je cherche à retirer AntiSpyware de mon IE
Dernière réponse : dans Sécurité
--- RESOLU ---
ce message s'adresse à XmichouX,
comme suggéré il s'agit d'un nouveau sujet
(demande d'aide déjà envoyée une 1ère fois en mai
puis sujet similaire de sissi4000 il y a qlq jours)
voici le résultat du scann HijackThis:
"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:23, on 22.07.2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\S3Tray2.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\internat.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kmq0.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.restorebookmark.com/?cm [...] w.epfl.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Live.com] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kmq0.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:\WINNT\system32\uyhjw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: Sesam Control Service (SesamService) - Swisscom Mobile - C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
O23 - Service: UDM Service - Swisscom Mobile - C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe
--
End of file - 6710 bytes
"
bonne soirée et merci d'avance
ce message s'adresse à XmichouX,
comme suggéré il s'agit d'un nouveau sujet
(demande d'aide déjà envoyée une 1ère fois en mai
puis sujet similaire de sissi4000 il y a qlq jours)
voici le résultat du scann HijackThis:
"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:23, on 22.07.2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\S3Tray2.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\internat.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kmq0.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.restorebookmark.com/?cm [...] w.epfl.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Live.com] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kmq0.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:\WINNT\system32\uyhjw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: Sesam Control Service (SesamService) - Swisscom Mobile - C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
O23 - Service: UDM Service - Swisscom Mobile - C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe
--
End of file - 6710 bytes
"
bonne soirée et merci d'avance
Autres pages sur : cherche retirer antispyware
Lassé par la pub ? Créez un compte
Salut,
Télécharge SmitfraudFix (de S!ri).
Enregistre le sur ton Bureau.
Lance-le en double cliquant sur SmitfraudFix.exe
Appuie sur une touche comme demandé.
Exécute l’option 1, un rapport va apparaître, poste le.
Le rapport se trouve ici : C:\rapport.txt
Télécharge SmitfraudFix (de S!ri).
Le rapport se trouve ici : C:\rapport.txt
merci d'avance
(pour info j'ai un Win2K)
voici le nouveau rapport:
"
SmitFraudFix v2.338
Scan done at 19:39:21.70, jeu. 21.08.2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\S3Tray2.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\QUICKT~1\PictureViewer.exe
C:\Program Files\Microsoft Office\Office\POWERPNT.EXE
C:\WINNT\system32\cmd.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Policies.exe
C:\WINNT\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"
[HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINNT\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel 8255x-based Integrated Fast Ethernet
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
"
(pour info j'ai un Win2K)
voici le nouveau rapport:
"
SmitFraudFix v2.338
Scan done at 19:39:21.70, jeu. 21.08.2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\S3Tray2.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\QUICKT~1\PictureViewer.exe
C:\Program Files\Microsoft Office\Office\POWERPNT.EXE
C:\WINNT\system32\cmd.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Policies.exe
C:\WINNT\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"
[HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINNT\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel 8255x-based Integrated Fast Ethernet
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
"
Re,
Fais redémarrer ton ordinateur en mode sans échec
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
Relance SmitfraudFix.
Choisis l’option 2. (Oui à toutes les questions)
Si tu dois faire redémarrer ton ordi, fais-le. Quoi qu'il en soit, fais redémarrer ton ordinateur à la fin du Fix.
Poste le rapport qui se situe dans C:\rapport.txt ainsi qu’un nouveau rapport HijackThis.
Aide : Comment faire démarrer son ordinateur en mode sans échec.
Fais redémarrer ton ordinateur en mode sans échec
- Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
-- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
--- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.
Relance SmitfraudFix.
Aide : Comment faire démarrer son ordinateur en mode sans échec.
