Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

bcp bcp de beug --> infections ???

deceiver

Par deceiver
dans Analyses et éradication malwares

 Partager

Messages recommandés

deceiver Member

deceiver

Posté(e)
  • Auteur
Posté(e)

Voici mon rapport aprés le reboot éfectué avec FixWareout :

 

Fixwareout ver 1.003

Last edited 8/11/2006

Post this report in the forums please

 

Reg Entries that were deleted

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B772480EE84C-EE89-8584-7A0E-4467D623{

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7AB5557C7FBB-82C9-06D4-A16F-11182AF5{

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\rwkmd

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1trap

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\2trap

...

 

Microsoft ® Windows Script Host Version 5.6

Random Runs removed from HKLM

"dmkwr.exe"=-

...

 

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

 

»»»»» Searching by size/names...

* csr.exe C:\WINDOWS\System32\CSREN.EXE

 

»»»»»

Search five digit cs, dm and jb files.

This WILL/CAN also list Legit Files, Submit them at Virustotal

C:\WINDOWS\SYSTEM32\CSREN.EXE 51 279 2006-08-13

C:\WINDOWS\SYSTEM32\DMKWR.EXE 62 001 2004-08-19

 

Other suspects.

Directory of C:\WINDOWS\system32

 

»»»»» Misc files.

 

»»»»» Checking for older varients covered by the Rem3 tool.

 

 

 

 

 

Et le rapport hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 19:21:15, on 25/09/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program Files\MPVIDEOCODEC\isaddon.dll

O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\IntCodec\iesplugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: antipc.lnk = C:\WINDOWS\antipc.bat

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{39F583D9-3FE6-46E4-A66E-5731A3D1CF58}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{986E720E-3570-4FCC-BED8-1CDBB273FC15}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF7060B-5AA0-41D1-8211-F6735EDAAE69}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{B42302C4-F7C4-463E-A32A-CB9319A6C2F8}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBECF501-8D0C-4DD8-97A0-A9E710619136}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{E785CE07-EAAD-484C-8B07-2E8DBFA70F0D}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15

O17 - HKLM\System\CS2\Services\Tcpip\..\{39F583D9-3FE6-46E4-A66E-5731A3D1CF58}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15

O17 - HKLM\System\CS3\Services\Tcpip\..\{39F583D9-3FE6-46E4-A66E-5731A3D1CF58}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - C:\WINDOWS\system32\vpxnk.dll

O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Add-on\wlancfg.exe

Lien vers le commentaire
Partager sur d’autres sites

narco4 Mega Power Member

narco4

Posté(e)
Posté(e)

re,

 

 

voici ce que tu va faire

 

 

déconnécte toi d'internet

relance hijackthis pour un scan seulement

puis coche ces lignes

 

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{39F583D9-3FE6-46E4-A66E-5731A3D1CF58}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{986E720E-3570-4FCC-BED8-1CDBB273FC15}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF7060B-5AA0-41D1-8211-F6735EDAAE69}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{B42302C4-F7C4-463E-A32A-CB9319A6C2F8}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBECF501-8D0C-4DD8-97A0-A9E710619136}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CCS\Services\Tcpip\..\{E785CE07-EAAD-484C-8B07-2E8DBFA70F0D}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15

O17 - HKLM\System\CS2\Services\Tcpip\..\{39F583D9-3FE6-46E4-A66E-5731A3D1CF58}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15

O17 - HKLM\System\CS3\Services\Tcpip\..\{39F583D9-3FE6-46E4-A66E-5731A3D1CF58}: NameServer = 85.255.115.4,85.255.112.15

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.4 85.255.112.15

 

ferme toutes les fenétres windows puis clique sur fixer objet

 

et

 

 

* Télécharge SmitfraudFix sur

 

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

 

* Dézippe la totalité de l'archive smitfraudfix.zip

 

Utilisation ----- option 1 - Recherche :

 

* Double clique sur smitfraudfix.cmd

* Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.

 

* Poste le rapport ici

(d'autres instructions suivront ensuite)

 

process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

 

poste un nouveau rapport hijackthis et le rapport SmitfraudFix

Lien vers le commentaire
Partager sur d’autres sites
deceiver Member

deceiver

Posté(e)
  • Auteur
Posté(e)

Rapport SmitFraudFix v2.25

 

Rapport fait à 22:29:28,28 le 25/09/2006

Executé à partir de C:\Documents and Settings\deceiver\Mes documents\trojan\Nouveau dossier\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600]

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

 

C:\WINDOWS\system32\hp????.tmp PRESENT !

C:\WINDOWS\system32\ld????.tmp PRESENT !

C:\WINDOWS\system32\ot.ico PRESENT !

C:\WINDOWS\system32\ts.ico PRESENT !

C:\WINDOWS\system32\1024\ PRESENT!

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\deceiver\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Favoris

 

C:\Documents and Settings\deceiver\Favoris\Antivirus Test Online.url PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

 

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

@="%SystemRoot%\System32\browseui.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]

@="%SystemRoot%\System32\browseui.dll"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

 

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

@="%SystemRoot%\System32\browseui.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]

@="%SystemRoot%\System32\browseui.dll"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

 

 

Rapport hijackthis

 

 

Logfile of HijackThis v1.99.1

Scan saved at 22:32:33, on 25/09/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\eChanblard\emule.exe

C:\Program Files\Valve\Steam\Steam.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\notepad.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: (no name) - {5753791b-f607-48ca-814e-91c14d081f9e} - C:\Program Files\MPVIDEOCODEC\isaddon.dll

O2 - BHO: (no name) - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: Protection Bar - {d1ac752e-883f-4ed8-8828-b618c3a72152} - C:\Program Files\IntCodec\iesplugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: antipc.lnk = C:\WINDOWS\antipc.bat

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O21 - SSODL: altmannsberger - {210b4043-35ca-4aa0-8796-191f9663dfb3} - C:\WINDOWS\system32\vpxnk.dll

O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Add-on\wlancfg.exe

Lien vers le commentaire
Partager sur d’autres sites
narco4 Mega Power Member

narco4

Posté(e)
Posté(e) (modifié)

re,

 

EDIT/ retélécharge smitfraudfix cela n'et plus la bonne vérsion

on et a la vérsion2.100

 

 

telecharge Ewido

http://www.ewido.net/en/download/

Tu l'installes.

Lance Ewido et clique sur le bouton Update (barre d'outils - au haut).

Sous Manual Update clique Start update. Patiente jusqu'à l'affichage "Update successful".

c'est tout

 

 

* Redémarre Impérativement en mode sans échec

Attention, tu n'as pas accès à Internet dans ce mode, note bien ce que tu as à faire ou imprime cette page.

- Démarre l'ordinateur

- une fois le téléchargement du BIOS terminé, il y a un écran noir

- appuye sur la touche F8 ou F5, jusqu'à l'affichage du menu des options avancées de Windows

- avec les touches du curseur, sélectionne le mode sans échec approprié et appuye sur Entré.

 

Utilisation ----- option 2 -Nettoyage

Double cliquer sur smitfraudfix.cmd

Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu

 

 

N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1

Attention que l'option 2 de l'outil supprime le fond d'écran !

 

lance ewido

Clique sur le bouton Scanner (de la barre d'outils) et ensuite clique sur Complete System Scan.

A la fin du scan, choisis l'option " Apply All Actions ".

Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit facile à retrouver.

Poste son rapport.

 

redémarre normalement

 

poste le rapport smitfraudfix ewido et nouveau hijackthis

Modifié par narco4
Lien vers le commentaire
Partager sur d’autres sites
deceiver Member

deceiver

Posté(e)
  • Auteur
Posté(e)

SmitFraudFix v2.100

 

Rapport fait à 7:28:22,04, 26/09/2006

Executé à partir de C:\Documents and Settings\deceiver\Mes documents\trojan\Nouveau dossier\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\atmclk.exe PRESENT !

C:\WINDOWS\system32\dcomcfg.exe PRESENT !

C:\WINDOWS\system32\hp???.tmp PRESENT !

C:\WINDOWS\system32\hp????.tmp PRESENT !

C:\WINDOWS\system32\ld???.tmp PRESENT !

C:\WINDOWS\system32\ld????.tmp PRESENT !

C:\WINDOWS\system32\mzoeut.dll PRESENT !

C:\WINDOWS\system32\ot.ico PRESENT !

C:\WINDOWS\system32\regperf.exe PRESENT !

C:\WINDOWS\system32\simpole.tlb PRESENT !

C:\WINDOWS\system32\stdole3.tlb PRESENT !

C:\WINDOWS\system32\ts.ico PRESENT !

C:\WINDOWS\system32\vpxnk.dll PRESENT !

C:\WINDOWS\system32\1024\ PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\deceiver

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\deceiver\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !

C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\deceiver\Favoris

 

C:\DOCUME~1\deceiver\Favoris\Antivirus Test Online.url PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

C:\Program Files\eMedia Codec\ PRESENT !

C:\Program Files\IntCodec\ PRESENT !

C:\Program Files\MPVIDEOCODEC\ PRESENT !

C:\Program Files\SpyQuake2.com\ PRESENT !

C:\Program Files\ZipCodec\ PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"altmannsberger"="{210b4043-35ca-4aa0-8796-191f9663dfb3}"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

 

Par contre pour le logiciel Ewido, je n'arrive pas a faire la mise a jour , il me marque : not update was available

Lien vers le commentaire
Partager sur d’autres sites
deceiver Member

deceiver

Posté(e)
  • Auteur
Posté(e)

Voila j'ai pas pu rebooté en mode sans echec car mon pc redemarre automatiquement quand je coisit ce mode, j'ai donc fait un nettoyage avec smithfraud .Sinon mon fond écran a bien disparu .

Pour le fix j'ai pas trop compris a quelle moment il intervient ??!!

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 19:02:04 26/09/2006

 

+ Scan result:

 

 

 

HKU\S-1-5-21-515967899-1960408961-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5753791B-F607-48CA-814E-91C14D081F9E} -> Adware.Generic : Cleaned with backup (quarantined).

C:\eChanblard\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.

C:\eChanblard\config\last.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored.

:mozilla.304:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.7:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\deceiver\Cookies\deceiver@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.226:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.227:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.29:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.30:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.51:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.52:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.53:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.344:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.55:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\deceiver\Cookies\deceiver@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.

:mozilla.403:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.404:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.422:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.423:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.

:mozilla.28:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.

:mozilla.32:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.

:mozilla.33:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.

:mozilla.27:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.479:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.

:mozilla.273:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Estat : Cleaned.

C:\Documents and Settings\deceiver\Cookies\deceiver@estat[1].txt -> TrackingCookie.Estat : Cleaned.

:mozilla.294:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.295:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.297:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.298:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.299:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\deceiver\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.

C:\Documents and Settings\deceiver\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.508:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.407:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.

:mozilla.83:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.

:mozilla.290:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.456:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned.

C:\Documents and Settings\deceiver\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.330:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.331:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.325:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.326:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.327:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.328:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.329:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\deceiver\Cookies\deceiver@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.100:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.101:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.102:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.103:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.104:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.105:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.106:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.107:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.108:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.109:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.110:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.111:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.112:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.113:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.114:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.115:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.116:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.117:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.118:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.119:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.120:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.121:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.122:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.123:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.124:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.125:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.126:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.127:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.128:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.129:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.130:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.131:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.132:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.133:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.134:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.135:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.136:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.137:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.138:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.139:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.140:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.141:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.142:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.143:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.144:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.145:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.146:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.97:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.98:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.99:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.237:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.

:mozilla.238:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.

:mozilla.239:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.

:mozilla.240:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.

:mozilla.34:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.35:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.36:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.

C:\Documents and Settings\deceiver\Cookies\[email protected][1].txt -> TrackingCookie.Smartadserver : Cleaned.

C:\Documents and Settings\deceiver\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Smartadserver : Cleaned.

:mozilla.460:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.

C:\Documents and Settings\deceiver\Cookies\deceiver@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.

:mozilla.68:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.69:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.70:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

C:\Documents and Settings\deceiver\Cookies\deceiver@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.

C:\Documents and Settings\deceiver\Local Settings\Temp\Cookies\deceiver@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.

:mozilla.473:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.

:mozilla.474:C:\Documents and Settings\deceiver\Application Data\Mozilla\Firefox\Profiles\gj52wu5e.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.

C:\Documents and Settings\deceiver\Cookies\deceiver@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

 

 

::Report end

Lien vers le commentaire
Partager sur d’autres sites
narco4 Mega Power Member

narco4

Posté(e)
Posté(e)

re,

 

as tu fais SmitfraudFix en mode sans echec?

Poste son rapport et nouveau hijackthis

 

 

si tu a des soucies avec le mode sans echec regarde cela

 

(choisis ta version de windows, si tu le peux, utilise préférentiellement la touche F8 ) : http://service1.symantec.com/SUPPORT/INTER...020905112131924

Lien vers le commentaire
Partager sur d’autres sites
deceiver Member

deceiver

Posté(e)
  • Auteur
Posté(e)

SmitFraudFix v2.100

Rapport fait à 20:14:40,78, 26/09/2006

Executé à partir de C:\Documents and Settings\deceiver\Mes documents\trojan\Nouveau dossier\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

C:\WINDOWS\system32\hp???.tmp supprimé

C:\WINDOWS\system32\ld???.tmp supprimé

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:21:42, on 26/09/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\eChanblard\emule.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: antipc.lnk = C:\WINDOWS\antipc.bat

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7192C030-866D-49A8-B560-627119DD1A92}: NameServer = 85.255.115.4,85.255.112.15

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Add-on\wlancfg.exe

Lien vers le commentaire
Partager sur d’autres sites
narco4 Mega Power Member

narco4

Posté(e)
Posté(e)

Télécharge FixWareout de l'un de ces deux liens :

http://downloads.subratam.org/Fixwareout.exe

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

 

Sauvegarde-le sur ton Bureau, puis lance-le.

Clique Next, puis Install, et assure-toi que "Run fixit" soit coché, puis clique Finish.

Suis les directives à l'écran.

L'outil va te demander de redémarrer ton PC; fais-le s'il te plaît.

Le redémarrage risque de prendre un peu plus de temps; ceci est normal.

Lorsque redémarré, un fichier texte apparaîtra (report.txt); copie/colle ce rapport dans ta prochaine réponse, avec un nouveau rapport HijackThis! également.

-------------------------

 

pourquoi SmitFraudFix v2.100 a etait executé en mode normal???

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...