Se connecter / S'enregistrer
Votre question

je cherche à retirer AntiSpyware de mon IE

Tags :
  • Antispyware
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Juillet 2008 00:18:45

--- RESOLU ---


ce message s'adresse à XmichouX,

comme suggéré il s'agit d'un nouveau sujet

(demande d'aide déjà envoyée une 1ère fois en mai
puis sujet similaire de sissi4000 il y a qlq jours)

voici le résultat du scann HijackThis:

"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:23, on 22.07.2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\S3Tray2.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\internat.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kmq0.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.restorebookmark.com/?cm [...] w.epfl.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7C109800-A5D5-438F-9640-18D17E168B88} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Live.com] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kmq0.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:\WINNT\system32\uyhjw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: Sesam Control Service (SesamService) - Swisscom Mobile - C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
O23 - Service: UDM Service - Swisscom Mobile - C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe

--
End of file - 6710 bytes

"

bonne soirée et merci d'avance

Autres pages sur : cherche retirer antispyware

30 Juillet 2008 13:43:34

Salut,

Télécharge SmitfraudFix (de S!ri).

  • Enregistre le sur ton Bureau.
  • Lance-le en double cliquant sur SmitfraudFix.exe
  • Appuie sur une touche comme demandé.
  • Exécute l’option 1, un rapport va apparaître, poste le.

    Le rapport se trouve ici : C:\rapport.txt
    21 Août 2008 19:42:20

    merci d'avance
    (pour info j'ai un Win2K)

    voici le nouveau rapport:

    "

    SmitFraudFix v2.338

    Scan done at 19:39:21.70, jeu. 21.08.2008
    Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
    OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
    The filesystem type is FAT32
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\ibmpmsvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\system32\hidserv.exe
    C:\WINNT\System32\QCONSVC.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\System32\SCardSvr.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\tp4serv.exe
    C:\WINNT\system32\ltmsg.exe
    C:\WINNT\system32\S3Tray2.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINNT\system32\PRPCUI.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    C:\WINNT\system32\RunDll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\QUICKT~1\PictureViewer.exe
    C:\Program Files\Microsoft Office\Office\POWERPNT.EXE
    C:\WINNT\system32\cmd.exe
    C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Policies.exe
    C:\WINNT\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"

    [HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
    @="C:\WINNT\system32\uyhjw.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
    @="C:\WINNT\system32\uyhjw.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINNT\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» RK



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel 8255x-based Integrated Fast Ethernet
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End




    "
    Contenus similaires
    21 Août 2008 21:28:27

    Re,

    Fais redémarrer ton ordinateur en mode sans échec
    - Au démarrage, après le chargement du bios, appuie successivement sur la touche F8 (ou F5) de ton clavier jusqu'à l'apparition d'un menu sur fond noir. Une fois arrivé à ce stade, sélectionne à l'aide du clavier Mode sans Echec.
    -- Dans ce mode, tu n'as pas accès à Internet, et tu te retrouves avec une configuration visuelle différente (pas de fond d'écran, icônes très grosses). Ne sois donc pas étonné.
    --- C'est pour ces différentes raisons que je t'invite à imprimer, noter, ou enregistrer dans un document texte les informations suivantes afin de ne pas être perdu.
    ---- ! Ne fais pas démarrer ton ordinateur en mode sans échec via MSConfig ! Pourquoi ? Certaines infections cassent les clefs du mode sans échec, ce qui ferait crasher ton ordinateur.

    Relance SmitfraudFix.

  • Choisis l’option 2. (Oui à toutes les questions)
  • Si tu dois faire redémarrer ton ordi, fais-le. Quoi qu'il en soit, fais redémarrer ton ordinateur à la fin du Fix.
  • Poste le rapport qui se situe dans C:\rapport.txt ainsi qu’un nouveau rapport HijackThis.