XmichouX,
Comme suggéré par le tuto "démarer en mode sans échec" j'ai fait tourner SmitfraudFix sur mon compte utilisateur et non pas sur le compte Admin (étant donné que mon Win2K est en anglais j'étais en "Safe Mode") [rapport_I]
Le cleaning a échoué à la 1ère étape (Registry) avec le message suivant "Registry Editor - Cannot import cleanup.reg: Error accessing the registry"
J'ai ensuite fait tourner SmitfraudFix sur le compte utilisateur [rapport_II]..avec le même message d'erreur
Voici les 2 rapport
rapport_I de 19h34:
SmitFraudFix v2.338
Scan done at 19:34:50.22, ven. 29.08.2008
Run from C:\Documents and Settings\Administrator\Start Menu\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"
[HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
..et rapport_II de 19h52
SmitFraudFix v2.338
Scan done at 19:52:46.91, ven. 29.08.2008
Run from C:\Documents and Settings\Administrator\Start Menu\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"
[HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"
[HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
»»»»»»»»»»»»»»»»»»»»»»»» End
..en espérant que ce ne soit pas trop infecté!
d'avance merci et bon AM
-pbds
Comme suggéré par le tuto "démarer en mode sans échec" j'ai fait tourner SmitfraudFix sur mon compte utilisateur et non pas sur le compte Admin (étant donné que mon Win2K est en anglais j'étais en "Safe Mode") [rapport_I]
Le cleaning a échoué à la 1ère étape (Registry) avec le message suivant "Registry Editor - Cannot import cleanup.reg: Error accessing the registry"
J'ai ensuite fait tourner SmitfraudFix sur le compte utilisateur [rapport_II]..avec le même message d'erreur
Voici les 2 rapport
rapport_I de 19h34:
SmitFraudFix v2.338
Scan done at 19:34:50.22, ven. 29.08.2008
Run from C:\Documents and Settings\Administrator\Start Menu\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"
[HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
..et rapport_II de 19h52
SmitFraudFix v2.338
Scan done at 19:52:46.91, ven. 29.08.2008
Run from C:\Documents and Settings\Administrator\Start Menu\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"
[HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"
[HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
»»»»»»»»»»»»»»»»»»»»»»»» End
..en espérant que ce ne soit pas trop infecté!
d'avance merci et bon AM
-pbds
Bonjour,
J'ai effacé les anciennes version de SmitfraudFix
puis j'ai installé la nouvelle
puis je l'ai fait tourner sur mon compte Admin
et j'ai eu le message d'erreur suivant:
AntiSPVSTFix.exe - Application error
the instrcution at "0x77fcb333" referenced memory at "0x00000000".
The memory could not be "written"
Voici le rapport généré par SmitfraudFix:
SmitFraudFix v2.344
Scan done at 10:37:42.25, lun. 01.09.2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"
[HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
..et celui de HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:21, on 01.09.2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\S3Tray2.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:\WINNT\system32\uyhjw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: Sesam Control Service (SesamService) - Swisscom Mobile - C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
O23 - Service: UDM Service - Swisscom Mobile - C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe
--
End of file - 5138 bytes
..Merci
J'ai effacé les anciennes version de SmitfraudFix
puis j'ai installé la nouvelle
puis je l'ai fait tourner sur mon compte Admin
et j'ai eu le message d'erreur suivant:
AntiSPVSTFix.exe - Application error
the instrcution at "0x77fcb333" referenced memory at "0x00000000".
The memory could not be "written"
Voici le rapport généré par SmitfraudFix:
SmitFraudFix v2.344
Scan done at 10:37:42.25, lun. 01.09.2008
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"
[HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
@="C:\WINNT\system32\uyhjw.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
..et celui de HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:21, on 01.09.2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\S3Tray2.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:\WINNT\system32\uyhjw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: Sesam Control Service (SesamService) - Swisscom Mobile - C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
O23 - Service: UDM Service - Swisscom Mobile - C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe
--
End of file - 5138 bytes
..Merci
bonjour
~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:\WINNT\system32\uyhjw.dll (file missing)
Clique sur Fix checked (en bas à gauche)
Voilà ce que je te propose, tu vas remplacer Avast! par Antivir, qui est gratuit aussi mais beaucoup plus efficace, tu vas faire un scan avec et poster le rapport.![:)]( ":)")
Désinstalle correctement Avast!
