Infectée par winantiviurspro
cilie
-
sori1311 Messages postés 63 Statut Membre -
sori1311 Messages postés 63 Statut Membre -
Bonjour,
Comme beaucoup infectée par winantiviruspro, voici le scan avec hijack en espérant que vous pourrez m'aider à résoudre ce problème !
Merci d'avance !
Cilie
Logfile of HijackThis v1.99.1
Scan saved at 16:26:57, on 20/03/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe
C:\Documents and Settings\nathalie\Bureau\HijackThis.exe
C:\Documents and Settings\nathalie\Mes documents\blbeta.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.5.0\HbHostIE.dll (file missing)
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.5.0\HbHostIE.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [mav_startupmon] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINNT\system32\prodsrvs.exe /res
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\AIM.EXE (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1064.cab
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1063.cab
O16 - DPF: {0E79192A-C52C-4260-920F-639AC2296203} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1062.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/29385a3ca70ef4197c16/netzip/RdxIE601_fr.cab
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1061.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1059.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1060.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1065.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_6_0_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDE17707-5A6F-45A6-931D-96CF361B04EE}: NameServer = 192.168.3.222,192.168.3.221
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Comme beaucoup infectée par winantiviruspro, voici le scan avec hijack en espérant que vous pourrez m'aider à résoudre ce problème !
Merci d'avance !
Cilie
Logfile of HijackThis v1.99.1
Scan saved at 16:26:57, on 20/03/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe
C:\Documents and Settings\nathalie\Bureau\HijackThis.exe
C:\Documents and Settings\nathalie\Mes documents\blbeta.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINNT\mslagent\4b_1,0,1,2_mslagent.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.5.0\HbHostIE.dll (file missing)
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.5.0\HbHostIE.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [mav_startupmon] "C:\Program Files\Fichiers communs\WinAntiVirus Pro 2007\mav_startupmon.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINNT\system32\prodsrvs.exe /res
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\AIM.EXE (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1064.cab
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1063.cab
O16 - DPF: {0E79192A-C52C-4260-920F-639AC2296203} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1062.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/29385a3ca70ef4197c16/netzip/RdxIE601_fr.cab
O16 - DPF: {68A2C3BD-7809-11D3-8ACF-0050046F2F9A} (AXELPlayer Class) - http://www.mindavenue.com/
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1061.cab
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1059.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
O16 - DPF: {AF7410C1-FBA3-415E-800A-4110CED40536} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1060.cab
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} - http://es6-scripts.dlv4.com/binaries/egaccess4/egaccess4_1065.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_6_0_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDE17707-5A6F-45A6-931D-96CF361B04EE}: NameServer = 192.168.3.222,192.168.3.221
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
A voir également:
- Infectée par winantiviurspro
- Comment savoir si une clé usb est infectée - Guide
- L application google semble être infectée huawei ✓ - Forum Virus
- Clé USB infectée ( .Spotlight-V100 ? ) - Forum Virus
- Je suis infectée par un virus qui ouvre des pages tout seul ✓ - Forum Virus
- 95 applications infectées par un malware publicitaire - Guide
1 réponse
Salut
Voila un tuto pour déinstaller et éffacer complétement WinAntivirus Pro 2006 ---> https://www.pcparadise.fr
Voila un tuto pour déinstaller et éffacer complétement WinAntivirus Pro 2006 ---> https://www.pcparadise.fr
