Envahi aussi par Personal shield pro... Fermé

Question

ReBonjour à tous, 
Mon deuxième PC est également envahi par ces VOYOUS!!!! Pour info, j'utilise sur ce PC Mozilla comme navigateur et non Internet explorer. Après la même procédure, vus trouverez ci-dessous le rapport de Combofix.
Merci beaucoup pour votre aide!!!


Configuration: Windows Vista / Firefox 3.6.18


ComboFix 11-08-16.05 - claude 17/08/2011  13:03:40.1.2 - x86
Microsoft® Windows Vista(TM) Professionnel   6.0.6002.2.1252.33.1036.18.2045.1172 [GMT 1:00]
Lancé depuis: c:\users\claude\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\claude\AppData\Local\mlkaa.dat
c:\users\claude\AppData\Local\mlkaa_nav.dat
c:\users\claude\AppData\Local\mlkaa_navps.dat
c:\users\claude\AppData\Local\Temp\FXSCings.dll
c:\users\claude\AppData\Local\wfpfaqb.dat
c:\users\claude\AppData\Local\wfpfaqb_nav.dat
c:\users\claude\AppData\Local\wfpfaqb_navps.dat
c:\users\claude\AppData\Local\wqkcw_navfx.dat
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecsaac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\vjocx.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2011-07-17 au 2011-08-17  ))))))))))))))))))))))))))))))))))))
.
.
2011-08-17 11:02 . 2011-08-12 02:44	7152464	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4162B95-0398-4E1C-B8C6-7F48EC5A2E35}\mpengine.dll
2011-08-16 18:18 . 2011-08-17 11:15	--------	d-----w-	c:\programdata\gC01300PfDiJ01300
2011-08-11 13:02 . 2010-11-30 10:43	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4F75F94-31E8-420C-94FA-71706F0C9C93}\gapaengine.dll
2011-08-11 13:01 . 2011-07-06 15:31	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 12:59 . 2011-06-20 08:54	3550096	----a-w-	c:\windows\system32
toskrnl.exe
2011-08-11 12:59 . 2011-06-17 20:13	913296	----a-w-	c:\windows\system32\drivers	cpip.sys
2011-08-11 12:59 . 2011-06-17 13:31	31232	----a-w-	c:\windows\system32\drivers	cpipreg.sys
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 14:33 . 2011-04-28 14:32	91	----a-w-	c:\users\claude\AppData\Local\wfpfaqb.bat
2011-07-23 11:04 . 2011-08-11 13:00	916480	----a-w-	c:\windows\system32\wininet.dll
2011-07-13 03:39 . 2011-02-11 09:54	6881616	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-17 16:03 . 2011-08-11 13:01	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-06-02 13:34 . 2011-07-13 13:20	2043392	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-18 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"NVHotkey"="c:\windows\system32
vHotkey.dll" [2011-01-07 288872]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-20 1180952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversionun-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
"ECenter"=c:\dell\E-Center\EULALauncher.exe
"OEM02Mon.exe"=c:\windows\OEM02Mon.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl02ede16a;MpKsl02ede16a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0AD6BDD-ADF6-4817-A315-05D79E62D689}\MpKsl02ede16a.sys [x]
R1 MpKsl07a9f9ee;MpKsl07a9f9ee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7D93464-D1EB-4582-965A-8C48B3CB9340}\MpKsl07a9f9ee.sys [x]
R1 MpKsl21a42fea;MpKsl21a42fea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B3FAB2A-6699-4ADA-949C-48DCC196F303}\MpKsl21a42fea.sys [x]
R1 MpKsl242bebc5;MpKsl242bebc5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23B48964-2064-4397-8360-8CF6781AD33F}\MpKsl242bebc5.sys [x]
R1 MpKsl2eba71c6;MpKsl2eba71c6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B3FAB2A-6699-4ADA-949C-48DCC196F303}\MpKsl2eba71c6.sys [x]
R1 MpKsl3b7c691c;MpKsl3b7c691c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4162B95-0398-4E1C-B8C6-7F48EC5A2E35}\MpKsl3b7c691c.sys [x]
R1 MpKsl418bb359;MpKsl418bb359;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E29A4A4A-847A-443B-934B-1030A00B114E}\MpKsl418bb359.sys [x]
R1 MpKsl41d128e0;MpKsl41d128e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57529511-69D3-40DB-9F98-367BB8288FDD}\MpKsl41d128e0.sys [x]
R1 MpKsl718bdcc7;MpKsl718bdcc7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FAF1E885-C7C8-4D88-BAB5-93B10BA56D63}\MpKsl718bdcc7.sys [x]
R1 MpKsl9a1ea875;MpKsl9a1ea875;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{719A433F-115A-4B50-8201-F37E13BDB1D6}\MpKsl9a1ea875.sys [x]
R1 MpKslb6055978;MpKslb6055978;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7D93464-D1EB-4582-965A-8C48B3CB9340}\MpKslb6055978.sys [x]
R1 MpKslb76be6ae;MpKslb76be6ae;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77A24431-D2DE-411E-BE11-74B54BFE0C84}\MpKslb76be6ae.sys [x]
R1 MpKslb95a8c61;MpKslb95a8c61;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A849860-DE33-4089-A912-570C172EEC07}\MpKslb95a8c61.sys [x]
R1 MpKslc87cb892;MpKslc87cb892;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7D93464-D1EB-4582-965A-8C48B3CB9340}\MpKslc87cb892.sys [x]
R1 MpKsld6e2c7e6;MpKsld6e2c7e6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E257FB45-8CFE-4BE0-8E2F-9EAFC98594A9}\MpKsld6e2c7e6.sys [x]
R1 MpKsld89c4de2;MpKsld89c4de2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C6A1BD9-DD5C-4FAA-8FB7-0ACA673B8042}\MpKsld89c4de2.sys [x]
R1 MpKsldc64ac8b;MpKsldc64ac8b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95AAF603-3C46-4E15-A9B7-8EA4465ABB59}\MpKsldc64ac8b.sys [x]
R1 MpKsle29c4132;MpKsle29c4132;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FAF1E885-C7C8-4D88-BAB5-93B10BA56D63}\MpKsle29c4132.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
R3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-01-24 310640]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision
vSCPAPISvr.exe [2011-01-07 378984]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-03-30 1523008]
S3 NETwLv32;    Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
vvdsvc	REG_MULTI_SZ   	vvdsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 07:41]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 07:41]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.fr/
uDefault_Search_URL = hxxp://www.cherche.us/keyword/
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms}
uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Recherche avec cherche.us - c:\users\claude\scriptjava.html
Trusted Zone: chat-land.org
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\claude\AppData\Roaming\Mozilla\Firefox\Profiles\p8vy98nr.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-17 13:23
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32
vvsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32
vvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2011-08-17  13:27:57 - La machine a redémarré
ComboFix-quarantined-files.txt  2011-08-17 12:27
.
Avant-CF: 67 551 780 864 octets libres
Après-CF: 67 468 681 216 octets libres
.
- - End Of File - - 1ABE4C518B53A83E2A98260F870A2ADF

Salisa13 · Answer

c'est le même problème sur ce PC : plus de fenêtres intempestives pour le moment!!!

supersiteweb67 · Answer

Un scan avec Rogue killer !

Envahi aussi par Personal shield pro...

2 réponses

Discussions similaires