Antivirus XP 2008 - vérification des rapports

Question

Bonjour tout le monde,

J'ai l'impressison que ce malware fait souvent beaucoup de dégat! Moi aussi j'ai été infecté et je dois dire que c'est grâce à vos discussions que j'ai pu (je l'espère !) enlevé ce truc bizaroïde de mon ordi !

Mais maintenant j'aimerais que quelqu'un me confirme si je suis tranquille ou pas. D'après les données ci dessous y-a-t-il encore qqc d'autre à faire ?

Petite précision; j'ai executé le logiciel Malwarbyte sur une session, faut-il aussi l'executer sur les 2 autres sessions que j'avais créees ? Sur la 2ème j'ai juste fait un combo fix, le malwarbyte était trop long ! Faut-il le faire sur la 3ème aussi ?

Donc j'ai commencé par un Malwarbyte et voici le rapport :

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 985
Windows 5.1.2600 Service Pack 1

05:40:02 30/07/2008
mbam-log-7-30-2008 (05-40-02).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 100416
Temps écoulé: 2 hour(s), 21 minute(s), 18 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 18
Dossier(s) infecté(s): 25
Fichier(s) infecté(s): 52

Processus mémoire infecté(s):
C:\WINDOWS\system32\blphcgcvj0ej9c.scr (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhclcvj0ej9c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhclcvj0ej9c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cb029e45-f111-4eeb-9018-3b1a44b6e30d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f0a426bc-cb51-4d2b-b720-f959540b0ab2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{13b563e9-b008-4d3a-bbc0-fbb424634455} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bf53502d-3bef-4273-9925-89d7526a5f87} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2a9805a1-fe72-4b17-98e7-958312ea56aa} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{951ccafd-23f9-4013-9a5d-96b970052291} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ad730a0b-b21e-421b-abe3-1b6563d2cee7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aefff7d6-917c-4d8d-a780-7c2d69f1b01a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aefff7d6-917c-4d8d-a780-7c2d69f1b01a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1c43f9e-43cf-44f3-8045-8016e52434db} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.bgow (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhclcvj0ej9c (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\eqvwamkl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bf53502d-3bef-4273-9925-89d7526a5f87} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\wnslvxtf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcgcvj0ej9c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-643-1962836-23932) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\rhclcvj0ej9c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Application Data\rhclcvj0ej9c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Application Data\rhclcvj0ej9c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Application Data\rhclcvj0ej9c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Application Data\rhclcvj0ej9c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Application Data\rhclcvj0ej9c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Application Data\rhclcvj0ej9c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Application Data\rhclcvj0ej9c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Application Data\rhclcvj0ej9c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Application Data\rhclcvj0ej9c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Application Data\rhclcvj0ej9c\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Application Data\rhclcvj0ej9c\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Application Data\rhclcvj0ej9c (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Application Data\rhclcvj0ej9c\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Application Data\rhclcvj0ej9c\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Application Data\rhclcvj0ej9c\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Application Data\rhclcvj0ej9c\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Application Data\rhclcvj0ej9c\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Application Data\rhclcvj0ej9c\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Application Data\rhclcvj0ej9c\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Application Data\rhclcvj0ej9c\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Application Data\rhclcvj0ej9c\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Application Data\rhclcvj0ej9c\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\eovp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\rhclcvj0ej9c\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclcvj0ej9c\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclcvj0ej9c\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclcvj0ej9c\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclcvj0ej9c\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclcvj0ej9c\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclcvj0ej9c\rhclcvj0ej9c.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclcvj0ej9c\rhclcvj0ej9c.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhclcvj0ej9c\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\nfavxwdbsxb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wnslvxtf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcgcvj0ej9c.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcgcvj0ej9c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcgcvj0ej9c.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcgcvj0ej9c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Local Settings\Temp\ac8zt2\grswptdl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Local Settings\Temp\ac8zt2\eqvwamkl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Local Settings\Temp\ac8zt2\fdkowvbp.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Local Settings\Temp\ac8zt2\nfavxwdbsxb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sylvie\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\J.C\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

Ensuite un Combo fix :

ComboFix 08-07-28.7 - J.C 2008-07-30 5:52:36.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.414 [GMT 2:00]
Endroit: C:\Documents and Settings\J.C\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sylvie\Application Data\macromedia\Flash Player\#SharedObjects\7PYCLVN3\interclick.com
C:\Documents and Settings\Sylvie\Application Data\macromedia\Flash Player\#SharedObjects\7PYCLVN3\interclick.com\ud.sol
C:\Documents and Settings\Sylvie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Sylvie\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\F.tmp

