Bonjour, depuis quelques jours je suis infecté par le virus win32 rootkit-gen rtk et mon antivirus (Avast) n'est pas capable me le supprimer. J'aimerais beaucoup cela si vous pouviez m'aider. J'ai fais faire un rapport par ComboFix.
Ah oui et je fonctionne sous Windows XP.
Merci d'avance pour votre aide.
Voici donc le rapport:
`ComboFix 10-03-08.01 - Guilbault 2010-03-08 16:50:29.2.4 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1917.1155 [GMT -5:00]
Lancé depuis: d:\downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100308-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\js.mui
c:\windows\system32\AVSredirect.dll
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-08 au 2010-03-08 ))))))))))))))))))))))))))))))))))))
.
2010-03-08 21:47 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-08 21:47 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-08 21:46 . 2010-03-08 21:46 -------- d-----w- c:\program files\iPod
2010-03-08 21:46 . 2010-03-08 21:47 -------- d-----w- c:\program files\iTunes
2010-03-08 21:46 . 2010-03-08 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-08 21:46 . 2010-03-08 21:46 -------- d-----w- c:\program files\Bonjour
2010-03-08 21:45 . 2010-03-08 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-08 21:43 . 2010-03-08 21:47 -------- d-----w- c:\windows\LastGood
2010-03-08 21:14 . 2010-03-08 21:14 -------- d-----w- c:\documents and settings\Guilbault\Local Settings\Application Data\Geckofx
2010-03-08 21:14 . 2010-03-08 21:14 -------- d-----w- c:\program files\Red Kawa
2010-03-05 01:17 . 2008-08-13 15:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-03-05 01:17 . 2008-08-13 15:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-05 01:10 . 2010-03-05 01:10 -------- d-----w- c:\documents and settings\Guilbault\Local Settings\Application Data\WinAVI
2010-03-05 01:10 . 2010-03-05 01:10 -------- d-----w- c:\program files\WinAVI Video Converter
2010-03-05 00:38 . 2010-03-05 00:22 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-05 00:21 . 2010-03-05 00:21 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-03-05 00:21 . 2010-03-05 00:21 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-03-05 00:21 . 2010-03-05 00:21 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-05 00:21 . 2010-03-05 00:21 329048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-03-05 00:21 . 2010-03-05 00:21 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-03-05 00:21 . 2010-03-05 00:21 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-05 00:21 . 2010-03-05 00:21 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-03-05 00:21 . 2010-03-05 00:21 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-03-05 00:21 . 2010-03-05 00:21 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-03-05 00:21 . 2010-03-05 00:21 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-03-05 00:21 . 2010-03-05 00:21 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-03-05 00:21 . 2010-03-05 00:21 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-03-05 00:19 . 2010-03-05 00:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-05 00:19 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-05 00:19 . 2010-03-05 00:19 -------- d-----w- c:\program files\Lavasoft
2010-03-04 23:43 . 2010-03-04 23:43 -------- d-----w- c:\program files\Trend Micro
2010-03-04 23:35 . 2008-04-13 15:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-04 23:35 . 2008-04-13 15:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-04 23:35 . 2008-04-13 15:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-04 23:35 . 2008-04-13 15:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-04 23:35 . 2008-04-13 15:41 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-15 23:41 . 2010-02-15 23:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 21:47 . 2009-04-23 22:39 -------- d-----w- c:\documents and settings\Guilbault\Application Data\Apple Computer
2010-03-08 21:46 . 2009-11-02 15:27 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-03-08 21:46 . 2009-11-02 15:26 -------- d-----w- c:\program files\QuickTime
2010-03-08 21:14 . 2010-03-05 01:18 -------- d-----w- c:\program files\AviSynth 2.5
2010-03-08 05:09 . 2008-12-27 20:15 -------- d-----w- c:\program files\LogMeIn
2010-03-08 04:44 . 2009-12-03 22:19 -------- d-----w- c:\documents and settings\Guilbault\Application Data\SolSuite
2010-03-08 01:53 . 2009-01-20 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-05 01:26 . 2010-01-15 01:19 -------- d-----w- c:\program files\VSO
2010-03-05 01:18 . 2010-03-05 01:18 -------- d-----w- c:\documents and settings\Guilbault\Application Data\AVS4YOU
2010-03-05 01:18 . 2010-03-05 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-03-05 01:18 . 2010-03-05 01:17 -------- d-----w- c:\program files\AVS4YOU
2010-03-05 01:18 . 2010-03-05 01:18 -------- d-----w- c:\program files\eRightSoft
2010-03-05 01:18 . 2010-03-05 01:17 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2010-03-05 01:06 . 2008-12-19 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-03-05 01:05 . 2008-12-19 14:34 -------- d-----w- c:\documents and settings\Guilbault\Application Data\Spyware Terminator
2010-03-05 01:05 . 2008-12-19 14:34 -------- d-----w- c:\program files\Spyware Terminator
2010-03-05 00:22 . 2010-03-05 00:22 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-05 00:22 . 2010-03-05 00:22 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-05 00:22 . 2010-03-05 00:22 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-05 00:22 . 2010-03-05 00:22 884176 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-03-05 00:22 . 2010-03-05 00:22 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-05 00:22 . 2010-03-05 00:22 211064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 00:16 . 2009-01-20 18:52 -------- d-----w- c:\program files\Google
2010-01-15 01:20 . 2010-01-15 01:20 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-15 01:20 . 2010-01-15 01:20 47360 ----a-w- c:\documents and settings\Guilbault\Application Data\pcouffin.sys
2010-01-15 01:20 . 2010-01-15 01:20 47360 ----a-w- c:\documents and settings\Guilbault\Application Data\pcouffin.sys
2009-12-16 23:52 . 2002-09-07 00:00 85608 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-16 23:52 . 2002-09-07 00:00 513410 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-16 21:05 . 2010-01-15 00:26 471040 ----a-w- c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2009-12-16 21:05 . 2010-01-15 00:26 347136 ----a-w- c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-16 21:05 . 2010-01-15 00:26 340992 ----a-w- c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 21:05 . 2010-01-15 00:26 43008 ----a-w- c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 21:05 . 2010-01-15 00:26 1452032 ----a-w- c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2001-11-15 02:43 . 2009-11-16 22:26 413696 ----a-w- c:\program files\WinISO.exe
2006-05-03 10:06 . 2010-03-05 01:18 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-03-05 01:18 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-03-05 01:18 216064 --sh--r- c:\windows\system32\nbDX.dll
.
- Code: Tout sélectionner
<pre>
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Druide\Antidote\Antidote\gestionnaire antidote .exe
c:\program files\Fichiers communs\Adobe\ARM\1.0\adobearm .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\LogMeIn\x86\logmeinsystray .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
</pre>
((((((((((((((((((((((((((((( SnapShot@2010-03-04_23.57.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 01:54 . 2009-07-12 01:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 06:07 . 2009-07-12 06:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 06:19 . 2009-07-12 06:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2010-03-08 13:37 . 2010-03-08 13:37 16384 c:\windows\Temp\Perflib_Perfdata_628.dat
+ 2010-03-08 13:37 . 2010-03-08 13:37 16384 c:\windows\Temp\Perflib_Perfdata_2f0.dat
+ 2010-03-05 01:18 . 2004-01-25 05:00 70656 c:\windows\system32\yv12vfw.dll
- 2008-12-05 21:56 . 2010-03-04 23:31 43008 c:\windows\system32\igfxpers.exe
+ 2008-12-05 21:56 . 2010-03-05 00:05 43008 c:\windows\system32\igfxpers.exe
+ 2010-03-05 01:18 . 2004-01-25 05:00 70656 c:\windows\system32\i420vfw.dll
+ 2008-12-05 21:56 . 2010-03-05 00:05 43008 c:\windows\system32\hkcmd.exe
- 2008-12-05 21:56 . 2010-03-04 23:31 43008 c:\windows\system32\hkcmd.exe
+ 2010-03-08 21:43 . 2009-08-29 00:42 40448 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaapl.sys
+ 2010-03-08 21:43 . 2009-08-29 00:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2010-03-05 00:22 . 2010-02-04 15:53 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2010-03-08 21:47 . 2009-05-18 19:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2010-03-05 00:22 . 2010-02-04 15:53 64288 c:\windows\system32\drivers\Lbd.sys
+ 2008-12-12 16:11 . 2008-12-12 16:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 16:18 . 2008-12-12 16:18 87336 c:\windows\system32\dns-sd.exe
+ 2010-03-05 00:19 . 2010-03-05 00:19 29926 c:\windows\Installer\{338F08AB-C262-42C7-B000-34DE1A475273}\_6FEFF9B68218417F98F549.exe
+ 2010-03-08 21:46 . 2010-03-08 21:46 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2010-03-05 01:17 . 2008-08-13 15:22 487424 c:\windows\system32\msvcp70.dll
+ 2010-03-05 01:17 . 2008-08-13 15:22 974848 c:\windows\system32\mfc70.dll
+ 2010-03-08 21:47 . 2008-04-17 18:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2004-05-26 12:37 . 2004-05-26 12:37 719872 c:\windows\system32\devil.dll
+ 2008-12-21 21:46 . 2008-12-21 21:46 351744 c:\windows\system32\avisynth.dll
+ 2010-03-05 00:19 . 2010-03-05 00:19 167424 c:\windows\Installer\da997.msi
+ 2010-03-05 01:17 . 2010-03-05 01:17 424960 c:\windows\Installer\42cf7e.msi
+ 2010-03-08 21:42 . 2010-03-08 21:42 796672 c:\windows\Installer\1bc9ada.msi
+ 2010-03-08 21:47 . 2010-03-08 21:47 102400 c:\windows\Installer\{81063354-9060-42B2-A000-1EBE96778AA9}\iTunesIco.exe
+ 2009-07-12 01:46 . 2009-07-12 01:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2010-03-08 21:43 . 2009-08-29 00:42 2065696 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaaplrc.dll
+ 2010-03-08 21:43 . 2009-08-29 00:42 1417504 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2010-03-05 00:19 . 2010-03-05 00:19 1859584 c:\windows\Installer\da98c.msi
+ 2010-03-08 21:47 . 2010-03-08 21:47 4449280 c:\windows\Installer\1bc9d7b.msi
+ 2010-03-08 21:46 . 2010-03-08 21:46 1659392 c:\windows\Installer\1bc9d77.msi
+ 2010-03-08 21:45 . 2010-03-08 21:45 9473024 c:\windows\Installer\1bc9d71.msi
+ 2010-03-08 21:43 . 2010-03-08 21:43 3310592 c:\windows\Installer\1bc9ae4.msi
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="c:\progra~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2010-03-06 43008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [N/A]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-05 43008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-05 43008]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-03-05 43008]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-05 43008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-03-05 43008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 14:49 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-03-05 00:06 43008 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
c:\program files\Electronic Arts\EADM\Core.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 22:07 1828136 ----a-w- c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 14:59 570664 ----a-w- c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-06-13 06:50 16871936 ------r- c:\windows\RTHDCPL.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\RapidSolution\\Tunebite\\Tunebite.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-03-04 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-09-10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-09-10 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1229232]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-27 47640]
R3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\system32\drivers\AsAudioDevice_351.sys [2009-04-07 16640]
R3 DsAudioDevice_310;DsAudioDevice_310;c:\windows\system32\drivers\DsAudioDevice_310.sys [2009-04-07 16640]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-05 110080]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - APPLE_MOBILE_DEVICE
*NewlyCreated* - BONJOUR_SERVICE
*NewlyCreated* - IPOD_SERVICE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'
2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:21]
2010-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-03-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-20 19:08]
2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 04:08]
2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 04:08]
.
.
------- Examen supplémentaire -------
.
uStart Page =
hxxp://www.google.ca/uDefault_Search_URL =
hxxp://www.google.com/ieuInternet Settings,ProxyOverride = *.local
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B69970DD-64FE-4413-85ED-F0B320FF405F} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\
FF - component: c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-08 16:54
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Heure de fin: 2010-03-08 16:55:48
ComboFix-quarantined-files.txt 2010-03-08 21:55
ComboFix2.txt 2010-03-04 23:58
Avant-CF: 19 967 737 856 octets libres
Après-CF: 20 250 091 520 octets libres
- - End Of File - - EB005B1D5F6A4D99766CA40C982BCCAF