Comment se débarasser de MalwareAlarm

Si vous avez des infections (Virus/Vers/Malware spywares, pubs etc... :)

Modérateurs: Mods Windows, Helper

Comment se débarasser de MalwareAlarm

Messagepar dan17 » 05 Jan 2008 22:45

j'ai des fenêtres intempestives qui s'ouvrent sur internet me proposant de faire un scan en ligne avec MalwareAlarm, reparateurdesysteme.com, http://66.179.234.173/images/5537_55967 ... 10.html,...
J'ai suivi la démarche à suivre que vous indiquez sur le site mais sans succès. Voici une copie de mon log :
Logfile of HijackThis v1.99.1
Scan saved at 19:59:56, on 05/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8DF11518-1B5D-45AC-AF63-9D4848571514} - C:\WINDOWS\system32\ddabc.dll
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\awtqqqp.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {e1c71ec3-30e0-619a-1944-2ccb5e3c578e} - {e875c3e5-bcc2-4491-a916-0e033ce17c1e} - C:\WINDOWS\system32\awaubkbt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [646c6a30] rundll32.exe "C:\WINDOWS\system32\fcjnsbpn.dll",b
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\ktesdkxc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour-multimedia.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3333169531
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C72A6BD0-DC4E-49B6-84C8-37BCF97F33B0}: NameServer = 10.150.20.3,0.0.0.0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: awtqqqp - awtqqqp.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\ktesdkxc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

Pouvez-vous m'aider à régler le problème?
Merci d'avance.

dan17
 

Re: Comment se débarasser de MalwareAlarm

Messagepar Malekal_morte » 05 Jan 2008 22:47

Salut,

Tu es infecté...


Relance HijackThis, coche ces lignes :

O4 - HKLM\..\Run: [646c6a30] rundll32.exe "C:\WINDOWS\system32\fcjnsbpn.dll",b
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\ktesdkxc.exe

--> clic sur fix checked

Télécharge Combofix sUBs : combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.
Première régle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Stop publicités - popups intempestives

S'inscrire à la newsletters malekal.com

Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
 
Messages: 66711
Inscription: 10 Sep 2005 13:57

Re: Comment se débarasser de MalwareAlarm

Messagepar dan17 » 05 Jan 2008 23:17

Voici le rapport ComboFix :
ComboFix 08-01-04.1 - Administrateur 2008-01-05 22:02:49.1 - NTFSx86 NETWORK
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1254 [GMT 1:00]
Running from: H:\Programmes\AntivirusFree\ComboFix\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\asscicsf.dll
C:\WINDOWS\system32\awaubkbt.dll
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\bfibbrwb.ini
C:\WINDOWS\system32\bsbxxwdp.dll
C:\WINDOWS\system32\cbadd.ini
C:\WINDOWS\system32\cbadd.ini2
C:\WINDOWS\system32\coukxiyc.dll
C:\WINDOWS\system32\cpgofdni.ini
C:\WINDOWS\system32\ddabc.dll
C:\WINDOWS\system32\eomwuxxl.dll
C:\WINDOWS\system32\etxsujwt.ini
C:\WINDOWS\system32\fcjnsbpn.dll
C:\WINDOWS\system32\fmevlssw.ini
C:\WINDOWS\system32\geeda.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\htnvtqnu.dll
C:\WINDOWS\system32\ifycrpxm.dll
C:\WINDOWS\system32\indfogpc.dll
C:\WINDOWS\system32\inpkjojw.ini
C:\WINDOWS\system32\ktesdkxc.exe
C:\WINDOWS\system32\lgtuetnt.dll
C:\WINDOWS\system32\licjmdhr.dll
C:\WINDOWS\system32\lrlyqlux.dll
C:\WINDOWS\system32\mavdaqep.dll
C:\WINDOWS\system32\mugffsva.dll
C:\WINDOWS\system32\mxprcyfi.ini
C:\WINDOWS\system32\ncnwbpdo.dll
C:\WINDOWS\system32\ndwabrhu.ini
C:\WINDOWS\system32\neqdahgt.ini
C:\WINDOWS\system32\nmvvuohm.ini
C:\WINDOWS\system32\npbsnjcf.ini
C:\WINDOWS\system32\nqykblni.dll
C:\WINDOWS\system32\nwyqshrx.ini
C:\WINDOWS\system32\ptwtlvmq.ini
C:\WINDOWS\system32\qyknentp.dll
C:\WINDOWS\system32\rhdmjcil.ini
C:\WINDOWS\system32\thesthle.ini
C:\WINDOWS\system32\tkvqkhpx.ini
C:\WINDOWS\system32\tuegomow.dll
C:\WINDOWS\system32\tuiexmmh.dll
C:\WINDOWS\system32\twjusxte.dll
C:\WINDOWS\system32\ukwhkxrh.dll
C:\WINDOWS\system32\upkbosoi.dll
C:\WINDOWS\system32\uslfygre.ini
C:\WINDOWS\system32\uvjeoaaw.dll
C:\WINDOWS\system32\vijqnwfl.dll
C:\WINDOWS\system32\vlonfsvk.ini
C:\WINDOWS\system32\vrxlwpdk.ini
C:\WINDOWS\system32\whnmepiw.dll
C:\WINDOWS\system32\wigqhvfd.ini
C:\WINDOWS\system32\wmhpxluu.dll
C:\WINDOWS\system32\xujcdhtc.dll
C:\WINDOWS\system32\xvgrbjsi.dll
C:\WINDOWS\system32\ylodnpqr.dll
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.

