Avira Search Free Toolbar Plus Web protection

lou37 · le 23 septembre 2011

BONJOUR jai fais ce que tu ma dis je poste le rapport

ComboFix 11-09-23.03 - Poste 23/09/2011 15:41:57.2.1 - x86

Lancé depuis: c:\documents and settings\Poste\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Poste\Bureau\CFScript.txt

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\cryptsvc.dll . . . est infecté!!

.

c:\windows\system32\es.dll . . . est infecté!!

.

c:\windows\system32\ntmssvc.dll . . . est infecté!!

.

c:\windows\system32\termsrv.dll . . . est infecté!!

.

c:\windows\system32\srsvc.dll . . . est infecté!!

.

c:\windows\system32\wiaservc.dll . . . est infecté!!

.

c:\windows\pchealth\helpctr\binaries\pchsvc.dll . . . est infecté!!

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-08-23 au 2011-09-23 ))))))))))))))))))))))))))))))))))))

.

2011-09-23 13:18 . 2011-09-23 13:18 -------- d-----w- C:\Nouveau dossier

2011-09-22 13:08 . 2011-09-22 13:08 -------- d-----w- c:\documents and settings\Poste\Local Settings\Application Data\Help

2011-09-22 09:46 . 2011-09-22 09:46 -------- d-----w- c:\documents and settings\Poste\Application Data\RegistryKeys

2011-09-19 14:48 . 2011-09-19 14:48 -------- d-----w- c:\documents and settings\Poste\Application Data\Malwarebytes

2011-09-19 14:48 . 2011-09-19 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-09-19 14:48 . 2011-09-19 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-19 14:48 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-16 13:20 . 2011-09-16 13:20 -------- d-----w- c:\program files\Ad-Remover

2011-09-16 13:12 . 2011-09-16 13:14 -------- d-----w- C:\Kill'em

2011-09-16 13:11 . 2011-09-16 13:11 -------- d--h--w- c:\windows\PIF

2011-09-14 18:45 . 2011-09-14 18:45 -------- d-----w- c:\program files\Trend Micro

2011-09-14 13:24 . 2011-09-15 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2011-09-14 12:25 . 2011-09-14 12:25 -------- d-----w- c:\documents and settings\Administrateur

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-21 12:18 . 2011-05-13 08:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-03 10:17 . 2008-04-14 12:00 606208 ----a-w- c:\windows\system32\crypt32.dll

2011-09-01 09:42 . 2008-04-14 12:00 113170 ----a-w- c:\windows\system32\perfc00C.dat

2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2008-04-14 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-09-09 12:54 . 2011-03-23 14:46 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

Erreur des Services de cryptographie !!

.

((((((((((((((((((((((((((((( SnapShot@2011-09-22_20.53.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-23 07:58 . 2011-09-23 07:58 98816 c:\windows\Installer\8e1b44.msi

+ 2011-09-23 07:55 . 2011-09-23 07:55 22016 c:\windows\Installer\8e1a3f.msi

+ 2011-09-23 07:55 . 2011-09-23 07:55 58880 c:\windows\Installer\8e1a37.msi

+ 2011-09-23 07:40 . 2011-09-23 07:40 83456 c:\windows\Installer\8e199d.msi

+ 2011-09-23 07:39 . 2011-09-23 07:39 27136 c:\windows\Installer\8e1989.msi

- 2010-10-19 08:08 . 2010-10-19 08:08 61272 c:\windows\Installer\{B3B487E7-6171-4376-9074-B28082CEB504}\IconWlc.exe

+ 2011-09-23 07:56 . 2011-09-23 07:56 61272 c:\windows\Installer\{B3B487E7-6171-4376-9074-B28082CEB504}\IconWlc.exe

- 2010-10-19 08:09 . 2010-10-19 08:09 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe

+ 2011-09-23 07:56 . 2011-09-23 07:56 58945 c:\windows\Installer\{5DD76286-9BE7-4894-A990-E905E91AC818}\wlmail.exe

- 2010-10-19 08:08 . 2010-10-19 08:08 80395 c:\windows\Installer\{445B183D-F4F1-45C8-B9DB-F11355CA657B}\MsblIco.Exe

+ 2011-09-23 07:57 . 2011-09-23 07:57 80395 c:\windows\Installer\{445B183D-F4F1-45C8-B9DB-F11355CA657B}\MsblIco.Exe

+ 2007-11-06 23:19 . 2007-11-06 23:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

- 2010-05-20 23:09 . 2010-05-20 23:09 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll

+ 2007-11-06 23:19 . 2007-11-06 23:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

- 2010-05-20 23:09 . 2010-05-20 23:09 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll

- 2010-05-20 23:09 . 2010-05-20 23:09 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

+ 2007-11-06 18:23 . 2007-11-06 18:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll

+ 2010-10-14 15:09 . 2011-09-23 08:08 136464 c:\windows\system32\FNTCACHE.DAT

+ 2011-09-23 07:58 . 2011-09-23 07:58 177152 c:\windows\Installer\8e1b8b.msi

+ 2011-09-23 07:58 . 2011-09-23 07:58 727040 c:\windows\Installer\8e1b66.msi

+ 2011-09-23 07:58 . 2011-09-23 07:58 483328 c:\windows\Installer\8e1b57.msi

+ 2011-09-23 07:57 . 2011-09-23 07:57 779264 c:\windows\Installer\8e1b33.msi

+ 2011-09-23 07:57 . 2011-09-23 07:57 429056 c:\windows\Installer\8e1ae7.msi

+ 2011-09-23 07:56 . 2011-09-23 07:56 149504 c:\windows\Installer\8e1aa8.msi

+ 2011-09-23 07:56 . 2011-09-23 07:56 816640 c:\windows\Installer\8e1a99.msi

+ 2011-09-23 07:55 . 2011-09-23 07:55 107008 c:\windows\Installer\8e1a29.msi

+ 2011-09-23 07:55 . 2011-09-23 07:55 301056 c:\windows\Installer\8e1a1b.msi

+ 2011-09-23 07:55 . 2011-09-23 07:55 970240 c:\windows\Installer\8e19bb.msi

+ 2011-09-23 07:39 . 2011-09-23 07:39 155648 c:\windows\Installer\8e1992.msi

- 2010-10-19 08:10 . 2010-10-19 08:10 132096 c:\windows\Installer\{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}\WLXPhotoGalleryIcon.exe

+ 2011-09-23 07:57 . 2011-09-23 07:57 132096 c:\windows\Installer\{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}\WLXPhotoGalleryIcon.exe

+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows\Installer\4ce49.msp

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"OlStatusMon"="c:\program files\Olivetti\ANY_WAY\olDvcStatus.exe" [2006-07-26 106496]

"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Poste\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]

2003-06-26 02:02 0 ----a-w- c:\program files\Creative\Shared Files\CamTray.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 136176]

R2 olMntrService;olMntrService;c:\program files\Olivetti\ANY_WAY\olMntrService.exe [2006-07-24 86016]

R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 136176]

R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-09-12 251248]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

.

Contenu du dossier 'Tâches planifiées'

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 08:58]

.

2011-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-02 08:58]

.

------- Examen supplémentaire -------

.

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 212.27.40.240 212.27.40.241

FF - ProfilePath - c:\documents and settings\Poste\Application Data\Mozilla\Firefox\Profiles\r1ncdt2x.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-23 16:42

Windows 5.1.2600 Service Pack 3 NTFS

.

Recherche de processus cachés ...

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

.

- - - - - - - > 'explorer.exe'(1540)

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Heure de fin: 2011-09-23 16:43:51

ComboFix-quarantined-files.txt 2011-09-23 14:43

.

Avant-CF: 58 499 788 800 octets libres

Après-CF: 58 496 933 888 octets libres

.

- - End Of File - - 5F9E9E4C17C585BC0060E5A397DD5BCB

Apollo · le 23 septembre 2011

Cela n'a malheureusement pas marché.

ComboFix n'a pas trouvé d'éléments sains pour remplacer les fichiers infectés.

On va utiliser le Virus removal tool de Kaspersky.

Apollo Et Compagnie :: Kaspersky Virus Removal Tool en français

L'analyse risque d'être longue.

@++

Connexion

Pas encore inscrit ?

Avira Search Free Toolbar Plus Web protection

Messages recommandés

lou37

Apollo

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer