|
| |||||||
| S'inscrire | Site Spy | Liste des membres | Faire un don | Recherche | Aujourd'hui, les postes | Marquer les forums comme lus | Forum Rules |
 |
 |
| | Thread Tools |
|
#1
5 février 2008, 12:35
| |||
| |||
| Virus Smitfraud Bonjour Je suis nouveau au conseil d'administration, et je voudrais contribuer à l'élimination d'un virus qui, je pense qu'il mai à Smitfraud, et il a détourné de mon navigateur. J'ai couru AVG et Adaware, mais il n'aide pas. L'OS est XP voici le log. Merci d'avance pour votre aide. Logfile de HijackThis v1.99.1 Scan sauvé à 19:35:19, le 05.02.2008 Plate-forme: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ WINDOWS \ system32 \ Cisvc.exe C: \ WINDOWS \ system32 \ lxcecoms.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ system32 \ UAService7.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ system32 \ igfxpers.exe C: \ WINDOWS \ system32 \ hkcmd.exe C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe C: \ Program Files \ Thomson \ SpeedTouch USB \ dragdiag.exe C: \ Program Files \ PowerISO \ PWRISOVM.EXE C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe C: \ Program Files \ Dell Support \ DSAgnt.exe C: \ Program Files \ MSN Messenger \ msnmsgr.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Program Files \ HJT \ HijackThis.exe O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll O4 - HKLM \ .. \ Run: [Persistence] C: \ WINDOWS \ system32 \ igfxpers.exe O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Fichiers communs \ InstallShield \ UpdateService \ issch.exe"-start O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe" / s O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Program Files \ Thomson \ SpeedTouch USB \ dragdiag.exe" / icon O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimiser O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Support \ DSAgnt.exe" / startup O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe O8 - Extra du menu contextuel: & Windows Live Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm O8 - Extra du menu contextuel: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx O8 - Extra du menu contextuel: E & xporter vers Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll O9 - Extra button: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file) O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing) O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll O11 - Options group: [INTERNATIONAL] International * O16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl Class) -- http://catalog.update.microsoft.com/...?1199470957562 O16 - DPF: (E8F628B5-259-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.37 212.139.132.36 O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxdev.dll O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe O23 - Service: Intel NCS Netservice (NetSvc) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ Netsvc.exe O23 - Service: Securom User Access Service (V7) (UserAccess7) - Unknown owner - C: \ WINDOWS \ system32 \ UAService7.exe |
|
#2
5 février 2008, 13:04
| |||
| |||
| Virus Smitfraud Bienvenue sur CJ. Le journal ne montre pas de logiciels malveillants, mais nous pouvons examiner de plus près. Télécharger Malwarebytes' Anti-Malware à votre bureau.
Le journal peut également être trouvée ici: C: \ Documents and Settings \Nom d'utilisateur\ Application Data \ Malwarebytes \ Malwarebytes' Anti-Malware \ Logs \log -date. txt Ou dans C: \ Program Files \ Malwarebytes' Anti-Malware \ Logs \log -date. txt Next message s'il vous plaît ajouter MalwareBytes log
__________________  |
|
#3
5 février 2008, 13:51
| |||
| |||
| Virus Smitfraud Salut EF, Merci pour la réponse rapide. Ci-dessous est de mon journal pour les Malware: Malwarebytes' Anti-Malware 1.02 Database version: 320 Scan type: Full Scan (A: \ | C: \ |) Objects scanned: 73752 Temps écoulé: 23 minute (s), 14 second (s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Fichiers infectés: 3 Memory Processes Infected: (Articles n ° malveillants détectés) Memory Modules Infected: (Articles n ° malveillants détectés) Registry Keys Infected: (Articles n ° malveillants détectés) Registry Values Infected: (Articles n ° malveillants détectés) Registry Data Items Infected: (Articles n ° malveillants détectés) Folders Infected: (Articles n ° malveillants détectés) Fichiers infectés: C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk (Malware.Trace) -> Impossible de supprimer. (Supprimer le redémarrage). C: \ Documents and Settings \ Ryan Glenn \ Application Data \ ezpinst.exe (Heuristics.Malware) -> en quarantaine et supprimé avec succès. C: \ Documents and Settings \ Ryan Glenn \ Application Data \ inst.exe (Heuristics.Malware) -> en quarantaine et supprimé avec succès. |
