Une victime de WinReanimator
AAA
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
J'ai installe WinReanimator hier et depuis j'essaye a l'effacer. Mes Avast antivirus et Avast on-access scanner, sont-ils si inefficaces ou et si oui, quel logiciel vous pouvez recommender?
En lisant ce forum j'ai utilise le Hijackthis, AVG Anti-Spyware, CCleaner, SpyHunter,
1.Voici le log Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:52, on 31/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://my.yahoo.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7807 bytes
2. Log d’AVG Anti-Spyware
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 15:34:03 31/03/2008
+ Scan result:
C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll -> Adware.BHO : Ignored.
::Report end
3. Sur votre forum c’est écrit que AVG est gratuit, mais pourquoi dans ce cas la on m’indique que dans 15 jours la version d’essaye sera expirée et j vais devoir l’acheter pour l’utiliser ?
4. Log de CCleaner
ANALYSIS COMPLETE - (1.096 secs)
------------------------------------------------------------------------------------------
5,26MB to be removed. (Approximate size)
Secure file deletion enabled - DOD 5220.22-M (3 passes)
------------------------------------------------------------------------------------------
Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
IE Temporary Internet Files (16 files) 71,09KB
C:\Documents and Settings\Sony\Local Settings\History\History.IE5\MSHist012008033120080401\index.dat 32,00KB
C:\Documents and Settings\Sony\Local Settings\Temp\kdk417.tmp 0 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 1,13KB
C:\WINDOWS\Debug\UserMode\userenv.log 642 bytes
C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf 36,32KB
C:\WINDOWS\Prefetch\NDETECT.EXE-2DABC14D.pf 20,79KB
C:\WINDOWS\Prefetch\OIS.EXE-3A149C74.pf 66,48KB
Removed Cookie: download.mozilla.org
Removed Cookie: aus2.mozilla.org
Removed Cookie: sdv.fr
Removed Cookie: commentcamarche.net
Removed Cookie: xiti.com
Removed Cookie: www.bleepingcomputer.com
Removed Cookie: intellitxt.com
Removed Cookie: ads.bleepingcomputer.com
Removed Cookie: pctools.com
Removed Cookie: mail.ru
Removed Cookie: engine.awaps.net
Removed Cookie: tns-counter.ru
Removed Cookie: rambler.ru
Removed Cookie: list.ru
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\downloads.rdf 1,03KB
Firefox/Mozilla Temporary Internet Cache (50 files) 4,98MB
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\history.dat 49,44KB
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\formhistory.dat 231 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\CV Francais.lnk 886 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\CV et LM 2008.lnk 686 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\Desktop.ini 95 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\Desktop.lnk 570 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\index.dat 101 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\Lettre.lnk 673 bytes
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\GoogleToolbarData\searchhistory.xml 153 bytes
C:\WINDOWS\Internet Logs\ZALog.txt 8,63KB
C:\Documents and Settings\Sony\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 405 bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 1,08KB
REsultat suit a « run cleaner »
CLEANING COMPLETE - (21.054 secs)
------------------------------------------------------------------------------------------
5,10MB removed.
Secure file deletion enabled - DOD 5220.22-M (3 passes)
------------------------------------------------------------------------------------------
Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (17 files) 71,39KB
C:\Documents and Settings\Sony\Local Settings\Temp\51j478.tmp 0 bytes
C:\Documents and Settings\Sony\Local Settings\Temp\agf476.tmp 0 bytes
C:\Documents and Settings\Sony\Local Settings\Temp\kdk417.tmp 0 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 1,13KB
C:\WINDOWS\Debug\UserMode\userenv.log 642 bytes
Removed Cookie: download.mozilla.org
Removed Cookie: aus2.mozilla.org
Removed Cookie: sdv.fr
Removed Cookie: commentcamarche.net
Removed Cookie: xiti.com
Removed Cookie: www.bleepingcomputer.com
Removed Cookie: intellitxt.com
Removed Cookie: ads.bleepingcomputer.com
Removed Cookie: pctools.com
Removed Cookie: mail.ru
Removed Cookie: engine.awaps.net
Removed Cookie: tns-counter.ru
Removed Cookie: rambler.ru
Removed Cookie: list.ru
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\downloads.rdf 1,03KB
Firefox/Mozilla Temporary Internet Cache (50 files) 4,98MB
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\history.dat 49,44KB
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\formhistory.dat 231 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\CV Francais.lnk 886 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\CV et LM 2008.lnk 686 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\Desktop.ini 95 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\Desktop.lnk 570 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\index.dat 101 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\Lettre.lnk 673 bytes
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\GoogleToolbarData\searchhistory.xml 153 bytes
C:\Documents and Settings\Sony\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 405 bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 1,08KB
------------------------------------------------------------------------------------------
5. J’ai aussi utilise Spyhunter. C’est une version d’essaye donc le logiciel ne génère pas un report que je peux coller ici ou j’ai pas d’accès. En tout cas, par Spyhunter été trouve 24 infections qui été causée pas deux programmes –
Ultimate Defender (2)
Winreanimator (22)