2008-01-05 22:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 15:07 . 2008-01-05 15:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-01-05 14:53 . 2008-01-05 15:25 <REP> d-------- C:\Program Files\RegCleaner
2008-01-05 11:57 . 2008-01-05 11:57 <REP> d--h----- C:\WINDOWS\PIF
2007-12-28 13:02 . 2007-12-28 13:02 <REP> d-------- C:\Documents and Settings\Nadia\Application Data\Grisoft
2007-12-26 10:53 . 2007-12-26 10:53 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Grisoft
2007-12-25 23:27 . 2007-12-25 23:27 <REP> d-------- C:\WINDOWS\report
2007-12-25 23:27 . 2007-12-25 23:26 40,271,921 --a------ C:\WINDOWS\LPT$VPN.909
2007-12-25 23:26 . 2007-12-25 23:26 <REP> d-------- C:\WINDOWS\AU_Backup
2007-12-25 23:26 . 2007-12-25 23:26 40,271,921 --a------ C:\WINDOWS\VPTNFILE.909
2007-12-25 23:26 . 2007-12-25 23:26 1,906,226 --a------ C:\WINDOWS\tsc.ptn
2007-12-25 23:26 . 2007-12-25 23:26 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-12-25 23:26 . 2007-12-25 23:26 267,845 --a------ C:\WINDOWS\tsc.exe
2007-12-25 23:26 . 2007-12-25 23:26 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-12-25 23:26 . 2007-12-25 23:26 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-12-25 23:26 . 2007-12-26 00:47 823 --a------ C:\WINDOWS\tsc.ini
2007-12-25 23:16 . 2007-12-25 23:26 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-25 23:16 . 2007-12-25 23:16 <REP> d-------- C:\WINDOWS\AU_Log
2007-12-25 23:16 . 2007-12-25 23:16 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-12-25 23:16 . 2007-12-25 23:16 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-12-25 23:16 . 2007-12-25 23:16 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-12-25 23:16 . 2007-12-25 23:16 170 --a------ C:\WINDOWS\GetServer.ini
2007-12-25 22:40 . 2007-12-25 22:40 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Grisoft
2007-12-25 21:58 . 2007-12-25 21:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-12-25 21:34 . 2008-01-05 21:58 <REP> d-------- C:\Program Files\HIJACKTHIS VF
2007-12-25 21:24 . 2004-06-25 17:11 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-12-25 21:24 . 2004-06-25 17:11 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-25 21:24 . 2008-01-05 19:55 <REP> d--hs---- C:\Documents and Settings\Administrateur\UserData
2007-12-25 21:24 . 2004-06-25 16:13 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-12-25 21:24 . 2007-10-10 15:39 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-25 21:24 . 2004-06-25 17:11 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-12-25 21:24 . 2007-12-25 23:15 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-12-25 21:24 . 2008-01-05 22:07 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-25 21:24 . 2004-11-03 05:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2007-12-25 21:24 . 2004-06-27 10:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink
2007-12-25 21:24 . 2007-10-17 19:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AOL
2007-12-25 21:24 . 2004-11-03 05:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
2007-12-25 21:24 . 2004-06-25 18:34 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM
2007-12-25 19:53 . 2007-12-25 19:53 <REP> d-------- C:\Documents and Settings\Daniel\Application Data\Grisoft
2007-12-25 19:52 . 2007-12-25 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-25 19:52 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-25 19:14 . 2008-01-05 14:31 3,064 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-25 15:42 . 2007-12-25 15:42 <REP> d-------- C:\Program Files\DVBViewerTE
2007-12-25 15:41 . 2007-12-25 15:41 <REP> d-------- C:\Program Files\Fichiers communs\Sonic Shared
2007-12-25 15:40 . 2007-12-25 15:41 <REP> d-------- C:\Program Files\TechniSat DVB
2007-12-25 15:40 . 2004-10-06 19:52 122,880 --a------ C:\WINDOWS\system32\Sky2PCUI.dll
2007-12-25 15:40 . 2004-10-06 19:52 118,784 --a------ C:\WINDOWS\system32\SkyDll.dll
2007-12-25 15:40 . 2004-10-03 12:56 102,400 --a------ C:\WINDOWS\system32\libbz2.dll
2007-12-25 15:37 . 2004-10-13 10:56 462,212 -ra------ C:\WINDOWS\system32\drivers\SkyNET.sys
2007-12-22 21:19 . 2007-12-22 21:19 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Lavasoft
2007-12-22 13:52 . 2007-12-23 20:34 <REP> d-------- C:\Program Files\Sony Ericsson
2007-12-22 11:49 . 2007-12-22 11:50 <REP> d-------- C:\Program Files\Audacity
2007-12-22 11:48 . 2007-12-22 11:48 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-20 18:17 . 2007-12-22 19:33 1,581,377 ---hs---- C:\WINDOWS\system32\qkslxqkf.ini
2007-12-15 11:17 . 2007-12-15 11:17 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
2007-12-13 13:44 . 2007-12-14 16:54 1,676,786 ---hs---- C:\WINDOWS\system32\njcvbqxf.ini
2007-12-11 20:35 . 2007-12-13 13:39 1,577,649 ---hs---- C:\WINDOWS\system32\ivulxeek.ini
2007-12-10 09:10 . 2007-12-22 20:59 <REP> d-------- C:\Program Files\Dofus
2007-12-08 12:27 . 2007-12-08 12:27 <REP> d-------- C:\Program Files\AOL Compagnon
2007-12-08 12:27 . 2008-01-05 21:17 <REP> d-------- C:\Program Files\AOL 9.0
2007-12-08 12:26 . 2007-12-08 12:26 <REP> d-------- C:\Program Files\TechCity Solutions
2007-12-08 12:26 . 2007-12-08 12:27 <REP> d-------- C:\Program Files\Fichiers communs\aolshare
2007-12-07 20:47 . 2007-12-07 20:47 45 ---h----- C:\WINDOWS\dboo8684.dat
2007-12-07 18:50 . 2007-12-09 20:25 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2007-12-07 17:18 . 2007-12-07 17:18 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\eMule
2007-12-06 18:30 . 2007-12-08 12:27 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\LimeWire
2007-12-06 17:27 . 2007-12-08 12:27 <REP> d-------- C:\Documents and Settings\Nadia\Application Data\LimeWire
2007-12-05 17:37 . 2007-12-05 17:37 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Dcads Advanced Toolbar
2007-12-05 17:26 . 2007-12-05 17:26 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-05 17:25 . 2007-12-05 17:25 134 --a------ C:\n.bat
2007-12-05 17:18 . 2007-12-05 17:18 <REP> d-------- C:\Program Files\Sega
2007-12-05 17:08 . 2007-12-05 17:08 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Viewpoint

