Virus ou bug ?

[rdv"&]

Bonjour

 

Depuis quelques jours je dois faire face à un message ou je dois cliquer 15 fois (environ) sur OK avant que ça disparaisse

comme j'ai pas pu faire de copier/coller du msg, voila à quoi ça ressemble:

"Message de la page web

input not found

ccf8081811b03a ....

18 ValueID ff0881811 ...."

 

Scan Malwarebytes => R.A.S

Scan Spybot => R.A.S

donc un petit COMBOFIX ... mais là j'ai besoin de votre aide pour décrypter si il y a quelque chose ... ou pas !!!!

Merci par avance de votre aide!!!!!

 

ComboFix 11-01-06.06 - Renaud 07/01/2011 14:07:30.1.2 - x86

Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.3039.2036 [GMT 1:00]

Lancé depuis: c:\users\Renaud\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Il y a peut-être des sites infectés -----

 

hxxp://wlxindex

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-12-07 au 2011-01-07 ))))))))))))))))))))))))))))))))))))

.

 

2011-01-07 13:11 . 2011-01-07 13:12 -------- d-----w- c:\users\Renaud\AppData\Local\temp

2011-01-07 13:11 . 2011-01-07 13:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-15 18:14 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe

2010-12-15 18:14 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll

2010-12-14 08:40 . 2009-08-19 21:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

2010-12-13 15:15 . 2010-12-13 15:21 -------- d-----w- C:\MATBALL

2010-12-13 13:18 . 2010-12-13 13:18 -------- d-----w- c:\program files\7-Zip

2010-12-09 20:33 . 2010-12-09 20:34 -------- d-----w- c:\windows\system32\drivers\NIS\1205000.07D

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-20 17:09 . 2010-11-14 15:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 17:08 . 2010-11-14 15:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-05 11:38 . 2010-06-29 09:55 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-11-12 17:53 . 2010-07-03 21:51 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-06 16:43 . 2008-07-24 14:34 1773568 ----a-w- c:\windows\system32\WavesLib.dll

2010-11-06 16:43 . 2008-07-24 14:34 339968 ----a-w- c:\windows\system32\SRSTSXT.dll

2010-11-06 16:43 . 2008-07-24 14:34 135168 ----a-w- c:\windows\system32\SRSWOW.dll

2010-11-06 16:43 . 2010-11-06 16:45 98304 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE

2010-11-06 16:43 . 2008-07-24 14:34 1826816 ----a-w- c:\windows\SkyTel.exe

2010-11-06 16:43 . 2008-07-24 14:34 185776 ----a-w- c:\windows\system32\SRSTSHD.dll

2010-11-06 16:43 . 2008-07-24 14:34 167936 ----a-w- c:\windows\system32\SRSHP360.dll

2010-11-06 16:43 . 2008-07-24 14:34 1196032 ----a-w- c:\windows\RtlUpd.exe

2010-11-06 16:43 . 2008-07-24 14:34 694272 ----a-w- c:\windows\system32\RtkPgExt.dll

2010-11-06 16:43 . 2008-07-24 14:34 31232 ----a-w- c:\windows\system32\RtkCoInst.dll

2010-11-06 16:43 . 2008-07-24 14:33 285216 ----a-w- c:\windows\system32\RtkApoApi.dll

2010-11-06 16:43 . 2008-07-24 14:33 2172416 ----a-w- c:\windows\system32\RtkAPO.dll

2010-11-06 16:43 . 2008-07-24 14:32 532480 ----a-w- c:\windows\system32\RTSndMgr.cpl

2010-11-06 16:43 . 2008-07-24 14:32 2126688 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys

2010-11-06 16:43 . 2008-07-24 14:33 6111232 ----a-w- c:\windows\RtHDVCpl.exe

2010-11-06 16:43 . 2008-07-24 14:32 1929216 ----a-w- c:\windows\system32\MaxxAudioEQ.dll

2010-11-06 16:43 . 2008-07-24 14:31 155648 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll

2010-11-06 16:43 . 2008-07-24 14:31 126976 ----a-w- c:\windows\system32\MaxxAudioAPO.dll

2010-11-06 16:43 . 2008-07-24 14:31 143360 ----a-w- c:\windows\system32\FMAPO.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"RtHDVCpl"="RtHDVCpl.exe" [2010-11-06 6111232]

"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-05 20531]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2010-8-21 1175552]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardMinder Viewer.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk

backup=c:\windows\pss\CardMinder Viewer.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Conversion au format PDF avec ScanSnap Organizer.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Conversion au format PDF avec ScanSnap Organizer.lnk

backup=c:\windows\pss\Conversion au format PDF avec ScanSnap Organizer.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanSnap WIA Service Checker]

2009-09-30 08:07 86016 ----a-w- c:\windows\SSDriver\fi5110\SsWiaChecker.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2010-08-24 09:38 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 136176]

R3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys [2007-01-29 14760]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-29 1343400]

R3 WSDPrintDevice;Prise en charge de l’impression WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1201000.025\SYMDS.SYS [2010-06-13 339504]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS [2010-07-29 666672]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-23 691248]

S1 Fortigen;Fortigen;c:\windows\system32\drivers\fortigen.sys [2007-01-29 14376]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110106.003\IDSvix86.sys [2010-11-09 353912]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1201000.025\Ironx86.SYS [2010-06-27 134704]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NIS\1201000.025\SYMNETS.SYS [2010-07-13 294448]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]

S2 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys [2007-01-29 97192]

S2 FortiRdr;FortiRdr;c:\windows\system32\drivers\FortiRdr.sys [2007-01-29 18728]

S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2010-07-23 126904]

S2 RtkHDMIService;RtkHDMIService;c:\windows\RtkAudioService.exe [2010-11-06 98304]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-01 102448]

S3 Fortidrv2;FortiNet Fortidrv Service;c:\windows\system32\DRIVERS\fortidrv.sys [2010-07-13 22440]

S3 netw5v32;Pilote de carte de liaison WiFi sans fil Intel® 5000 Series pour Windows Vista 32 bits;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

S3 yukonw7;Pilote Miniport NDIS6.2 pour contrôleur Ethernet Marvell Yukon;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contenu du dossier 'Tâches planifiées'

 

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 17:05]

 

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-08 17:05]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

Trusted Zone: airbus.com\services

Trusted Zone: airbus.com\w3

Trusted Zone: creditmutuel.fr\www

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Toolbar-Locked - (no file)

 

 

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.1.0.37\diMaster.dll\" /prefetch:1"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Heure de fin: 2011-01-07 14:14:04

ComboFix-quarantined-files.txt 2011-01-07 13:14

 

Avant-CF: 64 244 936 704 octets libres

Après-CF: 65 497 141 248 octets libres

 

- - End Of File - - 8D909B8551D382E935B256A207D9DE6F