6. J’ai télécharge ComboFix, mais je ne l’ai pas appliqué parce que les messages suivants m’enquêtent.
“1. This tool is meant for private use. If infections are found, it will automatically reboot windows to complete the removal process.
This software is provided “AS IS”, without warranty of any kind.
J’appui “Yes”
2. Roughly 1/100 failed to make it through the disinfection process
Are you sure to use this program?”
Ca veut dire que mes system files, si infectes, seront effacer et je pourrai jeter l’ordinateur ?
Apres tout ses manipulations je logo et des fichiers de Win reanimator ses n’effacent pas.
L’utilisation de « désinstallation » fichier m’emmène sure le site internent de support de Wreanimator.
Comment je dois faire pour effacer ce programme complètement ?
Merci en avance.
J'ai installe WinReanimator hier et depuis j'essaye a l'effacer. Mes Avast antivirus et Avast on-access scanner, sont-ils si inefficaces ou et si oui, quel logiciel vous pouvez recommender?
En lisant ce forum j'ai utilise le Hijackthis, AVG Anti-Spyware, CCleaner, SpyHunter,
1.Voici le log Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:17:52, on 31/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [VAIOSurvey] c:\program files\sony\vaio survey\surveysa.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [JustVoip] "C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://my.yahoo.com/
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7807 bytes
2. Log d’AVG Anti-Spyware
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 15:34:03 31/03/2008
+ Scan result:
C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll -> Adware.BHO : Ignored.
::Report end
3. Sur votre forum c’est écrit que AVG est gratuit, mais pourquoi dans ce cas la on m’indique que dans 15 jours la version d’essaye sera expirée et j vais devoir l’acheter pour l’utiliser ?
4. Log de CCleaner
ANALYSIS COMPLETE - (1.096 secs)
------------------------------------------------------------------------------------------
5,26MB to be removed. (Approximate size)
Secure file deletion enabled - DOD 5220.22-M (3 passes)
------------------------------------------------------------------------------------------
Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
IE Temporary Internet Files (16 files) 71,09KB
C:\Documents and Settings\Sony\Local Settings\History\History.IE5\MSHist012008033120080401\index.dat 32,00KB
C:\Documents and Settings\Sony\Local Settings\Temp\kdk417.tmp 0 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 1,13KB
C:\WINDOWS\Debug\UserMode\userenv.log 642 bytes
C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf 36,32KB
C:\WINDOWS\Prefetch\NDETECT.EXE-2DABC14D.pf 20,79KB
C:\WINDOWS\Prefetch\OIS.EXE-3A149C74.pf 66,48KB
Removed Cookie: download.mozilla.org
Removed Cookie: aus2.mozilla.org
Removed Cookie: sdv.fr
Removed Cookie: commentcamarche.net
Removed Cookie: xiti.com
Removed Cookie: www.bleepingcomputer.com
Removed Cookie: intellitxt.com
Removed Cookie: ads.bleepingcomputer.com
Removed Cookie: pctools.com
Removed Cookie: mail.ru
Removed Cookie: engine.awaps.net
Removed Cookie: tns-counter.ru
Removed Cookie: rambler.ru
Removed Cookie: list.ru
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\downloads.rdf 1,03KB
Firefox/Mozilla Temporary Internet Cache (50 files) 4,98MB
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\history.dat 49,44KB
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\formhistory.dat 231 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\CV Francais.lnk 886 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\CV et LM 2008.lnk 686 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\Desktop.ini 95 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\Desktop.lnk 570 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\index.dat 101 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\Lettre.lnk 673 bytes
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\GoogleToolbarData\searchhistory.xml 153 bytes
C:\WINDOWS\Internet Logs\ZALog.txt 8,63KB
C:\Documents and Settings\Sony\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 405 bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 1,08KB
REsultat suit a « run cleaner »
CLEANING COMPLETE - (21.054 secs)
------------------------------------------------------------------------------------------
5,10MB removed.
