win32 rootkit-gen rtk

[inconnue007]

Bonjour, depuis quelques jours je suis infecté par le virus win32 rootkit-gen rtk et mon antivirus (Avast) n'est pas capable me le supprimer. J'aimerais beaucoup cela si vous pouviez m'aider. J'ai fais faire un rapport par ComboFix.

Ah oui et je fonctionne sous Windows XP.

Merci d'avance pour votre aide.

Voici donc le rapport:

`ComboFix 10-03-08.01 - Guilbault 2010-03-08 16:50:29.2.4 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1917.1155 [GMT -5:00]
Lancé depuis: d:\downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100308-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\js.mui
c:\windows\system32\AVSredirect.dll
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-08 au 2010-03-08 ))))))))))))))))))))))))))))))))))))
.

2010-03-08 21:47 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-03-08 21:47 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-03-08 21:46 . 2010-03-08 21:46 -------- d-----w- c:\program files\iPod
2010-03-08 21:46 . 2010-03-08 21:47 -------- d-----w- c:\program files\iTunes
2010-03-08 21:46 . 2010-03-08 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-08 21:46 . 2010-03-08 21:46 -------- d-----w- c:\program files\Bonjour
2010-03-08 21:45 . 2010-03-08 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-08 21:43 . 2010-03-08 21:47 -------- d-----w- c:\windows\LastGood
2010-03-08 21:14 . 2010-03-08 21:14 -------- d-----w- c:\documents and settings\Guilbault\Local Settings\Application Data\Geckofx
2010-03-08 21:14 . 2010-03-08 21:14 -------- d-----w- c:\program files\Red Kawa
2010-03-05 01:17 . 2008-08-13 15:22 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-03-05 01:17 . 2008-08-13 15:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-03-05 01:10 . 2010-03-05 01:10 -------- d-----w- c:\documents and settings\Guilbault\Local Settings\Application Data\WinAVI
2010-03-05 01:10 . 2010-03-05 01:10 -------- d-----w- c:\program files\WinAVI Video Converter
2010-03-05 00:38 . 2010-03-05 00:22 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-05 00:21 . 2010-03-05 00:21 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-03-05 00:21 . 2010-03-05 00:21 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-03-05 00:21 . 2010-03-05 00:21 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-05 00:21 . 2010-03-05 00:21 329048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-03-05 00:21 . 2010-03-05 00:21 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-03-05 00:21 . 2010-03-05 00:21 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-05 00:21 . 2010-03-05 00:21 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-03-05 00:21 . 2010-03-05 00:21 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-03-05 00:21 . 2010-03-05 00:21 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-03-05 00:21 . 2010-03-05 00:21 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-03-05 00:21 . 2010-03-05 00:21 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-03-05 00:21 . 2010-03-05 00:21 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-03-05 00:19 . 2010-03-05 00:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-05 00:19 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-05 00:19 . 2010-03-05 00:19 -------- d-----w- c:\program files\Lavasoft
2010-03-04 23:43 . 2010-03-04 23:43 -------- d-----w- c:\program files\Trend Micro