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 02:22 . 2008-07-30 02:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 02:22 . 2008-07-30 02:22 <REP> d-------- C:\Documents and Settings\J.C\Application Data\Malwarebytes
2008-07-30 02:22 . 2008-07-30 02:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 02:22 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-30 02:22 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-28 14:24 . 2008-07-28 14:24 <REP> d-------- C:\Documents and Settings\Sylvie\Application Data\TmpRecentIcons
2008-07-28 14:05 . 2008-07-29 00:18 94,208 --a------ C:\WINDOWS\system32\12.tmp
2008-07-28 14:05 . 2008-07-29 00:16 94,208 --a------ C:\WINDOWS\system32\11.tmp
2008-07-28 14:05 . 2008-07-29 00:16 94,208 --a------ C:\WINDOWS\system32\10.tmp
2008-07-27 21:50 . 2008-07-27 21:50 <REP> d-------- C:\Documents and Settings\Sylvie\Application Data\skypePM
2008-07-27 21:50 . 2008-07-27 21:50 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-27 21:49 . 2008-07-27 22:55 <REP> d-------- C:\Documents and Settings\Sylvie\Application Data\Skype
2008-07-27 21:48 . 2008-07-27 21:48 <REP> d-------- C:\Program Files\Skype
2008-07-27 21:48 . 2008-07-27 21:48 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-07-27 21:47 . 2008-07-27 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-27 17:40 . 2008-07-27 17:40 <REP> d-------- C:\Documents and Settings\J.C\Application Data\Sony
2008-07-27 17:30 . 2007-05-04 20:40 215,040 --a------ C:\WINDOWS\system32\drivers\RTL8187B.sys
2008-07-27 17:30 . 2008-07-27 17:30 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-27 17:29 . 2008-07-27 17:29 <REP> d-------- C:\WINDOWS\OPTIONS
2008-07-27 17:29 . 2008-07-27 17:29 <REP> d-------- C:\Program Files\TRENDnet
2008-07-27 17:13 . 2008-07-27 17:13 <REP> d-------- C:\Documents and Settings\J.C\Application Data\AOL
2008-07-27 17:12 . 2002-01-01 14:49 <REP> d--h----- C:\Documents and Settings\J.C\Voisinage réseau
2008-07-27 17:12 . 2002-01-01 14:49 <REP> d--h----- C:\Documents and Settings\J.C\Voisinage d'impression
2008-07-27 17:12 . 2002-01-01 15:06 <REP> d--h----- C:\Documents and Settings\J.C\Modèles
2008-07-27 17:12 . 2008-07-27 17:13 <REP> dr------- C:\Documents and Settings\J.C\Mes documents
2008-07-27 17:12 . 2002-01-01 14:49 <REP> dr------- C:\Documents and Settings\J.C\Menu Démarrer
2008-07-27 17:12 . 2008-07-30 01:54 <REP> dr------- C:\Documents and Settings\J.C\Favoris
2008-07-27 17:12 . 2008-07-30 05:55 <REP> d-------- C:\Documents and Settings\J.C\Bureau
2008-07-27 17:12 . 2008-07-27 17:12 <REP> d-------- C:\Documents and Settings\J.C

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 03:50 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-27 15:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2004-12-08 15:43 16,368 ----a-w C:\Documents and Settings\Cindy\Application Data\GDIPFONTCACHEV1.DAT
2004-06-27 20:08 16,368 ----a-w C:\Documents and Settings\Sylvie\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 20:45 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 21:45 1663248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\sisUSBrg.exe" [2002-04-25 18:06 32768]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 16:18 80384]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 12:01 70952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-12 20:15 98304]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-04-18 16:02 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-05-09 10:47 85088]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1190744411\ee\AOLSoftware.exe" [2006-09-26 02:52 50736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 20:45 13312]

C:\Documents and Settings\Sylvie\Menu D‚marrer\Programmes\D‚marrage\
dcu.lnk - C:\Documents and Settings\Sylvie\Application Data\Microsoft\Installer\{BB4E8D66-5C1F-4741-810C-23E551CB640D}\NewShortcut3_BB4E8D665C1F4741810C23E551CB640D.exe [2006-04-24 21:22:16 40960]
reminder.lnk - C:\Documents and Settings\Sylvie\Application Data\Microsoft\Installer\{BB4E8D66-5C1F-4741-810C-23E551CB640D}\NewShortcut7_BB4E8D665C1F4741810C23E551CB640D.exe [2006-04-24 21:22:15 40960]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AOL 9.0 Ic“ne AOL.lnk - C:\Program Files\AOL 9.0a\aoltray.exe [2005-09-12 20:11:40 156784]
Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-09 15:43:00 634880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIVF"= DivX412.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\System32\drivers\sis7012.sys [2002-11-04 09:39]
S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6;C:\WINDOWS\System32\svchost.exe [2001-08-28 14:00]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;C:\WINDOWS\System32\DRIVERS\RTL8187B.sys [2007-05-04 20:40]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SiS KHooker - C:\WINDOWS\System32\khooker.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
O17 -: HKLM\CCS\Interface\{31C084D5-8010-485E-AC4F-A57E6DA9FF00}: NameServer = 172.19.42.1

