INSTALL.LOG
2004-04-30 01:24:50 271 --sha-w C:\Program Files\desktop.ini
2004-04-30 01:24:50 23,357 -c-ha-w C:\Program Files\folder.htt


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2001-03-02 07:02 37808 --a------ C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]
2006-11-05 16:44 548992 -ra------ C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41119F92-AD90-4D62-99A7-6C056FAFC1C0}]
C:\WINDOWS\system32\hgdaa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2006-08-31 20:33 322368 --a------ C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-09-27 17:45 544032 --a------ C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBF44511-93B6-4984-8F97-71E68F33E3B1}]
C:\WINDOWS\system32\iiffc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" []
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-10-02 18:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 11:09]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Program Files\ewido anti-malware\shellhook.dll" [2004-09-30 08:21]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffc]
C:\WINDOWS\system32\iiffc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\setup.exe -q


Contents of the 'Scheduled Tasks' folder
2007-07-19 22:03:03 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-19 19:32:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-19 19:34:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-19 19:34

--- E O F ---


Voici un autre rapport
ComboFix-quarantined-files.txt



[ code]
2004-10-07 14:39 1060864 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mfc71.dll.vir
2004-10-07 14:39 348160 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcr71.dll.vir
2004-10-07 14:39 499712 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\WinAntiVirus Pro 2007\msvcp71.dll.vir
2007-02-23 12:24 356 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\PGE.dat.vir
2007-07-06 18:57 21 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode.vir
2007-07-06 18:57 6 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr.vir
2007-07-06 18:59 0 --a------ C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\WinAntiVirus Pro 2007\err.log.vir
2007-07-06 18:59 36 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ActivationCode.vir
2007-07-06 19:00 0 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\avtasks.dat.vir
2007-07-07 11:45 2537 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\wa7Support.log.vir
2007-07-09 12:44 0 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Cristal\err.log.vir
2007-07-09 16:06 136 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\winav.log.vir
2007-07-09 16:06 2560 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\CookieList.dat.vir
2007-07-10 15:53 60948 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\Logs\update.log.vir
2007-07-10 15:54 107520 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiVirus Pro 2007\history.db.vir
2007-07-10 15:54 5488 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Cristal\ResErrors.log.vir
2007-07-12 17:04 266336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\geecc.dll.vir
2007-07-12 17:05 322 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cceeg.ini.vir
2007-07-14 08:10 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\aethftvy.exe.vir
2007-07-15 08:10 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\raknaccd.exe.vir
2007-07-16 08:11 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sdmxanwx.exe.vir
2007-07-16 12:22 6048 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\Cristal\APPLIC~1\WinAntiSpyware 2006\Logs\update.log.vir
2007-07-17 08:09 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\orqubtvr.exe.vir
2007-07-18 08:11 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xbkijtwa.exe.vir
2007-07-19 08:14 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mkackmtf.exe.vir
2007-07-19 18:35 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ixuwksfu.exe.vir
2007-07-19 19:27 352 --a------ C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf


Structure du dossier
Le num%u201Aro de s%u201Arie du volume est 24BF-C5FC
C:\QOOBOX
\---Quarantine
+---C
| +---Documents and Settings
| | \---Cristal
| | err.log.vir
| | ResErrors.log.vir
| |
| +---DOCUME~1
| | +---ALLUSE~1
| | | \---APPLIC~1
| | | \---WinAntiVirus Pro 2007
| | | \---Data
| | | Abbr.vir
| | | ActivationCode.vir
| | | ProductCode.vir
| | |
| | \---Cristal
| | \---APPLIC~1
| | +---WinAntiSpyware 2006
| | | \---Logs
| | | update.log.vir
| | |
| | \---WinAntiVirus Pro 2007
| | | avtasks.dat.vir
| | | CookieList.dat.vir
| | | history.db.vir
| | | PGE.dat.vir
| | |
| | \---Logs
| | update.log.vir
| | wa7Support.log.vir
| | winav.log.vir
| |
| +---Program Files
| | \---Fichiers communs
| | \---WinAntiVirus Pro 2007
| | err.log.vir
| | mfc71.dll.vir
| | msvcp71.dll.vir
| | msvcr71.dll.vir
| |
| \---WINDOWS
| \---system32
| aethftvy.exe.vir
| cceeg.ini.vir
| geecc.dll.vir
| ixuwksfu.exe.vir
| mkackmtf.exe.vir
| orqubtvr.exe.vir
| raknaccd.exe.vir
| sdmxanwx.exe.vir
| xbkijtwa.exe.vir
|
\---Registry_backups
services_nm.reg.cf

[/ code]
20 Juillet 2007 05:05:13

Voici le rapport VundoFix:


VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 18:16:18 19/07/2007

Listing files found while scanning....


VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 18:37:30 19/07/2007

Listing files found while scanning....

C:\WINDOWS\system32\aadgh.bak1
C:\WINDOWS\system32\aadgh.bak2
C:\WINDOWS\system32\aadgh.ini
C:\WINDOWS\system32\aadgh.ini2
C:\WINDOWS\system32\aadgh.tmp
C:\WINDOWS\system32\asrohxsn.dll
C:\windows\system32\cfwwbifo.dll
C:\windows\system32\chrfnsvu.ini
C:\windows\system32\cxganjur.dll
C:\windows\system32\ecastxne.exe
C:\windows\system32\fpjoqrxu.dll
C:\windows\system32\havrsghg.dll
C:\WINDOWS\system32\hgdaa.dll
C:\WINDOWS\system32\iiffc.dll
C:\windows\system32\kehqaxlo.ini
C:\windows\system32\khfppfug.exe
C:\windows\system32\ldecxnhn.ini
C:\windows\system32\lyxduflo.ini
C:\windows\system32\nhnxcedl.dll
C:\windows\system32\nohwsxgr.dll
C:\windows\system32\ofibwwfc.ini
C:\windows\system32\olfudxyl.dll
C:\windows\system32\olxaqhek.dll
C:\windows\system32\oyaoiogp.dll
C:\windows\system32\pgoioayo.ini
C:\windows\system32\pkfxyetg.dll
C:\windows\system32\qhpuaagw.dll
C:\windows\system32\qvydfilf.dll
C:\windows\system32\rckcanuu.dll
C:\windows\system32\rgxswhon.ini
C:\WINDOWS\system32\shpuoupw.dll
C:\windows\system32\uunackcr.ini
C:\windows\system32\uvsnfrhc.dll
C:\windows\system32\wifoaohf.dll
C:\windows\system32\wpuouphs.ini
C:\windows\system32\xvkyrhgu.exe
C:\WINDOWS\system32\yqxxqhps.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\aadgh.bak1
C:\WINDOWS\system32\aadgh.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aadgh.bak2
C:\WINDOWS\system32\aadgh.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aadgh.ini
C:\WINDOWS\system32\aadgh.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\aadgh.ini2
C:\WINDOWS\system32\aadgh.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aadgh.tmp
C:\WINDOWS\system32\aadgh.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\asrohxsn.dll
C:\WINDOWS\system32\asrohxsn.dll Has been deleted!

Attempting to delete C:\windows\system32\cfwwbifo.dll
C:\windows\system32\cfwwbifo.dll Has been deleted!

Attempting to delete C:\windows\system32\chrfnsvu.ini
C:\windows\system32\chrfnsvu.ini Has been deleted!

Attempting to delete C:\windows\system32\cxganjur.dll
C:\windows\system32\cxganjur.dll Has been deleted!

Attempting to delete C:\windows\system32\ecastxne.exe
C:\windows\system32\ecastxne.exe Has been deleted!

Attempting to delete C:\windows\system32\fpjoqrxu.dll
C:\windows\system32\fpjoqrxu.dll Has been deleted!

Attempting to delete C:\windows\system32\havrsghg.dll
C:\windows\system32\havrsghg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgdaa.dll
C:\WINDOWS\system32\hgdaa.dll Has been deleted!

Attempting to delete C:\windows\system32\kehqaxlo.ini
C:\windows\system32\kehqaxlo.ini Has been deleted!

Attempting to delete C:\windows\system32\khfppfug.exe
C:\windows\system32\khfppfug.exe Has been deleted!

Attempting to delete C:\windows\system32\ldecxnhn.ini
C:\windows\system32\ldecxnhn.ini Has been deleted!

Attempting to delete C:\windows\system32\lyxduflo.ini
C:\windows\system32\lyxduflo.ini Has been deleted!

Attempting to delete C:\windows\system32\nhnxcedl.dll
C:\windows\system32\nhnxcedl.dll Has been deleted!