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 19:03 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-01-05 15:47 --------- d-----w C:\Documents and Settings\Thomas\Application Data\OpenOffice.org2
2007-12-25 14:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 18:30 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-08 13:50 --------- d-----w C:\Documents and Settings\Thomas\Application Data\LimeWire
2007-12-08 13:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-08 11:34 --------- d-----w C:\Program Files\Simple PDF
2007-12-08 11:27 --------- d-----w C:\Program Files\Fichiers communs\AOL
2007-12-08 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-05 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-01 22:07 --------- d-----w C:\Documents and Settings\Daniel\Application Data\AdobeUM
2007-12-01 18:05 --------- d-----w C:\Program Files\Windows Live
2007-12-01 18:04 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-01 17:54 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-01 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-01 12:13 --------- d-----w C:\Documents and Settings\Thomas\Application Data\PDFcreator
2007-12-01 12:07 --------- d-----w C:\Documents and Settings\Thomas\Application Data\AdobeUM
2007-12-01 10:58 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-01 10:47 --------- d-----w C:\Documents and Settings\Daniel\Application Data\Dossier de téléchargement Share-to-Web
2007-11-30 17:05 --------- d-----w C:\Program Files\Make bootable flashcards
2007-11-28 11:46 --------- d-----w C:\Program Files\Ahead
2007-11-23 22:35 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-22 18:14 --------- d-----w C:\Program Files\Microsoft Games
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 09:07 --------- d-----w C:\Documents and Settings\Daniel\Application Data\Dossier de téléchargement Share-to-Web
2007-11-10 13:45 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Dossier de téléchargement Share-to-Web
2007-11-09 18:09 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-09 14:33 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Dossier de téléchargement Share-to-Web
2007-11-09 08:22 --------- d-----w C:\Documents and Settings\Nadia\Application Data\Dossier de téléchargement Share-to-Web
2007-11-09 08:22 --------- d-----w C:\Documents and Settings\Nadia\Application Data\Dossier de téléchargement Share-to-Web
2007-11-08 18:42 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Dossier de téléchargement Share-to-Web
2007-11-07 19:11 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Dossier de téléchargement Share-to-Web
2007-11-07 19:09 --------- d-----w C:\Program Files\HP Photosmart 11
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Cmaudio"="cmicnfg.cpl" []
"Dit"="Dit.exe" [2004-04-02 12:31 86016 C:\WINDOWS\Dit.exe]
"CHotkey"="zHotkey.exe" [2004-05-17 18:30 543232 C:\WINDOWS\zHotkey.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-29 13:23 4603904]
"nwiz"="nwiz.exe" [2004-09-29 13:23 921600 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 10:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-08 15:59 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 20:29 188416]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-22 20:28 348160]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 20:50 49152]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqqqp]
awtqqqp.dll

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 08:10]
R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 15:29]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-05 20:03]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 13:58]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2004-10-13 10:56]
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 15:27]
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 15:41]
S3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;C:\WINDOWS\system32\Drivers\PMUSB.sys [2004-11-25 15:11]
S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 16:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d88632f-269b-11d9-b2c3-000c76adb999}]
\Shell\AutoRun\command - @%systemroot%\explorer.exe /e,.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1540b92a-2cb5-11d9-9c60-00110949a3d1}]
\Shell\AutoRun\command - @%systemroot%\explorer.exe /e,.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46e21b24-2d4e-11d9-9c66-00110949a3d1}]
\Shell\AutoRun\command - @%systemroot%\explorer.exe /e,.

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-05 21:09:14 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe
"2008-01-05 21:09:17 C:\WINDOWS\Tasks\HP Usg Login.job"
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 22:09:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 22:11:36 - machine was rebooted [Daniel]
ComboFix-quarantined-files.txt 2008-01-05 21:11:34
.
2007-12-12 22:26:33 --- E O F ---

Ainsi que le log :

Logfile of HijackThis v1.99.1
Scan saved at 22:14, on 2008-01-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour-multimedia.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3333169531
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C72A6BD0-DC4E-49B6-84C8-37BCF97F33B0}: NameServer = 10.150.20.3,0.0.0.0
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: awtqqqp - awtqqqp.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

dan17
 

Re: Comment se débarasser de MalwareAlarm

Messagepar Malekal_morte » 05 Jan 2008 23:35

dan17 a écrit:2007-12-06 18:30 . 2007-12-08 12:27 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\LimeWire
2007-12-06 17:27 . 2007-12-08 12:27 <REP> d-------- C:\Documents and Settings\Nadia\Application Data\LimeWire
2007-12-05 17:37 . 2007-12-05 17:37 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Dcads Advanced Toolbar


Dcads + Limwire.... Vas lire ça : viewtopic.php?f=33&t=6465
Il faudrait que les personnes qui utilisent ce PC fassent attention à ce qu'elles téléchargent...



Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\n.bat
C:\WINDOWS\system32\qkslxqkf.ini
C:\WINDOWS\system32\njcvbqxf.ini
C:\WINDOWS\system32\ivulxeek.ini

Folder::
C:\Documents and Settings\Thomas\Application Data\Dcads Advanced Toolbar

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqqqp]


Enregistre ce fichier sous le nom CFScript

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Image
[*]Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
[*]Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Mon avis est qu'Avast! est loin de ce que l'on a fait de mieux en matière de protection, voir ce lien pour plus d'informations :
viewtopic.php?f=45&t=3528
ftopic3123.php

Pour moi, Antivir est beaucoup plus performant, c'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place (ce n'est pas une obligation) : http://www.malekal.com/tutorial_antivir.php

Pour t'aider tu peux suivre ce lien : ftopic4192.php

- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
- Assure toi qu'Antivir est bien à jour, vérifie la date d'update.

-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.

Redémarre en mode normal.

Poste le rapport ici.
Poste un nouveau rapport HijackThis.
Première régle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Stop publicités - popups intempestives

S'inscrire à la newsletters malekal.com

Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
 
Messages: 66711
Inscription: 10 Sep 2005 13:57

Re: Comment se débarasser de MalwareAlarm

Messagepar dan17 » 06 Jan 2008 00:42

Voici le rapport ComboFix :
ComboFix 08-01-04.1 - Daniel 2008-01-05 23:07:30.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1078 [GMT 1:00]
Running from: H:\Programmes\AntivirusFree\ComboFix\ComboFix.exe
Command switches used :: C:\Documents and Settings\Daniel\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\n.bat
C:\WINDOWS\system32\ivulxeek.ini
C:\WINDOWS\system32\njcvbqxf.ini
C:\WINDOWS\system32\qkslxqkf.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Thomas\Application Data\Dcads Advanced Toolbar
C:\Documents and Settings\Thomas\Application Data\Dcads Advanced Toolbar\advertbuttons.xml
C:\Documents and Settings\Thomas\Application Data\Dcads Advanced Toolbar\selected.xml
C:\n.bat
C:\WINDOWS\system32\ivulxeek.ini
C:\WINDOWS\system32\njcvbqxf.ini
C:\WINDOWS\system32\qkslxqkf.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.