Pour le remplacer par Antivir.
-->Tuto<--
Pourquoi changer ? : Avast! vs Antivir
mais aussi:
14 antivirus au banc d'essai
~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:\WINNT\system32\uyhjw.dll (file missing)
Clique sur Fix checked (en bas à gauche)
Voilà ce que je te propose, tu vas remplacer Avast! par Antivir, qui est gratuit aussi mais beaucoup plus efficace, tu vas faire un scan avec et poster le rapport.
Désinstalle correctement Avast!
Pour le remplacer par Antivir.
-->Tuto<--
Pourquoi changer ? : Avast! vs Antivir
mais aussi:
14 antivirus au banc d'essai
j'ai bien lanceé Hijackthis “Do a system scan only” puis coché les ligne R0 et O22
j'ai bien retiré Avast puis installé Antivir
j'ai scanné en SafeMode avec Antivir (et effacé qlq fichiers)
là je voulais relancer un SmitfraudFix mais il me mets un message d'erreur: "Fichier restart.exe absent ! Dezippez la totalité de l'archive dans un dossier" ..j'ai du effacer ce fichier
J'ai voulu re-downloader SmitfraudFix..mais le message est toujours le même..
J'aimerai faire tourner SmitfraudFix
Sinon voici les rapports (le 1er en SafeMode et le 2ème lorsque j'ai rebooté le PC en mode normal..sans que je lui demande)
le 1er:
Avira AntiVir Personal
Report file date: samedi, 6. septembre 2008 20:42
Scanning for 1599979 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Boot mode: Save mode
Username: Administrator
Computer name: HARPE-PBDS
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 08:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 07:58:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 13:54:16
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 8/31/2008 18:04:16
ANTIVIR3.VDF : 7.0.6.124 202240 Bytes 9/5/2008 18:04:20
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 09:58:22
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 9/6/2008 18:04:44
AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 12:44:50
AERDL.DLL : 8.1.1.1 397683 Bytes 9/6/2008 18:04:40
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/15/2008 12:58:36
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 9/6/2008 18:04:38
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 9/6/2008 18:04:34
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 12:44:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 9/6/2008 18:04:24
AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 08:33:22
AECORE.DLL : 8.1.1.11 172406 Bytes 9/6/2008 18:04:22
AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 12:44:50
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 9/6/2008 18:04:20
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 13:34:38
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: samedi, 6. septembre 2008 20:42
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
10 processes with 10 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '57' files ).
Starting the file scan:
Begin scan in 'C:\' <IBM_PRELOAD>
C:\PAGEFILE.SYS
[WARNING] The file could not be opened!
C:\WINNT\Downloaded Program Files\fx.exe
[DETECTION] Contains recognition pattern of the DIAL/79728.A dialer
[NOTE] The file was deleted!
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.138 dropper
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '492bd59d.qua'!
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '4935d5fb.qua'!