Attempting to delete C:\windows\system32\nohwsxgr.dll
C:\windows\system32\nohwsxgr.dll Has been deleted!

Attempting to delete C:\windows\system32\ofibwwfc.ini
C:\windows\system32\ofibwwfc.ini Has been deleted!

Attempting to delete C:\windows\system32\olfudxyl.dll
C:\windows\system32\olfudxyl.dll Has been deleted!

Attempting to delete C:\windows\system32\olxaqhek.dll
C:\windows\system32\olxaqhek.dll Has been deleted!

Attempting to delete C:\windows\system32\oyaoiogp.dll
C:\windows\system32\oyaoiogp.dll Has been deleted!

Attempting to delete C:\windows\system32\pgoioayo.ini
C:\windows\system32\pgoioayo.ini Has been deleted!

Attempting to delete C:\windows\system32\pkfxyetg.dll
C:\windows\system32\pkfxyetg.dll Has been deleted!

Attempting to delete C:\windows\system32\qhpuaagw.dll
C:\windows\system32\qhpuaagw.dll Has been deleted!

Attempting to delete C:\windows\system32\qvydfilf.dll
C:\windows\system32\qvydfilf.dll Has been deleted!

Attempting to delete C:\windows\system32\rckcanuu.dll
C:\windows\system32\rckcanuu.dll Has been deleted!

Attempting to delete C:\windows\system32\rgxswhon.ini
C:\windows\system32\rgxswhon.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\shpuoupw.dll
C:\WINDOWS\system32\shpuoupw.dll Has been deleted!

Attempting to delete C:\windows\system32\uunackcr.ini
C:\windows\system32\uunackcr.ini Has been deleted!

Attempting to delete C:\windows\system32\uvsnfrhc.dll
C:\windows\system32\uvsnfrhc.dll Has been deleted!

Attempting to delete C:\windows\system32\wifoaohf.dll
C:\windows\system32\wifoaohf.dll Has been deleted!

Attempting to delete C:\windows\system32\wpuouphs.ini
C:\windows\system32\wpuouphs.ini Has been deleted!

Attempting to delete C:\windows\system32\xvkyrhgu.exe
C:\windows\system32\xvkyrhgu.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 18:55:29 19/07/2007

Listing files found while scanning....

C:\WINDOWS\system32\cffii.bak1
C:\WINDOWS\system32\cffii.bak2
C:\WINDOWS\system32\cffii.ini
C:\WINDOWS\system32\iiffc.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cffii.bak1
C:\WINDOWS\system32\cffii.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cffii.bak2
C:\WINDOWS\system32\cffii.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\cffii.ini
C:\WINDOWS\system32\cffii.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 19:05:48 19/07/2007

Listing files found while scanning....


VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 19:12:18 19/07/2007

Listing files found while scanning....

C:\WINDOWS\system32\iiffc.dll

Beginning removal...

Performing Repairs to the registry.
Done!


Nouveau rapport HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 19:35:50, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Fichiers communs\Network Associates\McShield\mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Cristal\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www3.sympatico.ca/denise190
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {41119F92-AD90-4D62-99A7-6C056FAFC1C0} - C:\WINDOWS\system32\hgdaa.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {DBF44511-93B6-4984-8F97-71E68F33E3B1} - C:\WINDOWS\system32\iiffc.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?9cbaedbaad874f77bdd9526dfb532cba
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?9cbaedbaad874f77bdd9526dfb532cba
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Cont...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: iiffc - C:\WINDOWS\system32\iiffc.dll (file missing)
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Fichiers communs\Network Associates\McShield\mcshield.exe

Merci! :) 
20 Juillet 2007 22:47:01

C'est mieux.


Relance un scan HijackThis et coche les lignes ci-dessous :

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {41119F92-AD90-4D62-99A7-6C056FAFC1C0} - C:\WINDOWS\system32\hgdaa.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {DBF44511-93B6-4984-8F97-71E68F33E3B1} - C:\WINDOWS\system32\iiffc.dll (file missing)
O20 - Winlogon Notify: iiffc - C:\WINDOWS\system32\iiffc.dll (file missing)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :p aste List of Files/Folders to be moved.

C:\Documents and Settings\Cristal\Application Data\winantispyware2006freeinstall_fr[1].exe

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.

Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.


Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.

Colle son rapport ici avec le rapport situé dans C:\_OTMoveIt\MovedFiles
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS