Forums Zebulon.fr: Avira Search Free Toolbar Plus Web protection - Forums Zebulon.fr

BONJOUR jai fais ce que tu ma dis je poste le rapport
ComboFix 11-09-23.03 - Poste 23/09/2011 15:41:57.2.1 - x86
Lancé depuis: c:\documents and settings\Poste\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Poste\Bureau\CFScript.txt
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\cryptsvc.dll . . . est infecté!!
.
c:\windows\system32\es.dll . . . est infecté!!
.
c:\windows\system32\ntmssvc.dll . . . est infecté!!
.
c:\windows\system32\termsrv.dll . . . est infecté!!
.
c:\windows\system32\srsvc.dll . . . est infecté!!
.
c:\windows\system32\wiaservc.dll . . . est infecté!!
.
c:\windows\pchealth\helpctr\binaries\pchsvc.dll . . . est infecté!!
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-08-23 au 2011-09-23 ))))))))))))))))))))))))))))))))))))
.
.
2011-09-23 13:18 . 2011-09-23 13:18 -------- d-----w- C:\Nouveau dossier
2011-09-22 13:08 . 2011-09-22 13:08 -------- d-----w- c:\documents and settings\Poste\Local Settings\Application Data\Help
2011-09-22 09:46 . 2011-09-22 09:46 -------- d-----w- c:\documents and settings\Poste\Application Data\RegistryKeys
2011-09-19 14:48 . 2011-09-19 14:48 -------- d-----w- c:\documents and settings\Poste\Application Data\Malwarebytes
2011-09-19 14:48 . 2011-09-19 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-19 14:48 . 2011-09-19 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-19 14:48 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-16 13:20 . 2011-09-16 13:20 -------- d-----w- c:\program files\Ad-Remover
2011-09-16 13:12 . 2011-09-16 13:14 -------- d-----w- C:\Kill'em
2011-09-16 13:11 . 2011-09-16 13:11 -------- d--h--w- c:\windows\PIF
2011-09-14 18:45 . 2011-09-14 18:45 -------- d-----w- c:\program files\Trend Micro
2011-09-14 13:24 . 2011-09-15 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-09-14 12:25 . 2011-09-14 12:25 -------- d-----w- c:\documents and settings\Administrateur
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 12:18 . 2011-05-13 08:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-03 10:17 . 2008-04-14 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll
2011-09-01 09:42 . 2008-04-14 12:00 113170 ----a-w- c:\windows\system32\perfc00C.dat
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-09 12:54 . 2011-03-23 14:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Erreur des Services de cryptographie !!
.
((((((((((((((((((((((((((((( SnapShot@2011-09-22_20.53.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-09-23 07:58 . 2011-09-23 07:58 98816 c:\windows\Installer\8e1b44.msi
+ 2011-09-23 07:55 . 2011-09-23 07:55 22016 c:\windows\Installer\8e1a3f.msi
+ 2011-09-23 07:55 . 2011-09-23 07:55 58880 c:\windows\Installer\8e1a37.msi
+ 2011-09-23 07:40 . 2011-09-23 07:40 83456 c:\windows\Installer\8e199d.msi
+ 2011-09-23 07:39 . 2011-09-23 07:39 27136 c:\windows\Installer\8e1989.msi
- 2010-10-19 08:08 . 2010-10-19 08:08 61272 c:\windows\Installer\{B3B487E7-6171-4376-9074-B28082CEB504}\IconWlc.exe
+ 2011-09-23 07:56 . 2011-09-23 07:56 61272 c:\windows\Installer\{B3B487E7-6171-4376-9074-B28082CEB504}\IconWlc.exe
- 2010-10-19 08:09 . 2010-10-19 08:09 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe
+ 2011-09-23 07:56 . 2011-09-23 07:56 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe
- 2010-10-19 08:08 . 2010-10-19 08:08 80395 c:\windows\Installer\{445B183D-F4F1-45C8-B9DB-F11355CA657B}\MsblIco.Exe
+ 2011-09-23 07:57 . 2011-09-23 07:57 80395 c:\windows\Installer\{445B183D-F4F1-45C8-B9DB-F11355CA657B}\MsblIco.Exe
+ 2007-11-06 23:19 . 2007-11-06 23:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
- 2010-05-20 23:09 . 2010-05-20 23:09 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
- 2010-05-20 23:09 . 2010-05-20 23:09 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
- 2010-05-20 23:09 . 2010-05-20 23:09 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-06 18:23 . 2007-11-06 18:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2010-10-14 15:09 . 2011-09-23 08:08 136464 c:\windows\system32\FNTCACHE.DAT
+ 2011-09-23 07:58 . 2011-09-23 07:58 177152 c:\windows\Installer\8e1b8b.msi
+ 2011-09-23 07:58 . 2011-09-23 07:58 727040 c:\windows\Installer\8e1b66.msi
+ 2011-09-23 07:58 . 2011-09-23 07:58 483328 c:\windows\Installer\8e1b57.msi
+ 2011-09-23 07:57 . 2011-09-23 07:57 779264 c:\windows\Installer\8e1b33.msi
+ 2011-09-23 07:57 . 2011-09-23 07:57 429056 c:\windows\Installer\8e1ae7.msi
+ 2011-09-23 07:56 . 2011-09-23 07:56 149504 c:\windows\Installer\8e1aa8.msi
+ 2011-09-23 07:56 . 2011-09-23 07:56 816640 c:\windows\Installer\8e1a99.msi
+ 2011-09-23 07:55 . 2011-09-23 07:55 107008 c:\windows\Installer\8e1a29.msi
+ 2011-09-23 07:55 . 2011-09-23 07:55 301056 c:\windows\Installer\8e1a1b.msi
+ 2011-09-23 07:55 . 2011-09-23 07:55 970240 c:\windows\Installer\8e19bb.msi
+ 2011-09-23 07:39 . 2011-09-23 07:39 155648 c:\windows\Installer\8e1992.msi
- 2010-10-19 08:10 . 2010-10-19 08:10 132096 c:\windows\Installer\{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}\WLXPhotoGalleryIcon.exe
+ 2011-09-23 07:57 . 2011-09-23 07:57 132096 c:\windows\Installer\{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}\WLXPhotoGalleryIcon.exe
+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows\Installer\4ce49.msp
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"OlStatusMon"="c:\program files\Olivetti\ANY_WAY\olDvcStatus.exe" [2006-07-26 106496]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Poste\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2003-06-26 02:02 0 ----a-w- c:\program files\Creative\Shared Files\CamTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R2 olMntrService;olMntrService;c:\program files\Olivetti\ANY_WAY\olMntrService.exe [2006-07-24 86016]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-09-12 251248]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 08:58]
.
2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 08:58]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\documents and settings\Poste\Application Data\Mozilla\Firefox\Profiles\r1ncdt2x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-09-23 16:42
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(1540)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2011-09-23 16:43:51
ComboFix-quarantined-files.txt 2011-09-23 14:43
.
Avant-CF: 58 499 788 800 octets libres
Après-CF: 58 496 933 888 octets libres
.
- - End Of File - - 5F9E9E4C17C585BC0060E5A397DD5BCB

Cela n'a malheureusement pas marché.

ComboFix n'a pas trouvé d'éléments sains pour remplacer les fichiers infectés.

On va utiliser le Virus removal tool de Kaspersky.

Apollo Et Compagnie :: Kaspersky Virus Removal Tool en français

L'analyse risque d'être longue.

@++