2010-03-04 23:35 . 2008-04-13 15:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-04 23:35 . 2008-04-13 15:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-04 23:35 . 2008-04-13 15:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-04 23:35 . 2008-04-13 15:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-04 23:35 . 2008-04-13 15:41 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-02-15 23:41 . 2010-02-15 23:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 21:47 . 2009-04-23 22:39 -------- d-----w- c:\documents and settings\Guilbault\Application Data\Apple Computer
2010-03-08 21:46 . 2009-11-02 15:27 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-03-08 21:46 . 2009-11-02 15:26 -------- d-----w- c:\program files\QuickTime
2010-03-08 21:14 . 2010-03-05 01:18 -------- d-----w- c:\program files\AviSynth 2.5
2010-03-08 05:09 . 2008-12-27 20:15 -------- d-----w- c:\program files\LogMeIn
2010-03-08 04:44 . 2009-12-03 22:19 -------- d-----w- c:\documents and settings\Guilbault\Application Data\SolSuite
2010-03-08 01:53 . 2009-01-20 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-05 01:26 . 2010-01-15 01:19 -------- d-----w- c:\program files\VSO
2010-03-05 01:18 . 2010-03-05 01:18 -------- d-----w- c:\documents and settings\Guilbault\Application Data\AVS4YOU
2010-03-05 01:18 . 2010-03-05 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-03-05 01:18 . 2010-03-05 01:17 -------- d-----w- c:\program files\AVS4YOU
2010-03-05 01:18 . 2010-03-05 01:18 -------- d-----w- c:\program files\eRightSoft
2010-03-05 01:18 . 2010-03-05 01:17 -------- d-----w- c:\program files\Fichiers communs\AVSMedia
2010-03-05 01:06 . 2008-12-19 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-03-05 01:05 . 2008-12-19 14:34 -------- d-----w- c:\documents and settings\Guilbault\Application Data\Spyware Terminator
2010-03-05 01:05 . 2008-12-19 14:34 -------- d-----w- c:\program files\Spyware Terminator
2010-03-05 00:22 . 2010-03-05 00:22 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-05 00:22 . 2010-03-05 00:22 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-05 00:22 . 2010-03-05 00:22 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-05 00:22 . 2010-03-05 00:22 884176 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-03-05 00:22 . 2010-03-05 00:22 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-05 00:22 . 2010-03-05 00:22 211064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 00:16 . 2009-01-20 18:52 -------- d-----w- c:\program files\Google
2010-01-15 01:20 . 2010-01-15 01:20 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-15 01:20 . 2010-01-15 01:20 47360 ----a-w- c:\documents and settings\Guilbault\Application Data\pcouffin.sys
2010-01-15 01:20 . 2010-01-15 01:20 47360 ----a-w- c:\documents and settings\Guilbault\Application Data\pcouffin.sys
2009-12-16 23:52 . 2002-09-07 00:00 85608 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-16 23:52 . 2002-09-07 00:00 513410 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-16 21:05 . 2010-01-15 00:26 471040 ----a-w- c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2009-12-16 21:05 . 2010-01-15 00:26 347136 ----a-w- c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-16 21:05 . 2010-01-15 00:26 340992 ----a-w- c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 21:05 . 2010-01-15 00:26 43008 ----a-w- c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 21:05 . 2010-01-15 00:26 1452032 ----a-w- c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2001-11-15 02:43 . 2009-11-16 22:26 413696 ----a-w- c:\program files\WinISO.exe
2006-05-03 10:06 . 2010-03-05 01:18 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-03-05 01:18 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-03-05 01:18 216064 --sh--r- c:\windows\system32\nbDX.dll
.

Code: Tout sélectionner

<pre>
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Druide\Antidote\Antidote\gestionnaire antidote .exe
c:\program files\Fichiers communs\Adobe\ARM\1.0\adobearm .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\LogMeIn\x86\logmeinsystray .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-03-04_23.57.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 01:54 . 2009-07-12 01:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-12 01:32 . 2009-07-12 01:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-12 06:07 . 2009-07-12 06:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 06:19 . 2009-07-12 06:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2010-03-08 13:37 . 2010-03-08 13:37 16384 c:\windows\Temp\Perflib_Perfdata_628.dat
+ 2010-03-08 13:37 . 2010-03-08 13:37 16384 c:\windows\Temp\Perflib_Perfdata_2f0.dat
+ 2010-03-05 01:18 . 2004-01-25 05:00 70656 c:\windows\system32\yv12vfw.dll
- 2008-12-05 21:56 . 2010-03-04 23:31 43008 c:\windows\system32\igfxpers.exe
+ 2008-12-05 21:56 . 2010-03-05 00:05 43008 c:\windows\system32\igfxpers.exe
+ 2010-03-05 01:18 . 2004-01-25 05:00 70656 c:\windows\system32\i420vfw.dll
+ 2008-12-05 21:56 . 2010-03-05 00:05 43008 c:\windows\system32\hkcmd.exe
- 2008-12-05 21:56 . 2010-03-04 23:31 43008 c:\windows\system32\hkcmd.exe
+ 2010-03-08 21:43 . 2009-08-29 00:42 40448 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaapl.sys
+ 2010-03-08 21:43 . 2009-08-29 00:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2010-03-05 00:22 . 2010-02-04 15:53 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2010-03-08 21:47 . 2009-05-18 19:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2010-03-05 00:22 . 2010-02-04 15:53 64288 c:\windows\system32\drivers\Lbd.sys
+ 2008-12-12 16:11 . 2008-12-12 16:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 16:18 . 2008-12-12 16:18 87336 c:\windows\system32\dns-sd.exe
+ 2010-03-05 00:19 . 2010-03-05 00:19 29926 c:\windows\Installer\{338F08AB-C262-42C7-B000-34DE1A475273}\_6FEFF9B68218417F98F549.exe
+ 2010-03-08 21:46 . 2010-03-08 21:46 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 06:12 . 2009-07-12 06:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 06:09 . 2009-07-12 06:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 06:08 . 2009-07-12 06:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2010-03-05 01:17 . 2008-08-13 15:22 487424 c:\windows\system32\msvcp70.dll
+ 2010-03-05 01:17 . 2008-08-13 15:22 974848 c:\windows\system32\mfc70.dll
+ 2010-03-08 21:47 . 2008-04-17 18:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2004-05-26 12:37 . 2004-05-26 12:37 719872 c:\windows\system32\devil.dll
+ 2008-12-21 21:46 . 2008-12-21 21:46 351744 c:\windows\system32\avisynth.dll
+ 2010-03-05 00:19 . 2010-03-05 00:19 167424 c:\windows\Installer\da997.msi
+ 2010-03-05 01:17 . 2010-03-05 01:17 424960 c:\windows\Installer\42cf7e.msi
+ 2010-03-08 21:42 . 2010-03-08 21:42 796672 c:\windows\Installer\1bc9ada.msi
+ 2010-03-08 21:47 . 2010-03-08 21:47 102400 c:\windows\Installer\{81063354-9060-42B2-A000-1EBE96778AA9}\iTunesIco.exe
+ 2009-07-12 01:46 . 2009-07-12 01:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2010-03-08 21:43 . 2009-08-29 00:42 2065696 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaaplrc.dll
+ 2010-03-08 21:43 . 2009-08-29 00:42 1417504 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
+ 2010-03-05 00:19 . 2010-03-05 00:19 1859584 c:\windows\Installer\da98c.msi
+ 2010-03-08 21:47 . 2010-03-08 21:47 4449280 c:\windows\Installer\1bc9d7b.msi
+ 2010-03-08 21:46 . 2010-03-08 21:46 1659392 c:\windows\Installer\1bc9d77.msi
+ 2010-03-08 21:45 . 2010-03-08 21:45 9473024 c:\windows\Installer\1bc9d71.msi
+ 2010-03-08 21:43 . 2010-03-08 21:43 3310592 c:\windows\Installer\1bc9ae4.msi
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="c:\progra~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2010-03-06 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [N/A]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-05 43008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-05 43008]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-03-05 43008]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-05 43008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-03-05 43008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 14:49 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-03-05 00:06 43008 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
c:\program files\Electronic Arts\EADM\Core.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 22:07 1828136 ----a-w- c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 14:59 570664 ----a-w- c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-06-13 06:50 16871936 ------r- c:\windows\RTHDCPL.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\RapidSolution\\Tunebite\\Tunebite.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-03-04 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-09-10 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-09-10 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1229232]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-12-27 47640]
R3 AsAudioDevice_351;AsAudioDevice_351;c:\windows\system32\drivers\AsAudioDevice_351.sys [2009-04-07 16640]
R3 DsAudioDevice_310;DsAudioDevice_310;c:\windows\system32\drivers\DsAudioDevice_310.sys [2009-04-07 16640]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-05 110080]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - APPLE_MOBILE_DEVICE
*NewlyCreated* - BONJOUR_SERVICE
*NewlyCreated* - IPOD_SERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenu du dossier 'Tâches planifiées'

2010-03-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:21]

2010-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-20 19:08]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 04:08]

2010-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-02 04:08]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B69970DD-64FE-4413-85ED-F0B320FF405F} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\
FF - component: c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Guilbault\Application Data\Mozilla\Firefox\Profiles\9blaesen.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 16:54
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Heure de fin: 2010-03-08 16:55:48
ComboFix-quarantined-files.txt 2010-03-08 21:55
ComboFix2.txt 2010-03-04 23:58

Avant-CF: 19 967 737 856 octets libres
Après-CF: 20 250 091 520 octets libres

- - End Of File - - EB005B1D5F6A4D99766CA40C982BCCAF

[Jypalou]

Bonjour,fait ceci:
Télécharge Toolbar-S&D De Angeldark, Sham_Rock & XmichouX . ICI


Désactive les protections résidentes.