|
#5
5 février 2008, 14:44
| |||
| |||
| Virus Smitfraud SUPERAntiSpyware Scan Log http://www.superantispyware.com Généré le 02.05.2008 à 09:34 PM Application Version: 3.9.1008 Version de base des règles de base de données: 3395 Trace Rules Database Version: 1387 Scan type: Complete Scan Total Scan Time: 00:22:21 Mémoire objets numérisés: 376 Mémoire menaces détectées: 0 Registry items scanned: 5837 Registre des menaces détectées: 0 Fichier articles scannés: 11505 Dossier de menaces détectées: 5 Adware.Tracking Cookie C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn@ads.techguy [2]. Txt C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn @ revsci [2]. Txt C: \ Documents and Settings \ Clare Glenn \ Cookies \ clare_glenn @ pacificpoker [1]. Txt C: \ Documents and Settings \ Clare Glenn \ Cookies \ clare_glenn@videoegg.adbureau [2]. Txt RootKit.TnCore / Trace C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk Logfile de HijackThis v1.99.1 Scan sauvé à 21:43:56, le 05.02.2008 Plate-forme: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ WINDOWS \ system32 \ Cisvc.exe C: \ WINDOWS \ system32 \ lxcecoms.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ system32 \ UAService7.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe C: \ WINDOWS \ system32 \ igfxpers.exe C: \ WINDOWS \ system32 \ hkcmd.exe C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe C: \ Program Files \ Thomson \ SpeedTouch USB \ dragdiag.exe C: \ Program Files \ PowerISO \ PWRISOVM.EXE C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe C: \ Program Files \ Dell Support \ DSAgnt.exe C: \ Program Files \ MSN Messenger \ msnmsgr.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ WINDOWS \ system32 \ Wuauclt.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ WINDOWS \ explorer.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Program Files \ HijackThis \ HijackThis.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/ O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll O4 - HKLM \ .. \ Run: [Persistence] C: \ WINDOWS \ system32 \ igfxpers.exe O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Fichiers communs \ InstallShield \ UpdateService \ issch.exe"-start O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe" / s O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Program Files \ Thomson \ SpeedTouch USB \ dragdiag.exe" / icon O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimiser O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Support \ DSAgnt.exe" / startup O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe O8 - Extra du menu contextuel: & Windows Live Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm O8 - Extra du menu contextuel: Add to Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx O8 - Extra du menu contextuel: E & xporter vers Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office10 \ EXCEL.EXE/3000 O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing) O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll O11 - Options group: [INTERNATIONAL] International * O16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl Class) -- http://catalog.update.microsoft.com/...?1199470957562 O16 - DPF: (E8F628B5-259-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37 O18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL O18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxdev.dll O20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe O23 - Service: Intel NCS Netservice (NetSvc) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ Netsvc.exe O23 - Service: Securom User Access Service (V7) (UserAccess7) - Unknown owner - C: \ WINDOWS \ system32 \ UAService7.exe |
|
#6
5 février 2008, 14:54
| |||
| |||
| Virus Smitfraud Le journal porte bien maintenant, c'est l'ordinateur tout en donnant des indications de malware?
__________________ |
|
#7
5 février 2008, 15:02
| |||
| |||
| Virus Smitfraud Oui, il reste à montrer des signes de Malware Malheureusement ..  |
|
#8
5 février 2008, 15:12
| |||
| |||
| Virus Smitfraud Télécharger SmitfraudFix (de S! Ri) à votre bureau.
---------- S'il vous plaît télécharger Combofix par SUBS de l'un des liens ci-dessous. (Essayez les trois si nécessaire)Important! Combofix.exe YA être sauvé et a couru à partir de la Desktop.