2008-01-05 22:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 15:07 . 2008-01-05 15:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-01-05 14:53 . 2008-01-05 15:25 <REP> d-------- C:\Program Files\RegCleaner
2008-01-05 11:57 . 2008-01-05 11:57 <REP> d--h----- C:\WINDOWS\PIF
2007-12-28 13:02 . 2007-12-28 13:02 <REP> d-------- C:\Documents and Settings\Nadia\Application Data\Grisoft
2007-12-26 10:53 . 2007-12-26 10:53 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Grisoft
2007-12-25 23:27 . 2007-12-25 23:27 <REP> d-------- C:\WINDOWS\report
2007-12-25 23:27 . 2007-12-25 23:26 40,271,921 --a------ C:\WINDOWS\LPT$VPN.909
2007-12-25 23:26 . 2007-12-25 23:26 <REP> d-------- C:\WINDOWS\AU_Backup
2007-12-25 23:26 . 2007-12-25 23:26 40,271,921 --a------ C:\WINDOWS\VPTNFILE.909
2007-12-25 23:26 . 2007-12-25 23:26 1,906,226 --a------ C:\WINDOWS\tsc.ptn
2007-12-25 23:26 . 2007-12-25 23:26 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-12-25 23:26 . 2007-12-25 23:26 267,845 --a------ C:\WINDOWS\tsc.exe
2007-12-25 23:26 . 2007-12-25 23:26 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-12-25 23:26 . 2007-12-25 23:26 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-12-25 23:26 . 2007-12-26 00:47 823 --a------ C:\WINDOWS\tsc.ini
2007-12-25 23:16 . 2007-12-25 23:26 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-25 23:16 . 2007-12-25 23:16 <REP> d-------- C:\WINDOWS\AU_Log
2007-12-25 23:16 . 2007-12-25 23:16 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-12-25 23:16 . 2007-12-25 23:16 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-12-25 23:16 . 2007-12-25 23:16 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-12-25 23:16 . 2007-12-25 23:16 170 --a------ C:\WINDOWS\GetServer.ini
2007-12-25 22:40 . 2007-12-25 22:40 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Grisoft
2007-12-25 21:58 . 2007-12-25 21:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-12-25 21:34 . 2008-01-05 22:14 <REP> d-------- C:\Program Files\HIJACKTHIS VF
2007-12-25 21:24 . 2004-06-25 17:11 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-12-25 21:24 . 2004-06-25 17:11 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-12-25 21:24 . 2008-01-05 19:55 <REP> d--hs---- C:\Documents and Settings\Administrateur\UserData
2007-12-25 21:24 . 2004-06-25 16:13 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-12-25 21:24 . 2007-10-10 15:39 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-12-25 21:24 . 2004-06-25 17:11 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-12-25 21:24 . 2007-12-25 23:15 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-12-25 21:24 . 2008-01-05 22:07 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-12-25 21:24 . 2004-11-03 05:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2007-12-25 21:24 . 2004-06-27 10:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink
2007-12-25 21:24 . 2007-10-17 19:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AOL
2007-12-25 21:24 . 2004-11-03 05:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
2007-12-25 21:24 . 2004-06-25 18:34 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AdobeUM
2007-12-25 19:53 . 2007-12-25 19:53 <REP> d-------- C:\Documents and Settings\Daniel\Application Data\Grisoft
2007-12-25 19:52 . 2007-12-25 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-25 19:52 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-25 19:14 . 2008-01-05 14:31 3,064 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-25 15:42 . 2007-12-25 15:42 <REP> d-------- C:\Program Files\DVBViewerTE
2007-12-25 15:41 . 2007-12-25 15:41 <REP> d-------- C:\Program Files\Fichiers communs\Sonic Shared
2007-12-25 15:40 . 2007-12-25 15:41 <REP> d-------- C:\Program Files\TechniSat DVB
2007-12-25 15:40 . 2004-10-06 19:52 122,880 --a------ C:\WINDOWS\system32\Sky2PCUI.dll
2007-12-25 15:40 . 2004-10-06 19:52 118,784 --a------ C:\WINDOWS\system32\SkyDll.dll
2007-12-25 15:40 . 2004-10-03 12:56 102,400 --a------ C:\WINDOWS\system32\libbz2.dll
2007-12-25 15:37 . 2004-10-13 10:56 462,212 -ra------ C:\WINDOWS\system32\drivers\SkyNET.sys
2007-12-22 21:19 . 2007-12-22 21:19 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Lavasoft
2007-12-22 13:52 . 2007-12-23 20:34 <REP> d-------- C:\Program Files\Sony Ericsson
2007-12-22 11:49 . 2007-12-22 11:50 <REP> d-------- C:\Program Files\Audacity
2007-12-22 11:48 . 2007-12-22 11:48 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-15 11:17 . 2007-12-15 11:17 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
2007-12-10 09:10 . 2007-12-22 20:59 <REP> d-------- C:\Program Files\Dofus
2007-12-08 12:27 . 2007-12-08 12:27 <REP> d-------- C:\Program Files\AOL Compagnon
2007-12-08 12:27 . 2008-01-05 21:17 <REP> d-------- C:\Program Files\AOL 9.0
2007-12-08 12:26 . 2007-12-08 12:26 <REP> d-------- C:\Program Files\TechCity Solutions
2007-12-08 12:26 . 2007-12-08 12:27 <REP> d-------- C:\Program Files\Fichiers communs\aolshare
2007-12-07 20:47 . 2007-12-07 20:47 45 ---h----- C:\WINDOWS\dboo8684.dat
2007-12-07 18:50 . 2007-12-09 20:25 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2007-12-07 17:18 . 2007-12-07 17:18 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\eMule
2007-12-06 18:30 . 2007-12-08 12:27 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\LimeWire
2007-12-06 17:27 . 2007-12-08 12:27 <REP> d-------- C:\Documents and Settings\Nadia\Application Data\LimeWire
2007-12-05 17:26 . 2007-12-05 17:26 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-05 17:18 . 2007-12-05 17:18 <REP> d-------- C:\Program Files\Sega
2007-12-05 17:08 . 2007-12-05 17:08 <REP> d-------- C:\Documents and Settings\Thomas\Application Data\Viewpoint

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 19:03 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
2008-01-05 15:47 --------- d-----w C:\Documents and Settings\Thomas\Application Data\OpenOffice.org2
2007-12-25 14:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 18:30 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-08 13:50 --------- d-----w C:\Documents and Settings\Thomas\Application Data\LimeWire
2007-12-08 13:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-08 11:34 --------- d-----w C:\Program Files\Simple PDF
2007-12-08 11:27 --------- d-----w C:\Program Files\Fichiers communs\AOL
2007-12-08 11:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-05 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-01 22:07 --------- d-----w C:\Documents and Settings\Daniel\Application Data\AdobeUM
2007-12-01 18:05 --------- d-----w C:\Program Files\Windows Live
2007-12-01 18:04 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-01 17:54 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-01 17:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-01 12:13 --------- d-----w C:\Documents and Settings\Thomas\Application Data\PDFcreator
2007-12-01 12:07 --------- d-----w C:\Documents and Settings\Thomas\Application Data\AdobeUM
2007-12-01 10:58 --------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-12-01 10:47 --------- d-----w C:\Documents and Settings\Daniel\Application Data\Dossier de téléchargement Share-to-Web
2007-11-30 17:05 --------- d-----w C:\Program Files\Make bootable flashcards
2007-11-28 11:46 --------- d-----w C:\Program Files\Ahead
2007-11-23 22:35 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-22 18:14 --------- d-----w C:\Program Files\Microsoft Games
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 09:07 --------- d-----w C:\Documents and Settings\Daniel\Application Data\Dossier de téléchargement Share-to-Web
2007-11-10 13:45 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Dossier de téléchargement Share-to-Web
2007-11-09 18:09 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-09 14:33 --------- d-----w C:\Documents and Settings\Alexandre\Application Data\Dossier de téléchargement Share-to-Web
2007-11-09 08:22 --------- d-----w C:\Documents and Settings\Nadia\Application Data\Dossier de téléchargement Share-to-Web
2007-11-09 08:22 --------- d-----w C:\Documents and Settings\Nadia\Application Data\Dossier de téléchargement Share-to-Web
2007-11-08 18:42 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Dossier de téléchargement Share-to-Web
2007-11-07 19:11 --------- d-----w C:\Documents and Settings\Thomas\Application Data\Dossier de téléchargement Share-to-Web
2007-11-07 19:09 --------- d-----w C:\Program Files\HP Photosmart 11
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-05_22.11.19,21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-05 21:02:28 52,486 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-05 21:13:04 52,486 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-05 21:02:28 63,214 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-05 21:13:04 63,214 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-05 21:02:28 377,358 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-05 21:13:04 377,358 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-05 21:02:29 442,208 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-05 21:13:04 442,208 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Cmaudio"="cmicnfg.cpl" []
"Dit"="Dit.exe" [2004-04-02 12:31 86016 C:\WINDOWS\Dit.exe]
"CHotkey"="zHotkey.exe" [2004-05-17 18:30 543232 C:\WINDOWS\zHotkey.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-09-29 13:23 4603904]
"nwiz"="nwiz.exe" [2004-09-29 13:23 921600 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 10:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-08 15:59 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 20:29 188416]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-22 20:28 348160]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-11-22 20:50 49152]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09 15360]

C:\Documents and Settings\Thomas\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]

C:\Documents and Settings\Daniel\Menu D‚marrer\Programmes\D‚marrage\
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Fichiers communs\Sonic Shared\cinetray.exe [2002-09-18 14:16:30]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2007-12-25 15:40:51]

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 08:10]
R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 15:29]
R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-01-05 20:03]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 13:58]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2004-10-13 10:56]
S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 15:27]
S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 15:41]
S3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;C:\WINDOWS\system32\Drivers\PMUSB.sys [2004-11-25 15:11]
S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 16:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d88632f-269b-11d9-b2c3-000c76adb999}]
\Shell\AutoRun\command - @%systemroot%\explorer.exe /e,.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1540b92a-2cb5-11d9-9c60-00110949a3d1}]
\Shell\AutoRun\command - @%systemroot%\explorer.exe /e,.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46e21b24-2d4e-11d9-9c66-00110949a3d1}]
\Shell\AutoRun\command - @%systemroot%\explorer.exe /e,.

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-05 21:09:14 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe
"2008-01-05 21:09:17 C:\WINDOWS\Tasks\HP Usg Login.job"
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 23:08:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-05 23:09:19
ComboFix-quarantined-files.txt 2008-01-05 22:09:11
ComboFix2.txt 2008-01-05 21:11:36
.
2007-12-12 22:26:33 --- E O F ---

Ca semble se passer normalement lorsque je vais sur Internet.
J'ai eu un problème pour me connecter à Internet suite à la dernière manip, il a fallu que je reconfigure ma connection réseau.

J'effectue le reste des manips et je poste à nouveau un log HijackThis.

dan17
 

Re: Comment se débarasser de MalwareAlarm

Messagepar Malekal_morte » 07 Jan 2008 17:14

Merci de poster les autres rapports.
Première régle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Stop publicités - popups intempestives

S'inscrire à la newsletters malekal.com

Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
 
Messages: 66711
Inscription: 10 Sep 2005 13:57

Re: Comment se débarasser de MalwareAlarm

Messagepar dan17 » 07 Jan 2008 22:20

Je n'arrivais pas à me connecter au site hier.
J'ai eu d'autre part des problèmes de démarrages : ordinateur bloqué à l'écran Penthium 4. Pas de boot. Je me demande s'il n'y a pas un faux contact au connections du DD avec la carte mère? Merci de ton avis.
De plus, j'ai constaté que des favoris s'étaient intallés à mon insu :

http://french.icrfast.com/
http://french.icrfast.com/lv/start/videos.htm
http://french.icrfast.com/lv/start/games.htm
Mais je pense que c'est en installant CCleaner, avec la toolbar Yahoo. Est-il souhaitable de les désinstaller et comment?