Pour les utilisateurs de Windows Vista,Windows 7 , désactiver également l' UAC .

Aide en Image

Télécharger et Exécuter en tant qu'Administrateur

Aide en images.

Double-clique sur l'icône afin de lancer l'installation .

Une fois installé, un raccourci sera ajouté sur le Bureau. Double-clique dessus pour démarrer l'outil.

Dans la fenêtre qui s'ouvre,pour le choix de la langue tape : "F".

Appuis une fois sur la touche "Entrée".

Dans la fenêtre qui s'ouvre fais le choix N°1 (recherche).

Appuis une fois sur la touche "Entrée".

Patiente jusqu'à la fin de la recherche.

Sauvegarde le rapport qui s'ouvre à la fin du scan sur ton bureau.

Poste le rapport.

NB. Si celui-ci n'apparait pas automatiquement, tu le trouveras dans C:\TB.txt
A+

[inconnue007]

Merci de ta réponse!

Voici le rapport:


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : BIOS Date: 07/16/08 09:04:06 Ver: 08.00.14
USER : Guilbault ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1368 [VPS 100309-0] 4.8.1368 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:17 Go)
D:\ (Local Disk) - NTFS - Total:298 Go (Free:218 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 2010-03-09|17:00 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\BitLord
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\BitLord\BitLord.xml
C:\Program Files\BitLord\Downloads
C:\Program Files\BitLord\Downloads.xml
C:\Program Files\BitLord\lang
C:\Program Files\BitLord\License.txt
C:\Program Files\BitLord\rules
C:\Program Files\BitLord\Torrents
C:\Program Files\BitLord\uninst.exe
C:\Program Files\BitLord\Downloads\LimeWireWin.exe
C:\Program Files\BitLord\Downloads\NSMB(compress).iso
C:\Program Files\BitLord\Downloads\NSMB(compress).rar
C:\Program Files\BitLord\Downloads\Overlord_II-XBOX360-DAGGER
C:\Program Files\BitLord\Downloads\Settlers 4 Gold Edition
C:\Program Files\BitLord\Downloads\Twilight.Chapitre.1.La.Fascination.NTSC.MULTi.DVDR-ULTRASON[jean-hugues]
C:\Program Files\BitLord\Downloads\Twilight.REPACK.1CD.FRENCH.DVDRiP.XviD-GKS.avi
C:\Program Files\BitLord\Downloads\Overlord_II-XBOX360-DAGGER\dgr-olii.dvd.bc!
C:\Program Files\BitLord\Downloads\Overlord_II-XBOX360-DAGGER\dgr-olii.iso.bc!
C:\Program Files\BitLord\Downloads\Overlord_II-XBOX360-DAGGER\dgr-olii.nfo.bc!
C:\Program Files\BitLord\Downloads\Overlord_II-XBOX360-DAGGER\xSaimex.com.nfo.bc!
C:\Program Files\BitLord\Downloads\Settlers 4 Gold Edition\CD 1
C:\Program Files\BitLord\Downloads\Settlers 4 Gold Edition\CD 2
C:\Program Files\BitLord\Downloads\Settlers 4 Gold Edition\CD 1\Settlers 4 gold edition disc1.ccd
C:\Program Files\BitLord\Downloads\Settlers 4 Gold Edition\CD 1\Settlers 4 gold edition disc1.img
C:\Program Files\BitLord\Downloads\Settlers 4 Gold Edition\CD 1\Settlers 4 gold edition disc1.sub
C:\Program Files\BitLord\Downloads\Settlers 4 Gold Edition\CD 2\Settlers 4 gold edition disc 2.ccd
C:\Program Files\BitLord\Downloads\Settlers 4 Gold Edition\CD 2\Settlers 4 gold edition disc 2.img
C:\Program Files\BitLord\Downloads\Settlers 4 Gold Edition\CD 2\Settlers 4 gold edition disc 2.sub
C:\Program Files\BitLord\Downloads\Twilight.Chapitre.1.La.Fascination.NTSC.MULTi.DVDR-ULTRASON[jean-hugues]\Twilight.Chapitre.1.La.Fascination.NTSC.MULTi.DVDR-ULTRASON.iso.bc!
C:\Program Files\BitLord\Downloads\Twilight.Chapitre.1.La.Fascination.NTSC.MULTi.DVDR-ULTRASON[jean-hugues]\Twilight.Chapitre.1.La.Fascination.NTSC.MULTi.DVDR-ULTRASON.nfo.bc!
C:\Program Files\BitLord\lang\lang_ar_ae.xml
C:\Program Files\BitLord\lang\lang_bg_bg.xml
C:\Program Files\BitLord\lang\lang_ca_es.xml
C:\Program Files\BitLord\lang\lang_cz_cz.xml
C:\Program Files\BitLord\lang\lang_da_dk.xml
C:\Program Files\BitLord\lang\lang_de_de.xml
C:\Program Files\BitLord\lang\lang_el_gr.xml
C:\Program Files\BitLord\lang\lang_en_us.xml
C:\Program Files\BitLord\lang\lang_es_ar.xml
C:\Program Files\BitLord\lang\lang_es_es.xml
C:\Program Files\BitLord\lang\lang_et_ee.xml
C:\Program Files\BitLord\lang\lang_fi_fi.xml
C:\Program Files\BitLord\lang\lang_fr_fr.xml
C:\Program Files\BitLord\lang\lang_gl_es.xml
C:\Program Files\BitLord\lang\lang_he_il.xml
C:\Program Files\BitLord\lang\lang_hu_hu.xml
C:\Program Files\BitLord\lang\lang_it_it.xml
C:\Program Files\BitLord\lang\lang_jp_jp.xml
C:\Program Files\BitLord\lang\lang_ko_kr.xml
C:\Program Files\BitLord\lang\lang_nb_no.xml
C:\Program Files\BitLord\lang\lang_nl_nl.xml
C:\Program Files\BitLord\lang\lang_pl_pl.xml
C:\Program Files\BitLord\lang\lang_pt_br.xml
C:\Program Files\BitLord\lang\lang_pt_pt.xml
C:\Program Files\BitLord\lang\lang_ro_ro.xml
C:\Program Files\BitLord\lang\lang_ru_ru.xml
C:\Program Files\BitLord\lang\lang_sk_sk.xml
C:\Program Files\BitLord\lang\lang_sl_si.xml
C:\Program Files\BitLord\lang\lang_sr_sr.xml
C:\Program Files\BitLord\lang\lang_sv_se.xml
C:\Program Files\BitLord\lang\lang_th_th.xml
C:\Program Files\BitLord\lang\lang_tr_tr.xml
C:\Program Files\BitLord\lang\lang_va_es.xml
C:\Program Files\BitLord\lang\lang_zh_tw.xml
C:\Program Files\BitLord\rules\ipfilter.dat
C:\Program Files\BitLord\rules\tracker.dat
C:\Program Files\BitLord\Torrents\LimeWireWin.exe.torrent
C:\Program Files\BitLord\Torrents\LimeWireWin.exe.xml
C:\Program Files\BitLord\Torrents\NSMB(compress).rar.torrent
C:\Program Files\BitLord\Torrents\NSMB(compress).rar.xml
C:\Program Files\BitLord\Torrents\Overlord_II-XBOX360-DAGGER.torrent
C:\Program Files\BitLord\Torrents\Overlord_II-XBOX360-DAGGER.xml
C:\Program Files\BitLord\Torrents\Settlers 4 Gold Edition.torrent
C:\Program Files\BitLord\Torrents\Settlers 4 Gold Edition.xml
C:\Program Files\BitLord\Torrents\Twilight.Chapitre.1.La.Fascination.NTSC.MULTi.DVDR-ULTRASON[jean-hugues].torrent
C:\Program Files\BitLord\Torrents\Twilight.Chapitre.1.La.Fascination.NTSC.MULTi.DVDR-ULTRASON[jean-hugues].xml
C:\Program Files\BitLord\Torrents\Twilight.Chapitre.2.Tentation.2009.FRENCH.READNFO.LD.DVDRip.XviD-ARTEFAC.torrent
C:\Program Files\BitLord\Torrents\Twilight.Chapitre.2.Tentation.2009.FRENCH.READNFO.LD.DVDRip.XviD-ARTEFAC.xml
C:\Program Files\BitLord\Torrents\Twilight.Chapitre.2.tentation[2009]DVDRip[French.LD]XviD.torrent
C:\Program Files\BitLord\Torrents\Twilight.Chapitre.2.tentation[2009]DVDRip[French.LD]XviD.xml
C:\Program Files\BitLord\Torrents\Twilight.REPACK.1CD.FRENCH.DVDRiP.XviD-GKS.avi.torrent
C:\Program Files\BitLord\Torrents\Twilight.REPACK.1CD.FRENCH.DVDRiP.XviD-GKS.avi.xml
C:\DOCUME~1\GUILBA~1\Cookies\guilbault@bitlord[1].txt

-----------\\ Extensions

(Guilbault) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Guilbault) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Guilbault) - {89506680-e3f4-484c-a2c0-ed711d481eda} => showcase
(Guilbault) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.ca/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.google.com/ie"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 2010-03-09|16:58 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2010-03-09|17:01 - Option : [1]

-----------\\ Fin du rapport a 17:01:04,92

[Jypalou]

Double clique sur le raccourci pour démarrer l'outil.

Dans la fenêtre qui s'ouvre,pour le choix de la langue tapes "F" .

Appuis une fois sur la touche " Entrée " .

Dans la fenêtre qui s'ouvre fais le choix N°2 (Suppression).

Appuis une fois sur la touche "Entrée".

Patiente jusqu'à la fin de la recherche.

Sauvegarde le rapport qui s'ouvre à la fin du scan sur ton bureau.

Poste le rapport.
Puis:
Télécharge HijackThis ICI ,et poste le rapport HijackThis Tuto
A+

[inconnue007]

Voici le rapport de Toolbar-S&D


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : BIOS Date: 07/16/08 09:04:06 Ver: 08.00.14
USER : Guilbault ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1368 [VPS 100309-0] 4.8.1368 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:17 Go)
D:\ (Local Disk) - NTFS - Total:298 Go (Free:218 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 2010-03-09|17:13 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\BitLord\BitLord.exe
Supprime! - C:\Program Files\BitLord\BitLord.xml
Supprime! - C:\Program Files\BitLord\Downloads
Supprime! - C:\Program Files\BitLord\Downloads.xml
Supprime! - C:\Program Files\BitLord\lang
Supprime! - C:\Program Files\BitLord\License.txt
Supprime! - C:\Program Files\BitLord\rules
Supprime! - C:\Program Files\BitLord\Torrents
Supprime! - C:\Program Files\BitLord\uninst.exe
Supprime! - C:\DOCUME~1\GUILBA~1\Cookies\guilbault@bitlord[1].txt
Supprime! - C:\Program Files\BitLord

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Guilbault) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Guilbault) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Guilbault) - {89506680-e3f4-484c-a2c0-ed711d481eda} => showcase
(Guilbault) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.ca/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.google.com/ie"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 2010-03-09|16:58 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2010-03-09|17:01 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 2010-03-09|17:24 - Option : [2]

-----------\\ Fin du rapport a 17:24:16,92

[inconnue007]

Et celui de HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:43, on 2010-03-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\igfxsrvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8765512015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8770017734
O17 - HKLM\System\CCS\Services\Tcpip\..\{B69970DD-64FE-4413-85ED-F0B320FF405F}: NameServer = 192.168.2.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7305 bytes

[Jypalou]

Bonjour,
Ferme toutes les applications actives et relance HijackThis

Clique sur

Coche les lignes suivantes :

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


Clique sur

Valide par Oui (Yes) au message qui va s'afficher.
Puis pour controle,
Télécharge et fait un scan avec Malwarebytes' Antimalware

Téléchargement et Tuto ICI

Ne pas télécharger MBAM ailleurs que sur le site de l'éditeur.

Faire la mise a jour.

Il est préférable de faire le scan en mode sans échec.

Il est conseillé de désactiver Tea-Timer si tu as Spybot-S&D juste le temps du scan.