Next post Log Smitfraudfix Combofix log
__________________ |
|
#9
5ème février 2008, 15:43
| |||
| |||
| Virus Smitfraud SmitFraudFix v2.281 Scan fait à 22:40:52.84, 05.02.2008 Exécuter à partir de C: \ Documents and Settings \ Ryan Glenn \ Desktop \ SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Le système de fichiers est de type NTFS Correction d'exécuter en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ WINDOWS \ system32 \ lxcecoms.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ system32 \ UAService7.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ system32 \ wscntfy.exe C: \ WINDOWS \ system32 \ igfxpers.exe C: \ WINDOWS \ system32 \ hkcmd.exe C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe C: \ Program Files \ Thomson \ SpeedTouch USB \ dragdiag.exe C: \ Program Files \ PowerISO \ PWRISOVM.EXE C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe C: \ Program Files \ Dell Support \ DSAgnt.exe C: \ Program Files \ MSN Messenger \ msnmsgr.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe C: \ WINDOWS \ system32 \ Wuauclt.exe C: \ WINDOWS \ system32 \ notepad.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ WINDOWS \ system32 \ cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» Hosts »»»»»»»»»»»»»»»»»»»»»»»» C: \ »»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ system »»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ Web »»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ system32 »»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn »»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn \ Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ ~ 1 Favori »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C: \ Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» IEDFix ! Attention, les touches suivantes ne sont pas forcément infectées! IEDFix.exe par S! Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix ! Attention, les touches suivantes ne sont pas forcément infectées! VACFix Credits: Malware Analysis & Diagnostic Code: S! Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler ! Attention, les touches suivantes ne sont pas forcément infectées! SrchSTS.exe par S! Ri Search SharedTaskScheduler's. Dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs ! Attention, les touches suivantes ne sont pas forcément infectées! [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows] "AppInit_DLLs" = "" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System ! Attention, les touches suivantes ne sont pas forcément infectées! [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] "System" = "" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: WAN (PPP / SLIP) Interface Ordre de recherche DNS: 212.139.132.8 Ordre de recherche DNS: 212.139.132.9 HKLM \ SYSTEM \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9 HKLM \ SYSTEM \ CS1 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9 HKLM \ SYSTEM \ CS3 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection pour »»»»»»»»»»»»»»»»»»»»»»»» Fin ComboFix 08-02.05.3 - Ryan Glenn 2008-02-05 22:31:47.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT 0:00] Running from: C: \ Documents and Settings \ Ryan Glenn \ Desktop \ ComboFix.exe ATTENTION CETTE MACHINE-N'A PAS LA CONSOLE DE RECUPERATION INSTALLED! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr0.dat C: \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Network \ Downloader \ qmgr1.dat C: \ temp \ TN3 C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys C: \ WINDOWS \ system32 \ install.exe ----- BITS: Possible sites infectés ----- hxxp: / / www.download.windowsupdate.com . ((((((((((((((((((((((((((((((((((((((( Pilotes / Services )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ LEGACY_RMCASTT ------- \ rmcastt Créée à partir de ((((((((((((((((((((((((( Files 2008-01-05 au 2008-02-05 ))))))))))) )))))))))))))))))))) . 2008-02-05 22:22. 2008-02-05 22:23 <DIR> d -------- C: \ ComboFix [1] 2008-02-05 21:02. 2004-08-04 05:00 388.608 - a ------ C: \ kmd.exe 2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware 2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Malwarebytes 2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes 2008-02-05 19:05. 2008-02-05 19:05 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Uniblue 2008-02-05 18:50. 2008-02-05 18:50 444 - a ------ C: \ WINDOWS \ system32 \ d3d8caps.dat 2008-02-05 18:21. 2008-02-05 18:21 <DIR> d -------- C: \ Documents and Settings \ Administrateur \ Application Data \ Grisoft 2008-02-05 18:00. 2008-02-05 18:00 <DIR> d -------- C: \ Program Files \ RogueRemover FREE 2008-02-05 17:57. 2007-09-05 23:22 289.144 - a ------ C: \ WINDOWS \ system32 \ VCCLSID.exe 2008-02-05 17:57. 2006-04-27 16:49 288.417 - a ------ C: \ WINDOWS \ system32 \ SrchSTS.exe 2008-02-05 17:57. 2008-02-05 00:23 85.504 - a ------ C: \ WINDOWS \ system32 \ VACFix.exe 2008-02-05 17:57. 2008-01-27 14:37 81.920 - a ------ C: \ WINDOWS \ system32 \ IEDFix.exe 2008-02-05 17:57. 2003-06-05 20:13 53.248 - a ------ C: \ WINDOWS \ system32 \ Process.exe 2008-02-05 17:57. 2004-07-31 17:50 51.200 - a ------ C: \ WINDOWS \ system32 \ dumphive.exe 2008-02-05 17:57. 2007-10-03 23:36 25.600 - a ------ C: \ WINDOWS \ system32 \ WS2Fix.exe 2008-02-04 19:47. 2008-02-04 19:47 <DIR> d -------- C: \ WINDOWS \ MaxSecureBackup 2008-02-04 19:46. 2008-02-04 19:57 <DIR> d -------- C: \ Program Files \ Max Registry Cleaner 2008-02-04 19:46. 2007-05-24 16:57 143.360 - a ------ C: \ WINDOWS \ system32 \ GetHardDiskNo.dll 2008-02-04 19:46. 2008-02-04 19:46 63 - a ------ C: \ WINDOWS \ system \ SYSRegC.dll 2008-02-02 13:49. 2008-02-02 13:49 <DIR> d -------- C: \ Program Files \ Panicware 2008-02-01 20:22. 2008-02-05 22:17 3.352 - a ------ C: \ WINDOWS \ system32 \ tmp.reg 2008-02-01 19:32. 2008-02-01 19:32 <DIR> d -------- C: \ Documents and Settings \ Administrateur \ Application Data \ SUPERAntiSpyware.com 2008-02-01 18:42. 2008-02-05 19:56 <DIR> d -------- C: \ Program Files \ HJT 2008-02-01 18:39. 2008-02-01 18:39 <DIR> d -------- C: \ Program Files \ FileASSASSIN 2008-02-01 18:31. 2008-02-01 18:31 100 - a ------ C: \ WINDOWS \ system32 \ ikhcore.cfg 2008-02-01 18:21. 2005-09-23 07:29 626.688 - a ------ C: \ WINDOWS \ system32 \ msvcr80.dll 2008-01-31 20:28. 2008-01-31 20:28 <DIR> d -------- C: \ VundoFix Backups 2008-01-31 19:34. 2008-02-05 22:26 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware 2008-01-31 19:34. 2008-02-02 00:55 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SUPERAntiSpyware.com 2008-01-31 19:34. 2008-01-31 19:34 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-01-29 22:28. 2008-01-29 22:28 <DIR> d -------- C: \ Program Files \ Common Files \ Download Manager 2008-01-29 22:08. 2008-02-01 18:49 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2008-01-29 21:15. 2008-02-03 17:03 <DIR> d -------- C: \ Program Files \ SpywareBlaster 2008-01-23 18:08. 2008-01-23 18:08 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ SuperAdBlocker.com 2008-01-22 18:39. 2008-01-22 18:39 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Grisoft 2008-01-22 18:39. 2007-05-30 12:10 10.872 - a ------ C: \ WINDOWS \ system32 \ drivers \ AvgAsCln.sys 2008-01-22 18:18. 2008-01-22 18:18 <DIR> d -------- C: \ Documents and Settings \ LocalService \ Application Data \ AVG7 2008-01-22 18:15. 2008-02-05 21:48 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AVG7 2008-01-22 18:15. 2008-01-22 18:15 110.592 - a ------ C: \ WINDOWS \ system32 \ avgfwafu.dll 2008-01-22 17:56. 2008-02-03 08:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ AVG7 2008-01-21 21:10. 2008-01-22 18:14 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Grisoft 2008-01-20 16:33. 2008-01-20 16:33 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ ErrorSmart 2008-01-19 10:09. 2008-01-19 10:09 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab Setup Files 2008-01-12 11:46. 2008-01-12 11:46 <DIR> d -------- C: \ Program Files \ Common Files \ xing partagée 2008-01-12 10:17. 2008-02-02 00:54 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard 2008-01-10 19:54. 2008-01-12 10:18 <DIR> d -------- C: \ Program Files \ Lavasoft 2008-01-10 19:38. 2008-01-10 19:38 <DIR> d -------- C: \ Program Files \ AVI Codec Pack 2008-01-10 18:51. 2005-04-05 14:18 135.168 - a ------ C: \ WINDOWS \ system32 \ igfxres.dll 2008-01-09 19:20. 2008-01-09 19:20 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Yahoo! 2008-01-09 18:03. 2008-01-09 18:03 <DIR> d - h ----- C: \ WINDOWS \ PIF 2008-01-09 17:52. 2008-01-10 17:51 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ dvdcss 2008-01-08 18:20. 2007-03-05 05:00 421.888 - a ------ C: \ WINDOWS \ system32 \ lxcedrs.dll 2008-01-08 18:20. 2007-01-30 10:22 413.696 - a ------ C: \ WINDOWS \ system32 \ lxceinpa.dll 2008-01-08 18:20. 2007-01-30 10:35 397.312 - a ------ C: \ WINDOWS \ system32 \ lxceiesc.dll 2008-01-08 18:20. 