Voici les rapports des scans Antivir :
- 1er en mode sans échec :
AntiVir PersonalEdition Classic
Report file date: 2008-01-06 15:15

Scanning for 1000802 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: MÉDION

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 14:00:35
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 2007-12-28 14:00:35
ANTIVIR3.VDF : 7.0.1.194 93696 Bytes 2008-01-04 14:00:35
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 2008-01-06 14:00:36
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 2008-01-06 14:00:36
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-01-06 15:15

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '36' files ).


Starting the file scan:

Begin scan in 'C:\' <BOOT>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrateur\Bureau\catchme.zip
[0] Archive type: ZIP
--> ddabc.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47f4e30c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\asscicsf.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f3eb1e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\awaubkbt.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e1eb2a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ddabc.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47e1eb1f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fcjnsbpn.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was moved to '47eaeb22.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\geeda.dll.vir
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47e5eb29.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\geedb.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e5eb2c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\htnvtqnu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DVA
[INFO] The file was moved to '47eeeb3e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ifycrpxm.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was moved to '47f9eb34.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\indfogpc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was moved to '47e4eb3e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lgtuetnt.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f4eb3a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\licjmdhr.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DUP
[INFO] The file was moved to '47e3eb3f.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mavdaqep.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f6eb39.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mugffsva.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e7eb50.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ncnwbpdo.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47eeeb40.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tuiexmmh.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e9eb57.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\twjusxte.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.DUF
[INFO] The file was moved to '47eaeb5b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wmhpxluu.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e8eb54.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xujcdhtc.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47eaeb5e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xvgrbjsi.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47e7eb62.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ylodnpqr.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47efeb5b.qua'!
C:\WINDOWS\Fonts\a.RB0
[0] Archive type: ZIP
--> Crack.exe
[DETECTION] Is the Trojan horse TR/Agent.cmn.1
[INFO] The file was moved to '47d2ec17.qua'!
Begin scan in 'D:\' <BACKUP>
Begin scan in 'E:\' <RECOVER>
Begin scan in 'H:\' <DISK3_VOL1>
H:\fd6fb71b2ab35c6a31c2b3623d6b\advpack.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\browseui.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\corpol.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\custsat.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\dxtmsft.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\dxtrans.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\extmgr.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\hmmapi.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\icardie.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\ie4uinit.exe
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\ieakeng.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\ieaksie.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\ieakui.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\ieapfltr.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\iedkcs32.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\iedw.exe
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\ieencode.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\ieframe.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\iepeers.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\ieproxy.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\iernonce.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\iertutil.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\iesetup.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\ieudinit.exe
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\ieui.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\iexplore.exe
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\imgutil.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\inseng.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\jscript.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\jsproxy.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\licmgr10.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\msfeeds.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\msfeedsbs.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\msfeedssync.exe
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\mshta.exe
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\mshtml.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\mshtmled.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\mshtmler.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\msls31.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\msrating.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\mstime.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\occache.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\pngfilt.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\shdocvw.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\shlwapi.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\spmsg.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\spuninst.exe
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\spupdsvc.exe
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\url.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\urlmon.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\vbscript.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\vgx.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\webcheck.dll
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\winfxdocobj.exe
[WARNING] The file could not be opened!
H:\fd6fb71b2ab35c6a31c2b3623d6b\wininet.dll
[WARNING] The file could not be opened!


End of the scan: 2008-01-06 16:25
Used time: 1:10:25 min

The scan has been done completely.

6461 Scanning directories
282259 Files were scanned
22 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
22 files were moved to quarantine
0 files were renamed
56 Files cannot be scanned
282237 Files not concerned
16560 Archives were scanned
56 Warnings
1 Notes

- Puis le 2éme qui s'est déclenché automatiquement en mode normal :



AntiVir PersonalEdition Classic
Report file date: dimanche 6 janvier 2008 17:36

Scanning for 1000802 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: MÉDION

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 14:00:35
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 14:00:35
ANTIVIR3.VDF : 7.0.1.194 93696 Bytes 04/01/2008 14:00:35
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 06/01/2008 14:00:36
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 06/01/2008 14:00:36
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: O:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 6 janvier 2008 17:36

Starting search for hidden objects.
'51071' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'hphipm11.exe' - '1' Module(s) have been scanned
Scan process 'cinetray.exe' - '1' Module(s) have been scanned
Scan process 'Server4PC.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'hphmon04.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb07.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LogWatNT.exe' - '1' Module(s) have been scanned
Scan process 'zHotkey.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'Dit.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!
Boot sector 'O:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).