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 05:55:34
Windows 5.1.2600 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe?e?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-30 5:58:29
ComboFix-quarantined-files.txt 2008-07-30 03:57:51

Pre-Run: 53,355,880,448 octets libres
Post-Run: 53,600,641,024 octets libres

121

Et pour finir le Hyjack This :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:08:34, on 30/07/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Fichiers communs\AOL\1190744411\ee\AOLSoftware.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\J.C\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1190744411\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{31C084D5-8010-485E-AC4F-A57E6DA9FF00}: NameServer = 172.19.42.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6098 bytes

Merci merci d'avance pour votre aide !!

Configuration: Windows XP
Internet Explorer 7.0

lordkoxx · Answer

daprès malware tout a été supprimé mais il vodrai mieux le faire sur toutes les sessions quand meme

DllD · Answer

Bonsoir,
On va quand même vérifier qu'il ne reste rien....

Commence par poster un rapport HijackThis stp,
> Télécharge HiJackThis : https://abonnement.xiptv.shop/telecharger/securite/11747-hijackthis/ 
- Lance le programme, puis sélectionne < do a system scan and save a logfile > 
- Enregistre le rapport sur ton bureau.
Et envoie, par copier/coller, ton log Hijackthis sur le forum,


A+

Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

^^Marie^^ · Answer

Salut

Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) 

Elle est officielle ta version XP

DllD · Answer

Bonsoir,

Alors fais ceci pour limiter les failles de sécurité : http://abonnement.xiptv.shop/telecharger/telecharger 34055094 windows xp sp2

Télécharge le et installe le.



Puis reposte un HiJackT stp.



A+

DllD · Answer

Bon,
attends : le HiJackT, qui est un outils très utile contrairement à ce que tu t'imagines, révèle des choses pas terribles.


Alors,
>Ouvre ce lien http://siri.urz.free.fr/Fix/SmitfraudFix.php et télécharge SmitfraudFix (de S!RI).
- Regarde le tuto
- Exécute le programme et choisi l’option 5 (et uniquement).
Le programme va peut être générer un rapport, copie/colle le sur le forum. 



Ensuite,
> Les logiciels suivants (MalwareByte's Anti-Malware et Ccleaner) te seront utiles par la suite - ils sont à conserver...

> Télécharge MalwareByte's Anti-Malware : 
- Installe le programme puis lance le stp.
NB : S'il te manque COMCTL32.OCX alors télécharge le ici 
- Fais les mises à jour (clique sur "Mises à jour" puis "Recherche de mises à jour") puis ferme le programme.
NB : Si tu as besoin : Tuto

> Télécharge et installe Ccleaner : 
Si besoin est tu trouveras des Tutoriaux : ici, ici et là.


> Commence par faire un copier/coller de ce poste (cette manip.): (conseillé)
Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" => "Programmes" =>"Accessoires" => "Bloc notes"),
puis fait un copier/coller de tout le contenu de la fenêtre de ce poste dans le fichier texte.
Sauvegarde le sur le bureau, tu pourras alors y avoir accès même déconnecté ou en mode sans échec.

> Démarre en mode sans échec (ne passe pas par MSconfig pour le faire): (image). Si problème : tuto ici

> Lance MalwareByte's Anti-Malware,
- Clique sur "Executer un examen complet" puis "Rechercher" et sélectionne tous tes disques durs => le scan débute....patiente...
- A la fin du scanne, clique sur "supprimer" (Si des éléments sont difficiles à supprimer, un message te demandera de redémarrer : clique sur "Oui" alors)
- après suppression des infections : un rapport va être généré : sauvegarde le et poste le sur forum.

> Lance Ccleaner,
- Choisi l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures" (tout doit être supprimé).
- Dans l'onglet "Nettoyeur" clique sur "Analyse".
- Une fois l'analyse terminée, clique sur "Lancer le Nettoyage".
- Dans l'onglet "registre" => Recherches des erreurs => Réparer les erreurs sélectionnées => enregistre une sauvegarde => corriger toutes erreurs sélectionnées => ok => fermer.
N.B : Si Ccleaner te propose d'enregistrer une sauvegarde, reponds oui et enregistre sous 'Bureau'
Recommence jusqu’à ce qu’il ne trouve plus rien (cela varie en général entre 1 et 4 fois).


> Relance ton PC en mode normal

> Relance Hijackthis :
Puis sélectionne < do a system scan and save a logfile >,
Et envoie moi, par collier/coller, ton log Hijackthis,



Bon courage,

A+

Antivirus XP 2008 - vérification des rapports

5 réponses

Discussions similaires

Newsletters