Secure file deletion enabled - DOD 5220.22-M (3 passes)
------------------------------------------------------------------------------------------
Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (17 files) 71,39KB
C:\Documents and Settings\Sony\Local Settings\Temp\51j478.tmp 0 bytes
C:\Documents and Settings\Sony\Local Settings\Temp\agf476.tmp 0 bytes
C:\Documents and Settings\Sony\Local Settings\Temp\kdk417.tmp 0 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 1,13KB
C:\WINDOWS\Debug\UserMode\userenv.log 642 bytes
Removed Cookie: download.mozilla.org
Removed Cookie: aus2.mozilla.org
Removed Cookie: sdv.fr
Removed Cookie: commentcamarche.net
Removed Cookie: xiti.com
Removed Cookie: www.bleepingcomputer.com
Removed Cookie: intellitxt.com
Removed Cookie: ads.bleepingcomputer.com
Removed Cookie: pctools.com
Removed Cookie: mail.ru
Removed Cookie: engine.awaps.net
Removed Cookie: tns-counter.ru
Removed Cookie: rambler.ru
Removed Cookie: list.ru
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\downloads.rdf 1,03KB
Firefox/Mozilla Temporary Internet Cache (50 files) 4,98MB
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\history.dat 49,44KB
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\formhistory.dat 231 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\CV Francais.lnk 886 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\CV et LM 2008.lnk 686 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\Desktop.ini 95 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\Desktop.lnk 570 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\index.dat 101 bytes
C:\Documents and Settings\Sony\Application Data\Microsoft\Office\Recent\Lettre.lnk 673 bytes
C:\Documents and Settings\Sony\Application Data\Mozilla\Firefox\Profiles\dsgwciuo.default\GoogleToolbarData\searchhistory.xml 153 bytes
C:\Documents and Settings\Sony\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 405 bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 1,08KB
------------------------------------------------------------------------------------------
5. J’ai aussi utilise Spyhunter. C’est une version d’essaye donc le logiciel ne génère pas un report que je peux coller ici ou j’ai pas d’accès. En tout cas, par Spyhunter été trouve 24 infections qui été causée pas deux programmes –
Ultimate Defender (2)
Winreanimator (22)
6. J’ai télécharge ComboFix, mais je ne l’ai pas appliqué parce que les messages suivants m’enquêtent.
“1. This tool is meant for private use. If infections are found, it will automatically reboot windows to complete the removal process.
This software is provided “AS IS”, without warranty of any kind.
J’appui “Yes”
2. Roughly 1/100 failed to make it through the disinfection process
Are you sure to use this program?”
Ca veut dire que mes system files, si infectes, seront effacer et je pourrai jeter l’ordinateur ?
Apres tout ses manipulations je logo et des fichiers de Win reanimator ses n’effacent pas.
L’utilisation de « désinstallation » fichier m’emmène sure le site internent de support de Wreanimator.
Comment je dois faire pour effacer ce programme complètement ?
Merci en avance.
Configuration: Windows XP Firefox 2.0
A voir également:
- Une victime de WinReanimator
- Orange victime d une cyberattaque - Guide
- Victime - Guide
- Fuite dont a été victime la dgfip - Guide
- Victime de phishing - Guide
- Victime de sextorsion - Forum Vos droits sur internet
1 réponse
slt
refais avg et cette fois supprime ce qui est trouvé
__
tu peux faire combofix ,
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
refais avg et cette fois supprime ce qui est trouvé
__
tu peux faire combofix ,
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