C:\Documents and Settings\pbds\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
[0] Archive type: MS Outlook Mailbox
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:Fifth Third Bank - urgent security notification][From:support_ref27411@53.com]5894.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject![:p]( ":p")
lease Confirm Your Banking Details. -Mon, 12 Feb 2007 11:10:34 -0800][From:services-num18428761662ver@security.53.com]5968.html
[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:urgent notification.][From:reference-id_7178123@53.com]6160.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:Service Message. -Thu, 15 Feb 2007 02:12:03 -0800][From:customerservice_44552246137466ib@53.com]6176.html
[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.4 phishing file/email
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:Fifth Third Bank - 0fficial information. [Fri, 16 Feb 2007 21:53:06 -0800]][From:manager_23272835930ver@security.53.com]6263.html
[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:Stop looking for a new part-time job - here it is.][From![:D]( ":D")
ina.Bowman665@atlanta.com]6267.html
[DETECTION] Contains recognition pattern of the PHISH/Bankfraud.1 phishing file/email
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:Fifth Third Bank: Security Issues -Sun, 18 Feb 2007 15:31:04 -0800][From:clientservice-id05938832511395ib@53.com]6337.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject![:p]( ":p")
ayPal. Account Review Department][From:support@paypal.com]6474.html
[DETECTION] Contains recognition pattern of the PHISH/Paypalfraud.2 phishing file/email
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:Important announce][From:support_id189705ib@53.com]6481.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
C:\Documents and Settings\pbds\My Documents\Calvi_07_08\PhotoShop\Adobe.Photoshop.CS2.(v9.0).FR.Officielle.Incl-Crack.et.Keygen.par.eMule-Paradise.com.rar
[0] Archive type: RAR
--> Crack et Keygen\Keygen Photoshop CS2 Fr.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
[NOTE] The file was moved to '4931dbc8.qua'!
C:\Program Files\fx\fx.exe
[DETECTION] Contains recognition pattern of the DIAL/79728.A dialer
[NOTE] The file was deleted!
C:\Recycled\Dc41.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.128 dropper
C:\Recycled\Dc41.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48f6f0aa.qua'!
C:\Recycled\Dc44.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.128 dropper
C:\Recycled\Dc44.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48f6f0b8.qua'!
C:\Recycled\Dc42\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '4935f0c8.qua'!
C:\Recycled\Dc45\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '4935f0d0.qua'!
End of the scan: samedi, 6. septembre 2008 23:05
Used time: 2:23:01 Hour(s)
The scan has been done completely.
3752 Scanning directories
251859 Files were scanned
21 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
251837 Files not concerned
8186 Archives were scanned
2 Warnings
9 Notes
..et le 2ème
Avira AntiVir Personal
Report file date: samedi, 6. septembre 2008 23:10
Scanning for 1599979 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HARPE-PBDS
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 08:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 07:58:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 13:54:16
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 8/31/2008 18:04:16
ANTIVIR3.VDF : 7.0.6.124 202240 Bytes 9/5/2008 18:04:20
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 09:58:22
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 9/6/2008 18:04:44
AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 12:44:50
AERDL.DLL : 8.1.1.1 397683 Bytes 9/6/2008 18:04:40
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/15/2008 12:58:36
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 9/6/2008 18:04:38
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 9/6/2008 18:04:34
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 12:44:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 9/6/2008 18:04:24
AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 08:33:22
AECORE.DLL : 8.1.1.11 172406 Bytes 9/6/2008 18:04:22
AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 12:44:50
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 9/6/2008 18:04:20
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 13:34:38
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: samedi, 6. septembre 2008 23:10
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned
Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned
Scan process 'DashBoardS.exe' - '1' Module(s) have been scanned
Scan process 'stisvc.exe' - '1' Module(s) have been scanned
Scan process 'SecMIPService.e' - '1' Module(s) have been scanned
Scan process 'MSTask.exe' - '1' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned
Scan process 'regsvc.exe' - '1' Module(s) have been scanned
Scan process 'QCONSVC.EXE' - '1' Module(s) have been scanned
Scan process 'hidserv.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
21 processes with 21 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '55' files ).
Starting the file scan:
Begin scan in 'C:\' <IBM_PRELOAD>
C:\PAGEFILE.SYS
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\pbds\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
[0] Archive type: MS Outlook Mailbox
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:Fifth Third Bank - urgent security notification][From:support_ref27411@53.com]5894.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject![:p]( ":p")
lease Confirm Your Banking Details. -Mon, 12 Feb 2007 11:10:34 -0800][From:services-num18428761662ver@security.53.com]5968.html
[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:urgent notification.][From:reference-id_7178123@53.com]6160.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:Service Message. -Thu, 15 Feb 2007 02:12:03 -0800][From:customerservice_44552246137466ib@53.com]6176.html
[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.4 phishing file/email
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:Fifth Third Bank - 0fficial information. [Fri, 16 Feb 2007 21:53:06 -0800]][From:manager_23272835930ver@security.53.com]6263.html
[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:Stop looking for a new part-time job - here it is.][From![:D]( ":D")
ina.Bowman665@atlanta.com]6267.html
[DETECTION] Contains recognition pattern of the PHISH/Bankfraud.1 phishing file/email
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:Fifth Third Bank: Security Issues -Sun, 18 Feb 2007 15:31:04 -0800][From:clientservice-id05938832511395ib@53.com]6337.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject![:p]( ":p")
ayPal. Account Review Department][From:support@paypal.com]6474.html
[DETECTION] Contains recognition pattern of the PHISH/Paypalfraud.2 phishing file/email
--> Mailbox_[Folder![:D]( ":D")
eleted Items][Subject:Important announce][From:support_id189705ib@53.com]6481.html
[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
End of the scan: dimanche, 7. septembre 2008 00:03
Used time: 53:36 Minute(s)
The scan has been done completely.
3754 Scanning directories
248128 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
248117 Files not concerned
8177 Archives were scanned
3 Warnings
0 Notes
j'ai bien retiré Avast puis installé Antivir
j'ai scanné en SafeMode avec Antivir (et effacé qlq fichiers)
là je voulais relancer un SmitfraudFix mais il me mets un message d'erreur: "Fichier restart.exe absent ! Dezippez la totalité de l'archive dans un dossier" ..j'ai du effacer ce fichier
J'ai voulu re-downloader SmitfraudFix..mais le message est toujours le même..
J'aimerai faire tourner SmitfraudFix
Sinon voici les rapports (le 1er en SafeMode et le 2ème lorsque j'ai rebooté le PC en mode normal..sans que je lui demande)
le 1er:
Avira AntiVir Personal
Report file date: samedi, 6. septembre 2008 20:42
Scanning for 1599979 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Boot mode: Save mode
Username: Administrator
Computer name: HARPE-PBDS
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 08:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 07:58:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 13:54:16
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 8/31/2008 18:04:16
ANTIVIR3.VDF : 7.0.6.124 202240 Bytes 9/5/2008 18:04:20
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 09:58:22
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 9/6/2008 18:04:44
AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 12:44:50
AERDL.DLL : 8.1.1.1 397683 Bytes 9/6/2008 18:04:40
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/15/2008 12:58:36
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 9/6/2008 18:04:38
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 9/6/2008 18:04:34
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 12:44:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 9/6/2008 18:04:24
AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 08:33:22
AECORE.DLL : 8.1.1.11 172406 Bytes 9/6/2008 18:04:22
AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 12:44:50
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 9/6/2008 18:04:20
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 13:34:38
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: samedi, 6. septembre 2008 20:42
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
10 processes with 10 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '57' files ).
Starting the file scan:
Begin scan in 'C:\' <IBM_PRELOAD>
C:\PAGEFILE.SYS
[WARNING] The file could not be opened!
C:\WINNT\Downloaded Program Files\fx.exe
[DETECTION] Contains recognition pattern of the DIAL/79728.A dialer
[NOTE] The file was deleted!
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.138 dropper
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '492bd59d.qua'!
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '4935d5fb.qua'!