    Aide : Comment faire démarrer son ordinateur en mode sans échec.
    30 Août 2008 15:37:17

    XmichouX,

    Comme suggéré par le tuto "démarer en mode sans échec" j'ai fait tourner SmitfraudFix sur mon compte utilisateur et non pas sur le compte Admin (étant donné que mon Win2K est en anglais j'étais en "Safe Mode") [rapport_I]

    Le cleaning a échoué à la 1ère étape (Registry) avec le message suivant "Registry Editor - Cannot import cleanup.reg: Error accessing the registry"

    J'ai ensuite fait tourner SmitfraudFix sur le compte utilisateur [rapport_II]..avec le même message d'erreur

    Voici les 2 rapport

    rapport_I de 19h34:

    SmitFraudFix v2.338

    Scan done at 19:34:50.22, ven. 29.08.2008
    Run from C:\Documents and Settings\Administrator\Start Menu\SmitfraudFix
    OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
    The filesystem type is
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"

    [HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
    @="C:\WINNT\system32\uyhjw.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
    @="C:\WINNT\system32\uyhjw.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» RK


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


    ..et rapport_II de 19h52


    SmitFraudFix v2.338

    Scan done at 19:52:46.91, ven. 29.08.2008
    Run from C:\Documents and Settings\Administrator\Start Menu\SmitfraudFix
    OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
    The filesystem type is FAT32
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"

    [HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
    @="C:\WINNT\system32\uyhjw.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
    @="C:\WINNT\system32\uyhjw.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» RK


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E0204FFF-CAC6-4C04-8D6C-73681E6B57D7}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"

    [HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
    @="C:\WINNT\system32\uyhjw.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
    @="C:\WINNT\system32\uyhjw.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» End


    ..en espérant que ce ne soit pas trop infecté!
    d'avance merci et bon AM
    -pbds





    30 Août 2008 15:42:49

    Bonjour,

    Il y a une nouvelle version de SmitfraudFix.
    Peux-tu supprimer celle-ci et télécharger la nouvelle (même lien) et refaire l'option 2 directement.
    1 Septembre 2008 10:49:28

    Bonjour,

    J'ai effacé les anciennes version de SmitfraudFix
    puis j'ai installé la nouvelle
    puis je l'ai fait tourner sur mon compte Admin
    et j'ai eu le message d'erreur suivant:

    AntiSPVSTFix.exe - Application error
    the instrcution at "0x77fcb333" referenced memory at "0x00000000".
    The memory could not be "written"

    Voici le rapport généré par SmitfraudFix:

    SmitFraudFix v2.344

    Scan done at 10:37:42.25, lun. 01.09.2008
    Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
    OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
    The filesystem type is FAT32
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{4d51e91c-e917-4b7f-89ff-abe471e16927}"="enswathes"

    [HKEY_CLASSES_ROOT\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
    @="C:\WINNT\system32\uyhjw.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4d51e91c-e917-4b7f-89ff-abe471e16927}\InProcServer32]
    @="C:\WINNT\system32\uyhjw.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix




    ..et celui de HijackThis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:45:21, on 01.09.2008
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\ibmpmsvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\system32\hidserv.exe
    C:\WINNT\System32\QCONSVC.EXE
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\System32\SCardSvr.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
    C:\WINNT\system32\stisvc.exe
    C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\tp4serv.exe
    C:\WINNT\system32\ltmsg.exe
    C:\WINNT\system32\S3Tray2.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINNT\system32\PRPCUI.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    C:\WINNT\system32\RunDll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
    O4 - HKLM\..\Run: [tourpath] regedit /s c:\winnt\tour.reg
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
    O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Internat.exe] internat.exe
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.c...
    O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:\WINNT\system32\uyhjw.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
    O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE
    O23 - Service: Sesam Control Service (SesamService) - Swisscom Mobile - C:\Program Files\Swisscom Mobile\Sesam\BIN\SecMIPService.exe
    O23 - Service: UDM Service - Swisscom Mobile - C:\Program Files\Swisscom Mobile\Unlimited Data Manager\DashBoardS.exe

    --
    End of file - 5138 bytes


    ..Merci

    3 Septembre 2008 18:27:48

    bonjour
    ~Lance Hijackthis “Do a system scan only”.
    Coche les lignes qui suivent si encore présentes et uniquement celles-là.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:\WINNT\system32\uyhjw.dll (file missing)


    Clique sur Fix checked (en bas à gauche)


    Voilà ce que je te propose, tu vas remplacer Avast! par Antivir, qui est gratuit aussi mais beaucoup plus efficace, tu vas faire un scan avec et poster le rapport. :) 


    Désinstalle correctement Avast!


    Pour le remplacer par Antivir.