2007-02-22 18:32 344.064 - a ------ C: \ WINDOWS \ system32 \ lxcecoin.dll 2008-01-08 18:20. 2006-10-03 23:21 330.030 - a ------ C: \ WINDOWS \ system32 \ lxcehelp.chm 2008-01-08 18:20. 2007-01-30 10:18 323.584 - a ------ C: \ WINDOWS \ system32 \ lxcehcp.dll 2008-01-08 18:20. 2007-01-30 10:35 274.432 - a ------ C: \ WINDOWS \ system32 \ lxceinst.dll 2008-01-08 18:20. 2005-02-24 17:23 61.440 - a ------ C: \ WINDOWS \ system32 \ lxcecnv4.dll 2008-01-07 20:59. 2008-01-07 20:59 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn 2008-01-06 20:31. 2008-01-06 20:31 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ InstallShield 2008-01-06 20:18. 2008-01-06 20:35 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Application Data \ VersionTracker Pro 2008-01-05 16:23. 2008-01-05 16:23 <DIR> d -------- C: \ Program Files \ Windows Media Connect 2 2008-01-05 16:23. 2006-10-04 14:06 1.197.294 --------- C: \ WINDOWS \ system32 \ dllcache \ sysmain.sdb 2008-01-05 16:23. 2006-10-04 14:06 764.868 --------- C: \ WINDOWS \ system32 \ dllcache \ apph_sp.sdb 2008-01-05 16:23. 2006-10-04 14:06 217.118 --------- C: \ WINDOWS \ system32 \ dllcache \ apphelp.sdb 2008-01-05 16:19. 2008-01-05 16:21 <DIR> d -------- C: \ WINDOWS \ system32 \ drivers \ UMDF 2008-01-05 15:19. 2008-01-05 15:19 <DIR> d -------- C: \ swsetup 2008-01-05 15:09. 2008-01-05 15:08 23.600 - a ------ C: \ WINDOWS \ system32 \ drivers \ TVICHW32.SYS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2008-02-03 23:25 --------- d ----- w C: \ Program Files \ Google 2008-01-31 10:50 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ vso 2008-01-24 17:31 --------- d ----- w C: \ Program Files \ Lx_cats 2008-01-18 19:58 --------- d ----- w C: \ Program Files \ DivX 2008-01-18 19:57 --------- d ----- w C: \ Program Files \ Java 2008-01-18 19:56 --------- d ----- w C: \ Program Files \ Real 2008-01-12 11:45 --------- d ----- w C: \ Program Files \ Fichiers communs \ Real 2008-01-12 10:26 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Lavasoft 2008-01-12 10:18 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Lavasoft 2008-01-09 19:24 --------- d ----- w C: \ Program Files \ Yahoo! 2008-01-08 18:20 --------- d ----- w C: \ Program Files \ Lexmark 4300 Series 2008-01-07 21:55 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ AdobeUM 2008-01-04 20:45 --------- d - h - w C: \ Program Files \ InstallShield Installation Information 2008-01-04 19:57 --------- d ----- w C: \ Program Files \ Analog Devices 2008-01-04 19:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ PC Drivers HeadQuarters 2008-01-04 18:08 --------- d ----- w C: \ Program Files \ Gabest 2008-01-04 18:08 --------- d ----- w C: \ Program Files \ CyberLink 2008-01-02 23:18 --------- d ----- w C: \ Program Files \ Ahead 2008-01-02 23:14 --------- d ----- w C: \ Program Files \ Fichiers communs \ Ahead 2007-12-29 14:16 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ DivX 2007-12-22 11:48 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ vsosdk 2007-12-21 16:06 47.360 ---- aw C: \ WINDOWS \ system32 \ drivers \ pcouffin.sys 2007-12-21 16:06 47.360 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Application Data \ pcouffin.sys 2007-12-21 16:06 --------- d ----- w C: \ Program Files \ VSO 2007-12-11 20:36 --------- d ----- w C: \ Program Files \ Virtual Dub 2007-12-10 20:22 --------- d ----- w C: \ Program Files \ plugins 2007-12-10 20:22 --------- d ----- w C: \ Program Files \ aviproxy 2007-12-10 19:47 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Application Data \ Pegasys Inc 2007-12-10 19:39 33.408 ---- aw C: \ WINDOWS \ system32 \ drivers \ CDRBSDRV.SYS 2007-12-06 01:47 --------- d ----- w C: \ Program Files \ MSN Messenger 2007-05-20 11:28 31.528 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Application Data \ GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit entrées par défaut ne sont pas indiquées REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curré ntVersion \ Run] "DellSupport" = "C: \ Program Files \ Dell Support \ DSAgnt.exe" [2004-07-19 07:51 306688] "msnmsgr" = "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" [2007-01-19 12:54 5674352] "updateMgr" = "C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" [2006-03-30 16:45 313472] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912] "ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 05:00 15360] "Uniblue RegistryBooster 2" = "C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe" [] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "Persistence" = "C: \ WINDOWS \ system32 \ igfxpers.ex e" [2005-04-05 19:23 114688] "ISUSScheduler" = "C: \ Program Files \ Fichiers communs \ InstallShield \ UpdateService \ issch.exe" [2004-07-27 16:50 81920] "IgfxTray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2005-04-05 14:22 94208] "HotKeysCmds" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2005-04-05 19:19 77824] "LXCECATS" = "C: \ WINDOWS \ System32 \ spool \ drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 05:17 73728] "lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2005-08-02 17:45 192512] "EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2005-07-26 12:17 94208] "FaxCenterServer" = "C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe" [2005-07-12 09:36 299008] "SpeedTouch USB Diagnostics" = "C: \ Program Files \ Thomson \ SpeedTouch USB \ dragdiag.exe" [2004-01-26 11:38 866816] "PWRISOVM.EXE" = "C: \ Program Files \ PowerISO \ PWRISOVM.EXE" [2007-01-20 07:09 200704] "NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e xe" [2001-07-09 11:50 155648] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 00:11 132496] "AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-01-22 18:14 579072] ! AVG Anti-Spyware "=" C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe "[2007-06-11 09:25 6731312] [HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run] "CTFMON.EXE" = "C: \ WINDOWS \ system32 \ CTFMON.EXE" [2004-08-04 05:00 15360] "AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-01-22 18:14 219136] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Reader Speed Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe [2005-09-23 22:05:26 29696] Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office10 \ Osa.exe [2001-02-13 01:01:04 83360] [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curré ntversion \ policies \ system] "DisableRegistryTools" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853a-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SecurityProviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, S1 SABKUTIL; SABKUTIL; C: \ Program Files \ SuperAdBlocker.com \ Super Ad Blocker \ SABKUTIL.sys [] . Contenu de la "Tâches planifiées" dossier "2008-02-05 21:51:05 C: \ WINDOWS \ Tasks \ Check Updates for Windows Live Toolbar.job" - C: \ Program Files \ Windows Live Toolbar \ MSNTBUP.EXE "2008-02-05 03:30:00 C: \ WINDOWS \ Tasks \ ErrorSmart Scheduled Scan.job" - C: \ Program Files \ ErrorSmart \ ErrorSmart.ex - C: \ Program Files \ ErrorSmart . ************************************************** ************************ catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector par Gmer, http://www.gmer.net Rootkit scan 2008-02-05 22:35:43 Windows 5.1.2600 Service Pack 2 NTFS scanning processus cachés ... scanning hidden autostart entries ... de balayage des fichiers cachés ... scan effectué avec succès les fichiers cachés: 0 ************************************************** ************************ . ------------------------ Autres processus en cours ----------------------- -- . C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ WINDOWS \ system32 \ lxcecoms.exe C: \ WINDOWS \ system32 \ UAService7.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe C: \ WINDOWS \ system32 \ wscntfy.exe C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ LOCALS ~ 1 \ Temp \ SSUPDATE.EXE . ************************************************** ************************ . Délai: 2008-02-05 22:38:02 - machine a redémarré [Ryan Glenn] ComboFix-quarantaine-files.txt 2008-02-05 22:37:46 . 2008-01-06 03:02:26 --- EOF --- |
|
#10
5ème février 2008, 15:55
| |||
| |||
| Virus Smitfraud Run CCleaner. Poster un nouveau journal HijackThis. Ce que le Combofix aide?
__________________ |
|
| |
| Bookmarks |
Similar Threads | ||||
| Fil | Thread Starter | Forum | Réponses | Last Post |
| Mes amis MAC a un virus ... umm ... yeah ... un virus ... | cheesepuff | Virus, Spyware et sécurité | 3 | 29 Oct 2008 12:58 |
| Smitfraud-C Il ne veut pas mourir! | PlatSpin | Virus, Spyware et sécurité | 13 | 19 août 2008 10:24 |
| Smitfraud-c.msvps | guccijana | Virus, Spyware et sécurité | 158 | 30 Jan 2008 20:07 |
| Smitfraudfix.exe - Smitfraud-C.Toolbar888 | Hybr! D | Virus, Spyware et sécurité | 1 | 29 Oct 2007 11:02 |
| Zlob, smitfraud, pop ups, les changements de papier peint rouge | guccijana | Virus, Spyware et sécurité | 20 | 30e Sep 2007 20:26 |
| Thread Tools | |
| |