C:\Documents and Settings\pbds\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
[0] Archive type: MS Outlook Mailbox
--> Mailbox_[Folder
eleted Items][Subject:Fifth Third Bank - urgent security notification][From:support_ref27411@53.com]5894.html[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Folder
eleted Items][Subject
lease Confirm Your Banking Details. -Mon, 12 Feb 2007 11:10:34 -0800][From:services-num18428761662ver@security.53.com]5968.html[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
--> Mailbox_[Folder
eleted Items][Subject:urgent notification.][From:reference-id_7178123@53.com]6160.html[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Folder
eleted Items][Subject:Service Message. -Thu, 15 Feb 2007 02:12:03 -0800][From:customerservice_44552246137466ib@53.com]6176.html[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.4 phishing file/email
--> Mailbox_[Folder
eleted Items][Subject:Fifth Third Bank - 0fficial information. [Fri, 16 Feb 2007 21:53:06 -0800]][From:manager_23272835930ver@security.53.com]6263.html[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
--> Mailbox_[Folder
eleted Items][Subject:Stop looking for a new part-time job - here it is.][From ina.Bowman665@atlanta.com]6267.html[DETECTION] Contains recognition pattern of the PHISH/Bankfraud.1 phishing file/email
--> Mailbox_[Folder
eleted Items][Subject:Fifth Third Bank: Security Issues -Sun, 18 Feb 2007 15:31:04 -0800][From:clientservice-id05938832511395ib@53.com]6337.html[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Folder
eleted Items][Subject ayPal. Account Review Department][From:support@paypal.com]6474.html[DETECTION] Contains recognition pattern of the PHISH/Paypalfraud.2 phishing file/email
--> Mailbox_[Folder
eleted Items][Subject:Important announce][From:support_id189705ib@53.com]6481.html[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
C:\Documents and Settings\pbds\My Documents\Calvi_07_08\PhotoShop\Adobe.Photoshop.CS2.(v9.0).FR.Officielle.Incl-Crack.et.Keygen.par.eMule-Paradise.com.rar
[0] Archive type: RAR
--> Crack et Keygen\Keygen Photoshop CS2 Fr.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
[NOTE] The file was moved to '4931dbc8.qua'!
C:\Program Files\fx\fx.exe
[DETECTION] Contains recognition pattern of the DIAL/79728.A dialer
[NOTE] The file was deleted!
C:\Recycled\Dc41.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.128 dropper
C:\Recycled\Dc41.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48f6f0aa.qua'!
C:\Recycled\Dc44.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.128 dropper
C:\Recycled\Dc44.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48f6f0b8.qua'!
C:\Recycled\Dc42\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '4935f0c8.qua'!
C:\Recycled\Dc45\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '4935f0d0.qua'!
End of the scan: samedi, 6. septembre 2008 23:05
Used time: 2:23:01 Hour(s)
The scan has been done completely.
3752 Scanning directories
251859 Files were scanned
21 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
251837 Files not concerned
8186 Archives were scanned
2 Warnings
9 Notes
..et le 2ème
Avira AntiVir Personal
Report file date: samedi, 6. septembre 2008 23:10
Scanning for 1599979 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows 2000
Windows version: (Service Pack 4) [5.0.2195]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HARPE-PBDS
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 08:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 07:58:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 13:54:16
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 8/31/2008 18:04:16
ANTIVIR3.VDF : 7.0.6.124 202240 Bytes 9/5/2008 18:04:20
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 09:58:22
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 9/6/2008 18:04:44
AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 12:44:50
AERDL.DLL : 8.1.1.1 397683 Bytes 9/6/2008 18:04:40
AEPACK.DLL : 8.1.2.1 364917 Bytes 7/15/2008 12:58:36
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 9/6/2008 18:04:38
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 9/6/2008 18:04:34
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 12:44:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 9/6/2008 18:04:24
AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 08:33:22
AECORE.DLL : 8.1.1.11 172406 Bytes 9/6/2008 18:04:22
AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 12:44:50
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 9/6/2008 18:04:20
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 13:34:38
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: samedi, 6. septembre 2008 23:10
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned
Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned
Scan process 'DashBoardS.exe' - '1' Module(s) have been scanned
Scan process 'stisvc.exe' - '1' Module(s) have been scanned
Scan process 'SecMIPService.e' - '1' Module(s) have been scanned
Scan process 'MSTask.exe' - '1' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned
Scan process 'regsvc.exe' - '1' Module(s) have been scanned
Scan process 'QCONSVC.EXE' - '1' Module(s) have been scanned
Scan process 'hidserv.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
21 processes with 21 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '55' files ).
