Malware, spyware, combofix, highjack this...

Fermé
belette2986 -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,

Suite aux conseills de quelqu'un dans ce forum, j'ai exécuté combofix dans mon ordinateur infecté. Depuis, l'ordi semble mieux aller, et je ne suis plus redirigée sur des sites publicitaires quand je clique sur des liens de google. Par contre, pouvez-vous analyser mon rapport combofix afin de me rassurer que mes maux de têtes sont bels et bien chose du passé.

Merci,

Voici le rapport combofix :

ComboFix 09-07-04.05 - Gilles Lacoursiere 2009-07-05 10:01.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.511.146 [GMT -4:00]
Lancé depuis: c:\documents and settings\Gilles Lacoursiere\Desktop\juillet.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\15c4d.msi
c:\windows\Installer\1ea1f0.msi
c:\windows\Installer\1eccd8ea.msi
c:\windows\Installer\200d7.msi
c:\windows\Installer\200de.msi
c:\windows\Installer\2806d1c.msp
c:\windows\Installer\2806d88.msp
c:\windows\Installer\8093.msi
c:\windows\Installer\c27e.msi
c:\windows\Installer\edd4.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\drivers\UACrgssndkwnsryiow.sys
c:\windows\system32\UACabduiurqxdoettw.dll
c:\windows\system32\UACbiqmlxpmsqoxvya.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmlfflrvyldsilan.dll
c:\windows\system32\UACnqlldsowftqsinmph.log
c:\windows\system32\UACrmnaiqakypjbfhd.dll
c:\windows\system32\UACyibeovrkhmkhbol.dat
M:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-06-05 au 2009-07-05 ))))))))))))))))))))))))))))))))))))
.

2009-07-05 13:58 . 2009-07-05 13:58 -------- d-sh--w- C:\FOUND.002
2009-07-05 07:08 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll­
2009-07-04 16:41 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissar­my.sys
2009-07-04 16:26 . 2009-07-04 16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 16:05 . 2009-07-04 16:05 -------- d-----w- C:\rsit
2009-07-04 11:40 . 2009-06-30 19:00 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-04 11:40 . 2009-06-30 19:00 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-04 11:40 . 2009-06-30 19:00 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-04 11:40 . 2009-06-30 19:00 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-04 11:40 . 2009-06-30 19:00 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-04 11:40 . 2009-06-30 19:00 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-04 09:15 . 2009-07-04 09:15 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-04 01:04 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.s­ys
2009-07-04 01:04 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sy­s
2009-07-04 01:04 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent­.sys
2009-07-04 01:04 . 2009-07-04 01:04 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-04 01:04 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys­
2009-07-04 01:04 . 2009-07-04 01:04 -------- d-----w- c:\documents and settings\Gilles Lacoursiere\Application Data\PC Tools
2009-07-04 01:04 . 2009-07-04 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-07-04 01:02 . 2009-07-04 01:02 256 ----a-w- c:\documents and settings\Gilles Lacoursiere\pool.bin
2009-07-02 00:10 . 2009-07-02 00:10 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-02 00:10 . 2009-07-02 00:10 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-02 00:10 . 2009-07-02 00:10 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-02 00:10 . 2009-06-30 19:00 27784 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-07-02 00:10 . 2009-06-30 19:00 352024 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-02 00:10 . 2009-07-02 00:10 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-01 09:08 . 2009-07-01 00:30 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-01 00:31 . 2009-07-01 00:30 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-01 00:29 . 2009-07-01 00:29 -------- d--h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-01 00:29 . 2009-01-18 21:43 2892112 ----a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-07-01 00:29 . 2009-07-01 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-30 20:24 . 2009-06-30 20:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-30 20:24 . 2009-06-30 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-30 20:02 . 2009-06-30 20:02 -------- d-----w- c:\program files\Trend Micro
2009-06-30 19:03 . 2009-06-30 19:03 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-30 19:00 . 2009-06-30 19:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 19:00 . 2009-06-30 19:00 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-30 19:00 . 2009-07-04 11:40 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-30 19:00 . 2009-07-02 00:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-30 19:00 . 2009-06-30 19:00 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-30 19:00 . 2009-06-30 19:00 -------- d-----w- c:\program files\AVG
2009-06-30 19:00 . 2009-06-30 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-25 15:47 . 2009-06-25 15:47 -------- d-----w- c:\documents and settings\Gilles Lacoursiere\Application Data\Blackberry Desktop
2009-06-25 15:37 . 2009-06-25 15:37 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-06-25 15:37 . 2009-06-25 15:37 -------- d-----w- c:\program files\Roxio
2009-06-25 15:30 . 2009-06-25 15:30 69632 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\DesktopMgr.exe
2009-06-25 15:30 . 2009-06-25 15:30 6502 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-06-25 15:30 . 2009-06-25 15:30 6502 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-06-25 15:30 . 2009-06-25 15:30 6502 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:30 . 2009-06-25 15:30 26694 ----a-r- c:\documents and settings\Gilles Lacoursiere\Application Data\Microsoft\Installer\{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
2009-06-25 15:29 . 2009-06-25 15:29 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-06-25 15:29 . 2009-06-25 15:29 -------- d-----w- c:\program files\Research In Motion
2009-06-18 02:18 . 2009-06-18 02:18 -------- d-----w- c:\program files\iPod
2009-06-18 02:18 . 2009-06-18 02:18 -------- d-----w- c:\program files\iTunes
2009-06-18 02:13 . 2009-06-18 02:13 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 20:33 . 2009-06-06 20:33 -------- d-----w- c:\program files\DIFX
2009-06-06 20:33 . 2009-06-06 20:33 -------- d-----w- c:\program files\Garmin

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 13:35 . 2008-12-21 17:30 256 ----a-w- c:\windows\system32\pool.bin
2009-07-04 09:14 . 2003-03-19 00:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-04 09:14 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-04 00:27 . 2009-07-04 00:27 98304 ------w- c:\program files\Spyware Doctor
2009-06-30 18:31 . 2009-06-30 18:30 0 ----a-w- c:\documents and settings\Gilles Lacoursiere\Application Data\~ygw.tmp
2009-06-25 15:44 . 2004-02-19 13:56 81704 ----a-w- c:\documents and settings\Gilles Lacoursiere\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 15:42 . 2009-03-14 11:45 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2008-02-27 16:15 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-09 05:14 . 2009-05-09 05:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 05:14 . 2009-05-09 05:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 15:32 . 1980-01-01 04:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-02-06 22:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 1980-01-01 05:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-04-16 10:55 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2008-09-07 20:09 . 2008-09-07 20:18 2402832 ----a-w- c:\program files\WLinstaller.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E34F0E11-AB79-487c-9773-36C594DFF5AA}]
2008-03-18 21:35 1267040 ----a-w- c:\program files\MapQuest Toolbar\mqtb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 368640]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2001-07-19 401493]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2009-03-23 146432]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-03 2832280]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]
"LXDJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll" [2007-02-09 102400]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2007-08-01 815104]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-30 1948440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024]
"ISTray"="c:\documents and settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-04 198160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Gilles Lacoursiere\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-6-14 1512720]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-30 19:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lancement rapide de Microsoft Office OneNote 2003.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Lancement rapide de Microsoft Office OneNote 2003.lnk
backup=c:\windows\pss\Lancement rapide de Microsoft Office OneNote 2003.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor.lnk
backup=c:\windows\pss\Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="1"
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Palm\\Hotsync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\System32\\lxdjcoms.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\LXDJAMON.EXE"=
"c:\\Program Files\\Lexmark 1400 Series\\App4R.exe"=
"c:\\WINDOWS\\System32\\lxdjcfg.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDJwbgw.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdjPSWX.EXE"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\lxdjjswx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\System32\\SPOOL\\DRIVERS\\W32X86\\3\\LXDJTIME.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 DiskFilt;DiskFilt;c:\windows\system32\drivers\DISKFILT.SYS [2003-09-19 4341]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-06-30 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-07-03 130936]
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2004-02-15 17792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-06-30 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-06-30 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-06-30 298776]
R2 sdAuxService;PC Tools Auxiliary Service;c:\documents and settings\Gilles Lacoursiere\WINDOWS\system\Spyware Doctor\pctsAuxs.exe [2009-07-03 348752]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 EraserUtilDrv10620;EraserUtilDrv10620; [x]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 1029456]
S3 musbehco;musbehco; [x]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv
.
Contenu du dossier 'Tâches planifiées'

2009-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-04 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 20:43]

2009-07-05 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 20:43]

2009-07-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 00:30]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &MapQuest Toolbar Search - c:\documents and settings\All Users\Application Data\MapQuest Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: decclic.qc.ca
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Gilles Lacoursiere\Application Data\Mozilla\Firefox\Profiles\6qupkl43.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Gilles Lacoursiere\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
.
.
------- Associations de fichier -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 10:08
Windows 5.1.2600 Service Pack 3 FAT NTAPI

detected NTDLL code modification:
ZwClose

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\AMUST\Registry Cleaner\pos*whor_xpos**]
"wX"=dword:01c6b1be
"whY"=dword:218a4450

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-07-05 10:10
ComboFix-quarantined-files.txt 2009-07-05 14:10
ComboFix2.txt 2008-11-15 17:32

Avant-CF: 38 198 935 552 bytes free
Après-CF: 38 206 242 816 bytes free

289 --- E O F --- 2009-07-05 13:26
A voir également:

1 réponse

Réponse 1 / 1
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Bonjour,

La désinfection n'est pas encore terminer, merci de continuer à la suite du poste initial :

http://www.commentcamarche.net/forum/affich 13196162 malware redirection

@+
0

Discussions similaires

supprimer tor.jack android
sabinelouisonbruno -
akaloupile -

4 réponses
Tor.Jack.Malware
Camille -
bazfile -

1 réponse
Win64 malware gen
jules555 -
bazfile -

1 réponse
je n'arrive pas a supprimer un virus sur mon téléphone
nath340 -
christou -

26 réponses
Win64:Malware-gen
ptb35 -
MisteryBean -

3 réponses