    -->Tuto<--


    Pourquoi changer ? : Avast! vs Antivir
    mais aussi:
    14 antivirus au banc d'essai
    7 Septembre 2008 00:43:33

    j'ai bien lanceé Hijackthis “Do a system scan only” puis coché les ligne R0 et O22

    j'ai bien retiré Avast puis installé Antivir

    j'ai scanné en SafeMode avec Antivir (et effacé qlq fichiers)

    là je voulais relancer un SmitfraudFix mais il me mets un message d'erreur: "Fichier restart.exe absent ! Dezippez la totalité de l'archive dans un dossier" ..j'ai du effacer ce fichier

    J'ai voulu re-downloader SmitfraudFix..mais le message est toujours le même..
    J'aimerai faire tourner SmitfraudFix

    Sinon voici les rapports (le 1er en SafeMode et le 2ème lorsque j'ai rebooté le PC en mode normal..sans que je lui demande)


    le 1er:


    Avira AntiVir Personal
    Report file date: samedi, 6. septembre 2008 20:42

    Scanning for 1599979 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows 2000
    Windows version: (Service Pack 4) [5.0.2195]
    Boot mode: Save mode
    Username: Administrator
    Computer name: HARPE-PBDS

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 08:57:54
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 07:56:42
    LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 12:44:20
    LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 07:58:54
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 13:54:16
    ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 8/31/2008 18:04:16
    ANTIVIR3.VDF : 7.0.6.124 202240 Bytes 9/5/2008 18:04:20
    Engineversion : 8.1.1.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 09:58:22
    AESCRIPT.DLL : 8.1.0.70 319866 Bytes 9/6/2008 18:04:44
    AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 12:44:50
    AERDL.DLL : 8.1.1.1 397683 Bytes 9/6/2008 18:04:40
    AEPACK.DLL : 8.1.2.1 364917 Bytes 7/15/2008 12:58:36
    AEOFFICE.DLL : 8.1.0.23 196987 Bytes 9/6/2008 18:04:38
    AEHEUR.DLL : 8.1.0.51 1397111 Bytes 9/6/2008 18:04:34
    AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 12:44:50
    AEGEN.DLL : 8.1.0.36 315764 Bytes 9/6/2008 18:04:24
    AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 08:33:22
    AECORE.DLL : 8.1.1.11 172406 Bytes 9/6/2008 18:04:22
    AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 12:44:50
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 08:40:06
    AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 09:28:02
    AVREP.DLL : 8.0.0.2 98344 Bytes 9/6/2008 18:04:20
    AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 11:26:42
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 08:29:24
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 12:27:50
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 17:28:04
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 12:49:42
    NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 12:05:12
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 13:48:08
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 13:34:38

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
    Macro heuristic..................: on
    File heuristic...................: high
    Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

    Start of the scan: samedi, 6. septembre 2008 20:42

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    10 processes with 10 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '57' files ).


    Starting the file scan:

    Begin scan in 'C:\' <IBM_PRELOAD>
    C:\PAGEFILE.SYS
    [WARNING] The file could not be opened!
    C:\WINNT\Downloaded Program Files\fx.exe
    [DETECTION] Contains recognition pattern of the DIAL/79728.A dialer
    [NOTE] The file was deleted!
    C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.138 dropper
    C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe
    [0] Archive type: RAR SFX (self extracting)
    --> SmitfraudFix\restart.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was moved to '492bd59d.qua'!
    C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was moved to '4935d5fb.qua'!
    C:\Documents and Settings\pbds\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
    [0] Archive type: MS Outlook Mailbox
    --> Mailbox_[Folder:D eleted Items][Subject:Fifth Third Bank - urgent security notification][From:support_ref27411@53.com]5894.html
    [DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
    --> Mailbox_[Folder:D eleted Items][Subject:p lease Confirm Your Banking Details. -Mon, 12 Feb 2007 11:10:34 -0800][From:services-num18428761662ver@security.53.com]5968.html
    [DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
    --> Mailbox_[Folder:D eleted Items][Subject:urgent notification.][From:reference-id_7178123@53.com]6160.html
    [DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
    --> Mailbox_[Folder:D eleted Items][Subject:Service Message. -Thu, 15 Feb 2007 02:12:03 -0800][From:customerservice_44552246137466ib@53.com]6176.html
    [DETECTION] Contains recognition pattern of the PHISH/53bkfraud.4 phishing file/email
    --> Mailbox_[Folder:D eleted Items][Subject:Fifth Third Bank - 0fficial information. [Fri, 16 Feb 2007 21:53:06 -0800]][From:manager_23272835930ver@security.53.com]6263.html
    [DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
    --> Mailbox_[Folder:D eleted Items][Subject:Stop looking for a new part-time job - here it is.][From:D ina.Bowman665@atlanta.com]6267.html
    [DETECTION] Contains recognition pattern of the PHISH/Bankfraud.1 phishing file/email
    --> Mailbox_[Folder:D eleted Items][Subject:Fifth Third Bank: Security Issues -Sun, 18 Feb 2007 15:31:04 -0800][From:clientservice-id05938832511395ib@53.com]6337.html
    [DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
    --> Mailbox_[Folder:D eleted Items][Subject:p ayPal. Account Review Department][From:support@paypal.com]6474.html
    [DETECTION] Contains recognition pattern of the PHISH/Paypalfraud.2 phishing file/email
    --> Mailbox_[Folder:D eleted Items][Subject:Important announce][From:support_id189705ib@53.com]6481.html
    [DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
    [WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!
    C:\Documents and Settings\pbds\My Documents\Calvi_07_08\PhotoShop\Adobe.Photoshop.CS2.(v9.0).FR.Officielle.Incl-Crack.et.Keygen.par.eMule-Paradise.com.rar
    [0] Archive type: RAR
    --> Crack et Keygen\Keygen Photoshop CS2 Fr.exe
    [DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
    [NOTE] The file was moved to '4931dbc8.qua'!
    C:\Program Files\fx\fx.exe
    [DETECTION] Contains recognition pattern of the DIAL/79728.A dialer
    [NOTE] The file was deleted!
    C:\Recycled\Dc41.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.128 dropper
    C:\Recycled\Dc41.exe
    [0] Archive type: RAR SFX (self extracting)
    --> SmitfraudFix\restart.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was moved to '48f6f0aa.qua'!
    C:\Recycled\Dc44.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.128 dropper
    C:\Recycled\Dc44.exe
    [0] Archive type: RAR SFX (self extracting)
    --> SmitfraudFix\restart.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was moved to '48f6f0b8.qua'!
    C:\Recycled\Dc42\restart.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was moved to '4935f0c8.qua'!
    C:\Recycled\Dc45\restart.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was moved to '4935f0d0.qua'!


