Scan hijackthis
Fermé
gilopeto
-
4 oct. 2008 à 13:28
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 5 oct. 2008 à 20:43
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 5 oct. 2008 à 20:43
A voir également:
- Scan hijackthis
- Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
- Genius scan - Télécharger - Organisation
- Scan now - Guide
- Gto scan ✓ - Forum Cinéma / Télé
- Les légendaires scan ✓ - Forum Réseaux sociaux
7 réponses
Voici le rapport:
SmitFraudFix v2.356
Rapport fait à 13:35:14,23, 04/10/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Aladdin Shared\eToken\etCoreMgr.exe
C:\Program Files\Fichiers communs\Aladdin Shared\eToken\StoreSyncExe.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\dcsm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\administrateur\local settings\application data\cowiqis.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\MicroAV.cpl PRESENT !
C:\WINDOWS\system32\tdssservers.dat détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssadw.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssinit.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssl.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdsslog.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssmain.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\drivers\tdssserv.sys détecté, utilisez un scanner de Rootkit
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\AntiSpywareExpert\ PRESENT !
C:\Program Files\MicroAntivirus\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="ugvqnu.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCB72BD7-19F0-47B8-A519-D4B193D8EB7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCB72BD7-19F0-47B8-A519-D4B193D8EB7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C7787EE1-8B2A-483C-8313-730F7026054C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FCB72BD7-19F0-47B8-A519-D4B193D8EB7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Merci beaucoup pour votre rapidité!!
SmitFraudFix v2.356
Rapport fait à 13:35:14,23, 04/10/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Aladdin Shared\eToken\etCoreMgr.exe
C:\Program Files\Fichiers communs\Aladdin Shared\eToken\StoreSyncExe.exe
C:\Program Files\Fichiers communs\DriveCleaner Free\dcsm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\administrateur\local settings\application data\cowiqis.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\MicroAV.cpl PRESENT !
C:\WINDOWS\system32\tdssservers.dat détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssadw.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssinit.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssl.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdsslog.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\tdssmain.dll détecté, utilisez un scanner de Rootkit
C:\WINDOWS\system32\drivers\tdssserv.sys détecté, utilisez un scanner de Rootkit
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\AntiSpywareExpert\ PRESENT !
C:\Program Files\MicroAntivirus\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="ugvqnu.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCB72BD7-19F0-47B8-A519-D4B193D8EB7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCB72BD7-19F0-47B8-A519-D4B193D8EB7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C7787EE1-8B2A-483C-8313-730F7026054C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FCB72BD7-19F0-47B8-A519-D4B193D8EB7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Merci beaucoup pour votre rapidité!!
Impossible de démarrer en mode sans échec.
Un écran bleu apparait après avoir sélectionner le mode et je n'ai pas le temps de lire que l'ordi redémarre déja...
Avez-vous une solution?
Merci
Un écran bleu apparait après avoir sélectionner le mode et je n'ai pas le temps de lire que l'ordi redémarre déja...
Avez-vous une solution?