Starting the file scan:

Begin scan in 'C:\' <BOOT>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <BACKUP>
Begin scan in 'E:\' <RECOVER>
Begin scan in 'H:\' <DISK3_VOL1>
Begin scan in 'O:\' <FORMAC EXT>
O:\Medion\C\WINDOWS\logon.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.FI.3
[INFO] The file was moved to '47e81f76.qua'!


End of the scan: dimanche 6 janvier 2008 19:38
Used time: 2:02:08 min

The scan has been done completely.

20777 Scanning directories
863041 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
863040 Files not concerned
31263 Archives were scanned
2 Warnings
20 Notes
51071 Objects were scanned with rootkit scan
0 Hidden objects were found

Puis le rapport HijackThis de ce soir :

Logfile of HijackThis v1.99.1
Scan saved at 20:53, on 2008-01-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\HIJACKTHIS VF\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour-multimedia.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3333169531
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C72A6BD0-DC4E-49B6-84C8-37BCF97F33B0}: NameServer = 10.150.20.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

Merci de me dire si tout semble ok, et s'il y a d'autres manips à faire.

Si tu avais à me conseiller un anti-virus payant, lequel recommanderais-tu, dans le cas d'utilisations à risque. J'ai montré tes commentaires à mes fils mais ils utilisent beaucoup MSN,... malgré mes recommandations.

Merci d'avance.

dan17
 

Re: Comment se débarasser de MalwareAlarm

Messagepar Malekal_morte » 07 Jan 2008 22:35

dan17 a écrit:Je n'arrivais pas à me connecter au site hier.
J'ai eu d'autre part des problèmes de démarrages : ordinateur bloqué à l'écran Penthium 4. Pas de boot. Je me demande s'il n'y a pas un faux contact au connections du DD avec la carte mère? Merci de ton avis.
De plus, j'ai constaté que des favoris s'étaient intallés à mon insu :

http://french.icrfast.com/
http://french.icrfast.com/lv/start/videos.htm
http://french.icrfast.com/lv/start/games.htm


Tu as installé un programme depuis icrfast.com
Ce dernier demande s'il peut remplacer ta page de démarrage, se rajoute dans les favoris etc..

Mais je pense que c'est en installant CCleaner, avec la toolbar Yahoo. Est-il souhaitable de les désinstaller et comment?


oui désinstalle la.


dan17 a écrit:Merci de me dire si tout semble ok, et s'il y a d'autres manips à faire.

Si tu avais à me conseiller un anti-virus payant, lequel recommanderais-tu, dans le cas d'utilisations à risque. J'ai montré tes commentaires à mes fils mais ils utilisent beaucoup MSN,... malgré mes recommandations.

Merci d'avance.


Ton infection vient d'un crack sur limwire.
Antivir est très bien mais si tes enfants téléchargent des cracks, tout et n'importe quoi sur limwire, aucun antivirus ne pourra rien.
Tu peux les mettre sur un compte limité, ils ne pourront plus infecter le PC : http://www.malekal.com/gestion_utilisateur_windows.php


Supprime c:\qoobox.

C'est OK, tu n'es plus infecté en suivant les dernières manipulations ci-dessous et lire ATTENTIVEMENT ce qui suit :)

Essaye de rapporter ton infection sur le site que je te donne ci-dessous, ce serait super cool ;)

Ton infection : virtumonde

Finir le nettoyage :
- Nettoye ton ordinateur avec CCleaner : http://www.malekal.com/tutorial_CCleaner.html
- Désactive puis réactive la restauration du système :
- Mode d'emploi Windows XP
- Tu peux ensuite désinstaller tous les programmes que l'on a utilisé.




___________________________________


je t'invite à lire ce PDF (cliquer sur la bannière si dessous), ce PDF explique comment les infections se propagent, les bonnes habitudes à avoir pour ne plus se faire infecter et comment sécuriser ton ordinateur, lis tout attentivement, n'hésite surtout pas à l'envoyer à tous tes amis par mail :

Image

Tout est résumé dans Sécuriser son ordinateur (version courte)

___________________________________


Faire bouger les choses :

Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapport ton infection :
- Voir les règles de Malware-Complaints
- Enregistre sur le forum à partir du bouton register en haut :
Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewf ... da8cee41a4

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10

Pour poster un message, clics sur le bouton "post reply" et remplir les informations - NE PAS CREER UN SUJET avec le bouton New Topic.

Pour toutes aides pour poster ton message, tu peux consulter ce lien : http://www.malekal.com/malwarecomplaints.html
Si tu as des questions ou des problèmes, n'hésites pas à me demander ici ou à contacter un des modérateurs du forum : Kimberly, AgnesD ou ipl_001.
Première régle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas

Sécuriser son ordinateur (version courte)

Stop publicités - popups intempestives

S'inscrire à la newsletters malekal.com

Avatar de l’utilisateur
Malekal_morte
Site Admin
Site Admin
 
Messages: 66711
Inscription: 10 Sep 2005 13:57


Si vous trouvez le contenu de cette page pertinente, faites +1 :

Publicité

Retourner vers VIRUS : Aide à la désinfection (vers, trojans, spywares, hijack)

Qui est en ligne

Utilisateurs parcourant ce forum: Bing [Bot] et 2 invités

Partenaires du site : Geekeden - OxygenePC.com