    End of the scan: samedi, 6. septembre 2008 23:05
    Used time: 2:23:01 Hour(s)

    The scan has been done completely.

    3752 Scanning directories
    251859 Files were scanned
    21 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    2 files were deleted
    0 files were repaired
    7 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    251837 Files not concerned
    8186 Archives were scanned
    2 Warnings
    9 Notes

    ..et le 2ème



    Avira AntiVir Personal
    Report file date: samedi, 6. septembre 2008 23:10

    Scanning for 1599979 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows 2000
    Windows version: (Service Pack 4) [5.0.2195]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: HARPE-PBDS

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 08:57:54
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 07:56:42
    LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 12:44:20
    LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 07:58:54
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 13:54:16
    ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 8/31/2008 18:04:16
    ANTIVIR3.VDF : 7.0.6.124 202240 Bytes 9/5/2008 18:04:20
    Engineversion : 8.1.1.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 09:58:22
    AESCRIPT.DLL : 8.1.0.70 319866 Bytes 9/6/2008 18:04:44
    AESCN.DLL : 8.1.0.23 119156 Bytes 7/10/2008 12:44:50
    AERDL.DLL : 8.1.1.1 397683 Bytes 9/6/2008 18:04:40
    AEPACK.DLL : 8.1.2.1 364917 Bytes 7/15/2008 12:58:36
    AEOFFICE.DLL : 8.1.0.23 196987 Bytes 9/6/2008 18:04:38
    AEHEUR.DLL : 8.1.0.51 1397111 Bytes 9/6/2008 18:04:34
    AEHELP.DLL : 8.1.0.15 115063 Bytes 7/10/2008 12:44:50
    AEGEN.DLL : 8.1.0.36 315764 Bytes 9/6/2008 18:04:24
    AEEMU.DLL : 8.1.0.7 430452 Bytes 7/31/2008 08:33:22
    AECORE.DLL : 8.1.1.11 172406 Bytes 9/6/2008 18:04:22
    AEBB.DLL : 8.1.0.1 53617 Bytes 7/10/2008 12:44:50
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 08:40:06
    AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 09:28:02
    AVREP.DLL : 8.0.0.2 98344 Bytes 9/6/2008 18:04:20
    AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 11:26:42
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 08:29:24
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 12:27:50
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 17:28:04
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 12:49:42
    NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 12:05:12
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 13:48:08
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 13:34:38

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
    Macro heuristic..................: on
    File heuristic...................: high
    Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

    Start of the scan: samedi, 6. septembre 2008 23:10

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned
    Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned
    Scan process 'DashBoardS.exe' - '1' Module(s) have been scanned
    Scan process 'stisvc.exe' - '1' Module(s) have been scanned
    Scan process 'SecMIPService.e' - '1' Module(s) have been scanned
    Scan process 'MSTask.exe' - '1' Module(s) have been scanned
    Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned
    Scan process 'regsvc.exe' - '1' Module(s) have been scanned
    Scan process 'QCONSVC.EXE' - '1' Module(s) have been scanned
    Scan process 'hidserv.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '0' Module(s) have been scanned
    Scan process 'sched.exe' - '0' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    21 processes with 21 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '55' files ).