Merci
Bonjour,
Voici le rapport smitfraudfix.cmd:
SmitFraudFix v2.356
Rapport fait à 14:17:50,64, 04/10/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\MicroAV.cpl supprimé
C:\Program Files\AntiSpywareExpert\ supprimé
C:\Program Files\MicroAntivirus\ supprimé
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCB72BD7-19F0-47B8-A519-D4B193D8EB7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCB72BD7-19F0-47B8-A519-D4B193D8EB7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C7787EE1-8B2A-483C-8313-730F7026054C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FCB72BD7-19F0-47B8-A519-D4B193D8EB7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Ensuite voici le rapport malwarebytes:
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3
05/10/2008 16:13:35
mbam-log-2008-10-05 (16-13-35).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 99812
Temps écoulé: 1 hour(s), 12 minute(s), 31 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 76
Processus mémoire infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner Free\dcsm.exe (Rogue.SystemDoctor) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\xxywVnmK.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\awtustqQ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ugvqnu.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36576c42-f115-4865-9799-9d8c4f085b28} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{36576c42-f115-4865-9799-9d8c4f085b28} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3dff68cd-d971-4fc1-89af-2c15651f27ab} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtustqq (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3dff68cd-d971-4fc1-89af-2c15651f27ab} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96c85e1c-c77c-4af9-a637-4fa093fc5a23} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{96c85e1c-c77c-4af9-a637-4fa093fc5a23} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\{65de966d-11d1-4bb1-bf7e-b8a273514daf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3dff68cd-d971-4fc1-89af-2c15651f27ab} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmn (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pcprivacycleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxywvnmk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxywvnmk -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: system32\ -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\ugvqnu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\awtustqQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xxywVnmK.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\KmnVwyxx.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\KmnVwyxx.ini2 (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\djpncdmi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imdcnpjd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlgxojer.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rejoxglj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tahiihda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adhiihat.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uqmadasj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jsadamqu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\viinuomi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imouniiv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ybjwnrjv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vjrnwjby.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ynlhotwd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwtohlny.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner Free\dcsm.exe (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP34\A0014706.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP35\A0016706.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP36\A0017706.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP37\A0019706.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP38\A0019707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP38\A0020707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP38\A0021707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP39\A0022707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP40\A0023707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP41\A0024707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP42\A0026707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP43\A0028707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP43\A0029707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP43\A0030707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abarunyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ccnwxd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eousvnku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etedjs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eulpor.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evkkaj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fajkuymy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geikaook.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gqoshj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hsxolm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\icnkstwd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilhymayr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lwrdgc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ngtamg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nridutpt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oadrnb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qdnywj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qmrfcl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMeFxyA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sxlwjbqx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uannaqjy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uetljofc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wrtplluv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wxodihhm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\PCPrivacyCleaner\pcpc.exe (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\casino1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\casino2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\casino3.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Et enfin le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:47, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Aladdin Shared\eToken\etCoreMgr.exe
C:\Program Files\Fichiers communs\Aladdin Shared\eToken\StoreSyncExe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [eTCoreManager] "C:\Program Files\Fichiers communs\Aladdin Shared\eToken\etCoreMgr.exe"
O4 - HKLM\..\Run: [eTMonitor] "C:\Program Files\Fichiers communs\Aladdin Shared\eToken\StoreSyncExe.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: ugvqnu.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Voici le rapport smitfraudfix.cmd:
SmitFraudFix v2.356
Rapport fait à 14:17:50,64, 04/10/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\MicroAV.cpl supprimé
C:\Program Files\AntiSpywareExpert\ supprimé
C:\Program Files\MicroAntivirus\ supprimé
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCB72BD7-19F0-47B8-A519-D4B193D8EB7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCB72BD7-19F0-47B8-A519-D4B193D8EB7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C7787EE1-8B2A-483C-8313-730F7026054C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FCB72BD7-19F0-47B8-A519-D4B193D8EB7E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Ensuite voici le rapport malwarebytes:
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 3
05/10/2008 16:13:35
mbam-log-2008-10-05 (16-13-35).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 99812
Temps écoulé: 1 hour(s), 12 minute(s), 31 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 76
Processus mémoire infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner Free\dcsm.exe (Rogue.SystemDoctor) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\xxywVnmK.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\awtustqQ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ugvqnu.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36576c42-f115-4865-9799-9d8c4f085b28} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{36576c42-f115-4865-9799-9d8c4f085b28} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3dff68cd-d971-4fc1-89af-2c15651f27ab} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtustqq (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3dff68cd-d971-4fc1-89af-2c15651f27ab} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96c85e1c-c77c-4af9-a637-4fa093fc5a23} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{96c85e1c-c77c-4af9-a637-4fa093fc5a23} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\{65de966d-11d1-4bb1-bf7e-b8a273514daf} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3dff68cd-d971-4fc1-89af-2c15651f27ab} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmn (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pcprivacycleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\xxywvnmk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\xxywvnmk -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Trace) -> Data: system32\ -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\ugvqnu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\awtustqQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xxywVnmK.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\KmnVwyxx.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\KmnVwyxx.ini2 (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\djpncdmi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imdcnpjd.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlgxojer.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rejoxglj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tahiihda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adhiihat.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uqmadasj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jsadamqu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\viinuomi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imouniiv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ybjwnrjv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vjrnwjby.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ynlhotwd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dwtohlny.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner Free\dcsm.exe (Rogue.SystemDoctor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP34\A0014706.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP35\A0016706.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP36\A0017706.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP37\A0019706.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP38\A0019707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP38\A0020707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP38\A0021707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP39\A0022707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP40\A0023707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP41\A0024707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP42\A0026707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP43\A0028707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP43\A0029707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2EF90099-3C70-470A-B92B-309C7E35DF4E}\RP43\A0030707.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abarunyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ccnwxd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eousvnku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etedjs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eulpor.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evkkaj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fajkuymy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geikaook.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gqoshj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hsxolm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\icnkstwd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilhymayr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lwrdgc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ngtamg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nridutpt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oadrnb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qdnywj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qmrfcl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMeFxyA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sxlwjbqx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uannaqjy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uetljofc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wrtplluv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wxodihhm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\PCPrivacyCleaner\pcpc.exe (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\casino1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\casino2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\casino3.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Et enfin le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:47, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Aladdin Shared\eToken\etCoreMgr.exe
C:\Program Files\Fichiers communs\Aladdin Shared\eToken\StoreSyncExe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [eTCoreManager] "C:\Program Files\Fichiers communs\Aladdin Shared\eToken\etCoreMgr.exe"
O4 - HKLM\..\Run: [eTMonitor] "C:\Program Files\Fichiers communs\Aladdin Shared\eToken\StoreSyncExe.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: ugvqnu.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
4 oct. 2008 à 13:31
4 oct. 2008 à 13:31
Bonjour
Télécharge sur le Bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
=> Double clic sur SmitfraudFix.zip
=> Extraire tout
=> Double clic sur SmitfraudFix
=> Double Clic sur SmitfraudFix.cmd
=> Choisir Option 1
=> poste le rapport
@+
Télécharge sur le Bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
=> Double clic sur SmitfraudFix.zip
=> Extraire tout
=> Double clic sur SmitfraudFix
=> Double Clic sur SmitfraudFix.cmd
=> Choisir Option 1
=> poste le rapport
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
4 oct. 2008 à 13:52
4 oct. 2008 à 13:52
Très bien
Redémarre l'ordinateur en mode sans échec
(tapoter F8 au boot pour obtenir le menu de démarrage ou http://service1.symantec.com/
* Double clique sur smitfraudfix.cmd
* Sélectionne 2 pour supprimer les fichiers responsables de l'infection.
A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.
A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
* Redémarre en mode normal et poste le rapport ici
N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
Attention que l'option 2 de l'outil supprime le fond d'écran !
Ensuite
Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
--------------------------
ensuite
* Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69
--------------------------
Ensuite refais un nouveau HijackThis
@+
Redémarre l'ordinateur en mode sans échec
(tapoter F8 au boot pour obtenir le menu de démarrage ou http://service1.symantec.com/
* Double clique sur smitfraudfix.cmd
* Sélectionne 2 pour supprimer les fichiers responsables de l'infection.
A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.
A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
* Redémarre en mode normal et poste le rapport ici
N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
Attention que l'option 2 de l'outil supprime le fond d'écran !
Ensuite
Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68
=> Installe le
=> Ensuite va en mode sans echec
Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
--------------------------
ensuite
* Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69
--------------------------
Ensuite refais un nouveau HijackThis
@+
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
4 oct. 2008 à 14:12
4 oct. 2008 à 14:12
passe le en mode normal
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
5 oct. 2008 à 20:43
5 oct. 2008 à 20:43
ok
on continu et on verras plus tard pour le MSE
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
il est important de le renommer dès la sauvegarde comme indiqué.
Avant de lancer le téléchargement
Clique droit sur le lien et tu choisis "enregistrer la cible du lien sous"
et tu le renomme par Combo-Fix.exe (remarque le trait d'union)
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.
on continu et on verras plus tard pour le MSE
Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
il est important de le renommer dès la sauvegarde comme indiqué.
Avant de lancer le téléchargement
Clique droit sur le lien et tu choisis "enregistrer la cible du lien sous"
et tu le renomme par Combo-Fix.exe (remarque le trait d'union)
* Déconnecte toi d'internet et ferme toutes tes applications.
* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,
* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
* /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\
* Attends que Combofix ait terminé, un rapport sera créé.
* réactive ton parefeu, ton antivirus, la garde de ton antispyware
* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt
* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.