Starting the file scan:
Begin scan in 'C:\' <IBM_PRELOAD>
C:\PAGEFILE.SYS
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\pbds\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
[0] Archive type: MS Outlook Mailbox
--> Mailbox_[Folder
eleted Items][Subject:Fifth Third Bank - urgent security notification][From:support_ref27411@53.com]5894.html[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Folder
eleted Items][Subject lease Confirm Your Banking Details. -Mon, 12 Feb 2007 11:10:34 -0800][From:services-num18428761662ver@security.53.com]5968.html[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
--> Mailbox_[Folder
eleted Items][Subject:urgent notification.][From:reference-id_7178123@53.com]6160.html[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Folder
eleted Items][Subject:Service Message. -Thu, 15 Feb 2007 02:12:03 -0800][From:customerservice_44552246137466ib@53.com]6176.html[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.4 phishing file/email
--> Mailbox_[Folder
eleted Items][Subject:Fifth Third Bank - 0fficial information. [Fri, 16 Feb 2007 21:53:06 -0800]][From:manager_23272835930ver@security.53.com]6263.html[DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
--> Mailbox_[Folder
eleted Items][Subject:Stop looking for a new part-time job - here it is.][From ina.Bowman665@atlanta.com]6267.html[DETECTION] Contains recognition pattern of the PHISH/Bankfraud.1 phishing file/email
--> Mailbox_[Folder
eleted Items][Subject:Fifth Third Bank: Security Issues -Sun, 18 Feb 2007 15:31:04 -0800][From:clientservice-id05938832511395ib@53.com]6337.html[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
--> Mailbox_[Folder
eleted Items][Subject ayPal. Account Review Department][From:support@paypal.com]6474.html[DETECTION] Contains recognition pattern of the PHISH/Paypalfraud.2 phishing file/email
--> Mailbox_[Folder
eleted Items][Subject:Important announce][From:support_id189705ib@53.com]6481.html[DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
End of the scan: dimanche, 7. septembre 2008 00:03
Used time: 53:36 Minute(s)
The scan has been done completely.
3754 Scanning directories
248128 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
248117 Files not concerned
8177 Archives were scanned
3 Warnings
0 Notes
beh bien..mais je voulais refaire tourner SmitfraudFix pour voir s'il butait tjrs sur le message:
"AntiSPVSTFix.exe - Application error
the instrcution at "0x77fcb333" referenced memory at "0x00000000".
The memory could not be "written" "
sinon je suis sur le compte Admin pour les corrections..et je n'ai jamais eu de problème dessus
je retourne sur mon compte utilisateur et je te redis
en tout cas merci pour le temps passé..et désolé d'avoir installé Avast avant..j'ai bien lu les info sur forum.malekal.com
"AntiSPVSTFix.exe - Application error
the instrcution at "0x77fcb333" referenced memory at "0x00000000".
The memory could not be "written" "
sinon je suis sur le compte Admin pour les corrections..et je n'ai jamais eu de problème dessus
je retourne sur mon compte utilisateur et je te redis
en tout cas merci pour le temps passé..et désolé d'avoir installé Avast avant..j'ai bien lu les info sur forum.malekal.com
bonsoir
oui, le pop up adobe, c'est normal
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
![]()
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
![:hello:]( ":hello:")
oui, le pop up adobe, c'est normal
Supprime tous les programmes installés pour la désinfection.
Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.
Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.
Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.
~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
Lassé par la pub ? Créez un compte
- Contenus similaires :