Pour désactiver le Tea-Timer . Lancez Spybot-S&D , passez en Mode Avancé via le Menu Mode (en haut) cliquez sur Oui choisissez Outils dans la barre de navigation sur la gauche Résident et là vous pouvez décocher les cases situées devant les deux outils.



Choisir, Exécuter un examen complet.

Attends la fin du scan.

Si une infection est trouvée
Coche la case a coté et valides avec l’Onglet

Poste le rapport.
A+

[inconnue007]

Et voici le rapport de Malware:

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3849
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2010-03-10 18:31:43
mbam-log-2010-03-10 (18-31-43).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 202441
Temps écoulé: 56 minute(s), 57 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 23

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hotkeyscmds (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\persistence (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\logmein gui (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\hkcmd.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\Druide\Antidote\Antidote\gestionnaire antidote.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\Java\jre6\bin\jusched.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\LogMeIn\x86\logmeinsystray.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\QuickTime\qttask .exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\js.mui.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\wmpscfgs.exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hkcmd .exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxpers .exe.vir (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751E84BB-1C42-4B48-8A92-6E2D003C89A5}\RP175\A0016781.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751E84BB-1C42-4B48-8A92-6E2D003C89A5}\RP175\A0016782.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751E84BB-1C42-4B48-8A92-6E2D003C89A5}\RP175\A0016783.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751E84BB-1C42-4B48-8A92-6E2D003C89A5}\RP175\A0016784.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751E84BB-1C42-4B48-8A92-6E2D003C89A5}\RP175\A0016785.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751E84BB-1C42-4B48-8A92-6E2D003C89A5}\RP176\A0016822.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751E84BB-1C42-4B48-8A92-6E2D003C89A5}\RP176\A0016831.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751E84BB-1C42-4B48-8A92-6E2D003C89A5}\RP177\A0016848.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751E84BB-1C42-4B48-8A92-6E2D003C89A5}\RP177\A0017862.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751E84BB-1C42-4B48-8A92-6E2D003C89A5}\RP179\A0017965.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751E84BB-1C42-4B48-8A92-6E2D003C89A5}\RP180\A0018137.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751E84BB-1C42-4B48-8A92-6E2D003C89A5}\RP180\A0018138.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{751E84BB-1C42-4B48-8A92-6E2D003C89A5}\RP175\A0015600.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

[Jypalou]

Bonjour,comment se comporte le pc?
Fait un scan en ligne avec Eset-Nod32

Il faut utiliser Internet Explorer pour pouvoir le lancer (Contrôles ActiveX).
Cocher la case: Yes, I accept the Terms of use puis cliquer sur Start.
Installer les contrôles Active X proposés.
Choisir les actions de nettoyage:
Signaler seulement les menaces
Signaler et supprimer les menaces
Aide en images
A la fin du scan colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt

[inconnue007]

C:\Documents and Settings\Guilbault\Bureau\Programmes\ToolBarSD.exe une variante probable de Win32/IRCBot cheval de troie nettoyé par suppression - mis en quarantaine
C:\Program Files\WinISO\winiso53.exe une variante probable de Win32/Agent cheval de troie nettoyé par suppression - mis en quarantaine
C:\WINDOWS\system32\igfxpers.exe Win32/TrojanDownloader.Unruy.AV cheval de troie nettoyé par suppression - mis en quarantaine

[Jypalou]

Bonjour,Télécharge TFC - Temp File Cleaner (de OldTimer)
Enregistrer impérativement le fichier sur le Bureau.
L'outil va faire redémarrer le système: il est indispensable d'enregistrer tous les travaux en cours.
Faire un double clic sur TFC. exe pour lancer l'outil.
Sous Windows Vista, faire un clic droit sur TFC.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil"
L'écran principal de TFC s'affiche:
Cliquer sur le bouton Start.
L'outil va supprimer les fichiers temporaires de tous les utilisateurs, ce qui prend au maximum trois minutes.
En fin d'exécution, le programme affichera la liste des dossiers vidés, ainsi que la taille de l'espace disque ainsi libéré.
Note: le nombre affiché en rouge tout en bas: Total Files Cleaned = **,** mb pour l'envoyer en réponse.
Le programme proposera le redémarrage du système ("The system requires a reboot to finish removing files"). Il faut cliquer sur Oui/Yes.
Et tu me dis si tu as encore des alertes Avast
A+