    Starting the file scan:

    Begin scan in 'C:\' <IBM_PRELOAD>
    C:\PAGEFILE.SYS
    [WARNING] The file could not be opened!
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\pbds\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
    [0] Archive type: MS Outlook Mailbox
    --> Mailbox_[Folder:D eleted Items][Subject:Fifth Third Bank - urgent security notification][From:support_ref27411@53.com]5894.html
    [DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
    --> Mailbox_[Folder:D eleted Items][Subject:p lease Confirm Your Banking Details. -Mon, 12 Feb 2007 11:10:34 -0800][From:services-num18428761662ver@security.53.com]5968.html
    [DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
    --> Mailbox_[Folder:D eleted Items][Subject:urgent notification.][From:reference-id_7178123@53.com]6160.html
    [DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
    --> Mailbox_[Folder:D eleted Items][Subject:Service Message. -Thu, 15 Feb 2007 02:12:03 -0800][From:customerservice_44552246137466ib@53.com]6176.html
    [DETECTION] Contains recognition pattern of the PHISH/53bkfraud.4 phishing file/email
    --> Mailbox_[Folder:D eleted Items][Subject:Fifth Third Bank - 0fficial information. [Fri, 16 Feb 2007 21:53:06 -0800]][From:manager_23272835930ver@security.53.com]6263.html
    [DETECTION] Contains recognition pattern of the PHISH/53bkfraud.2 phishing file/email
    --> Mailbox_[Folder:D eleted Items][Subject:Stop looking for a new part-time job - here it is.][From:D ina.Bowman665@atlanta.com]6267.html
    [DETECTION] Contains recognition pattern of the PHISH/Bankfraud.1 phishing file/email
    --> Mailbox_[Folder:D eleted Items][Subject:Fifth Third Bank: Security Issues -Sun, 18 Feb 2007 15:31:04 -0800][From:clientservice-id05938832511395ib@53.com]6337.html
    [DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
    --> Mailbox_[Folder:D eleted Items][Subject:p ayPal. Account Review Department][From:support@paypal.com]6474.html
    [DETECTION] Contains recognition pattern of the PHISH/Paypalfraud.2 phishing file/email
    --> Mailbox_[Folder:D eleted Items][Subject:Important announce][From:support_id189705ib@53.com]6481.html
    [DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus
    [WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted!


    End of the scan: dimanche, 7. septembre 2008 00:03
    Used time: 53:36 Minute(s)

    The scan has been done completely.

    3754 Scanning directories
    248128 Files were scanned
    9 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    248117 Files not concerned
    8177 Archives were scanned
    3 Warnings
    0 Notes



    7 Septembre 2008 18:19:20

    re

    logique que SmitfraudFix ne marche plus.
    Antivir shoote une partie de l'outil en croyant que c'est infectieux.

    Comment se comporte ton pc?
    7 Septembre 2008 20:18:25

    beh bien..mais je voulais refaire tourner SmitfraudFix pour voir s'il butait tjrs sur le message:
    "AntiSPVSTFix.exe - Application error
    the instrcution at "0x77fcb333" referenced memory at "0x00000000".
    The memory could not be "written" "

    sinon je suis sur le compte Admin pour les corrections..et je n'ai jamais eu de problème dessus

    je retourne sur mon compte utilisateur et je te redis

    en tout cas merci pour le temps passé..et désolé d'avoir installé Avast avant..j'ai bien lu les info sur forum.malekal.com

    7 Septembre 2008 21:25:05

    impeccable: je suis sur mon compte utilisateur..et plus d'Antispyware dans le menu "outils"

    merci bcp!

    sinon j'ai régulièrement un pop-up de Adobe pour que j'installe "Adobe Flash Player Installer" ..est-ce que je peux avoir confirance?

    bonne soirée
    8 Septembre 2008 20:35:57

    bonsoir
    oui, le pop up adobe, c'est normal

    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

    :hello: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS