Bonjour
J’ai certainement un gros problème de virus.
Au démarrage, mon PC est très lent et n’arrete pas de travailler.
Il faut que je désactive l’antivirus AVG 9 pour qu’il arrete de travailler et qu’il ne soit plus lent !
Impossible de mettre AVG à jour ! (accès au serveur interdit) même après une désinstallation complète du logiciel !
Impossible d’installer hijackthis : rien ne se passe quand je double clic sur le fichier d’installation
Impossible de faire une analyse avec le logiciel Malwarebytes’ Anti-Malware : lorsque je lance le logiciel il se ferme tout seul au bout de 2 secondes !
J’ai juste réussi à faire une analyse avec Combofix
Quelqu’un peut-il m’aider ?
Merci d’avance
PS : je dispose d’une protection permanente avec SpyBot
Voici le rapport ComboFix
ComboFix 10-03-10.08 - Christophe 11/03/2010 16:53:11.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.511.223 [GMT 1:00]
Lancé depuis: e:\logiciels installés\ComboFix.exe
AV: AVG Anti-Virus Free On-access scanning enabled (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Christophe\Mes documents\ZbThumbnail.info
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-11 au 2010-03-11 ))))))))))))))))))))))))))))))))))))
.
2020-10-28 07:24 . 2020-10-28 07:40 -------- d-----w- c:\documents and settings\Christophe\Application Data\Symantec
2020-10-28 07:24 . 1999-06-10 13:50 437528 ----a-w- c:\windows\system32\401COMUPD.EXE
2020-10-28 07:24 . 2020-10-28 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2020-10-28 07:24 . 2007-05-27 13:36 -------- d-----w- c:\program files\Symantec
2020-10-28 07:24 . 2007-05-26 14:45 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared
2010-03-11 15:31 . 2010-03-11 15:31 -------- d-----w- c:\documents and settings\Christophe\Application Data\Malwarebytes
2010-03-11 15:31 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-11 15:31 . 2010-03-11 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-11 15:31 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-08 11:54 . 2009-11-25 12:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-03-08 10:16 . 2010-03-08 10:16 -------- d-----w- C:$AVG
2010-03-08 10:16 . 2010-03-08 10:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-08 10:16 . 2010-03-08 10:16 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-08 10:16 . 2010-03-08 10:16 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-08 10:16 . 2010-03-08 10:16 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-08 10:16 . 2010-03-08 10:16 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-08 10:15 . 2010-03-08 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-03-08 10:15 . 2010-03-08 10:15 -------- d-----w- c:\program files\AVG
2010-03-08 10:15 . 2010-03-08 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-26 16:19 . 2010-02-12 10:03 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-17 10:15 . 2010-02-17 10:16 -------- d-----w- c:\documents and settings\Christophe\Local Settings\Application Data\ACD Systems
2010-02-17 10:15 . 2010-02-17 10:15 -------- d-----w- c:\documents and settings\Christophe\Application Data\ACD Systems
2010-02-17 10:14 . 2010-02-17 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-02-17 10:14 . 2010-02-17 10:14 -------- d-----w- c:\program files\Fichiers communs\ACD Systems
2010-02-17 10:10 . 2010-02-17 10:10 -------- d-----w- c:\documents and settings\Christophe\Local Settings\Application Data\Downloaded Installations
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-08 21:56 . 2009-12-23 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-08 10:00 . 2006-03-01 07:50 170256 ----a-w- c:\documents and settings\Christophe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-06 15:15 . 2009-12-23 18:04 -------- d-----w- c:\program files\Microsoft Works
2010-02-17 10:10 . 2005-09-24 08:38 -------- d–h--w- c:\program files\InstallShield Installation Information
2010-02-15 17:47 . 2003-11-18 10:48 -------- d-----w- c:\program files\Canon
2010-02-12 16:16 . 2010-01-07 14:15 -------- d-----w- c:\documents and settings\Christophe\Application Data\ZoomBrowser EX
2010-02-05 15:48 . 2006-01-11 09:48 -------- d-----w- c:\documents and settings\Christophe\Application Data\vlc
2010-01-22 22:27 . 2010-01-22 22:27 325776 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-22 19:12 . 2010-01-22 19:12 -------- d-----w- c:\documents and settings\Christophe\Application Data\CANON INC
2010-01-13 17:34 . 2005-09-25 15:37 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-01-13 14:32 . 2006-04-05 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-13 12:02 . 2010-01-13 12:02 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-01-13 12:02 . 2010-01-13 12:02 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2010-01-13 12:02 . 2010-01-13 12:02 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-01-13 12:02 . 2010-01-13 12:02 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-01-07 20:36 . 2002-08-30 12:00 87366 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-07 20:36 . 2002-08-30 12:00 514630 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-05 09:56 . 2002-08-30 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:56 . 2006-11-17 09:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:56 . 2002-08-30 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2002-08-30 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-14 07:09 . 2002-08-30 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{A3BC75A2-1F87-4686-AA43-5347D756017C}”= “d:\avg9\Toolbar\IEToolbar.dll” [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- d:\avg9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “d:\avg9\Toolbar\IEToolbar.dll” [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “d:\avg9\Toolbar\IEToolbar.dll” [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SpybotSD TeaTimer”=“d:\spybot - search & destroy\TeaTimer.exe” [2009-01-26 2144088]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe” [2005-12-16 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Device Detector”=“DevDetect.exe -autorun” [X]
“MMTray”=“d:\music match juke box\mm_tray.exe” [2006-01-17 135168]
“CordlessCombo”=“c:\program files\MultiMedia Keyboard\IIMAIN.Exe” [2003-04-28 32768]
“SunJavaUpdateSched”=“c:\program files\Java\jre1.5.0\bin\jusched.exe” [2006-04-17 36972]
“NeroCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“NeroFilterCheck”=“c:\windows\System32\NeroCheck.exe” [2001-07-09 155648]
“tsnp2std”=“c:\windows\tsnp2std.exe” [2006-06-19 262144]
“snp2std”=“c:\windows\vsnp2std.exe” [2006-05-15 675840]
“ATICCC”=“c:\program files\ATI Technologies\ATI.ACE\cli.exe” [2005-08-12 45056]
“UnlockerAssistant”=“d:\unlocker\UnlockerAssistant.exe” [2006-05-06 6656]
“OpwareSE2”=“d:\canon\ScanSoft OmniPage\OpwareSE2.exe” [2003-05-08 49152]
“SMCWCU”=“c:\program files\SMC\SMCWPCIT-G\SMCWCU.exe” [2006-03-14 303104]
“Cobian Backup 8 interface”=“d:\cobian backup\cbInterface.exe” [2007-03-20 2424320]
“LClock”=“c:\program files\LClock\LClock.exe” [2004-09-19 65536]
“Blaero Start Orb”=“c:\program files\Blaero Start Orb\Blaero Start Orb.exe” [2006-07-30 575488]
“Styler”=“c:\program files\Styler\Styler.exe” [2006-05-03 307200]
“VisualTooltip”=“c:\program files\VisualTooltip\VisualToolTip.exe” [2006-10-06 942080]
“mmtask”=“d:\music match juke box\mmtask.exe” [2006-01-17 53248]
“USBFW”=“c:\program files\Net Studio\USB FireWall\USB FireWall.exe” [2008-09-01 1330688]
“EverioService”=“d:\cyberlink camera jvc\PCM4Everio\EverioService.exe” [2007-11-01 151552]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2008-04-14 15360]
c:\documents and settings\Christophe\Menu D?marrer\Programmes\D?marrage\AutorunsDisabled
ERUNT AutoBackup.lnk - d:\erunt\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Menu D?marrer\Programmes\D?marrage
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-26 113664]
Lancement rapide d’Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“UIHost”=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-08 10:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“LoadAppInit_DLLs”=1 (0x1)
[HKLM~\startupfolder\C:^Documents and Settings^Christophe^Menu Démarrer^Programmes^Démarrage^La Solution Enseignement Ciel.lnk.disabled]
path=c:\documents and settings\Christophe\Menu Démarrer\Programmes\Démarrage\La Solution Enseignement Ciel.lnk.disabled
backup=c:\windows\pss\La Solution Enseignement Ciel.lnk.disabledStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV DefAlert
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton eMail Protect
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPS Event Checker
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
2006-12-25 06:14 6083072 ----a-w- c:\program files\Vista Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wambo]
2007-06-15 07:34 1576960 ----a-w- c:\program files\Swapper\Swapper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Watch]
1999-10-18 15:44 24576 ----a-w- c:\progra~1\Minitel\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“UPS”=3 (0x3)
“SCardSvr”=3 (0x3)
“SCardDrv”=3 (0x3)
“AntiVirService”=2 (0x2)
“AntiVirScheduler”=2 (0x2)
“RemoteRegistry”=2 (0x2)
“FLEXnet Licensing Service”=3 (0x3)
“TapiSrv”=3 (0x3)
“SwPrv”=3 (0x3)
“ScsiAccess”=2 (0x2)
“MySQL”=2 (0x2)
“Bonjour Service”=2 (0x2)
“Apache”=2 (0x2)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“d:\FileZilla\FileZilla.exe”=
“c:\Program Files\Swapper\Swapper.exe”=
“c:\Program Files\Messenger\msmsgs.exe”=
“c:\Program Files\Bonjour\mDNSResponder.exe”=
“d:\Flash\Adobe Flash CS3\Flash.exe”=
“l:\GALERIE MARCHANDE\mnt\usr\local\apache2\bin\Apache.exe”=
“c:\Documents and Settings\Christophe\Bureau\GALERIE MARCHANDE 1.5.10\MovAMP_Joomla_1.5.10\mnt\usr\local\mysql\bin\mysqld.exe”=
“c:\Documents and Settings\Christophe\Bureau\GALERIE MARCHANDE 1.5.10\MovAMP_Joomla_1.5.10\mnt\usr\local\apache2\bin\Apache.exe”=
“e:\GALERIE MARCHANDE 1.5.10\MovAMP_Joomla_1.5.10\mnt\usr\local\apache2\bin\Apache.exe”=
“e:\GALERIE MARCHANDE 1.5.10\MovAMP_Joomla_1.5.10\mnt\usr\local\mysql\bin\mysqld.exe”=
“l:\GALERIE MARCHANDE 1.5.10\MovAMP_Joomla_1.5.10\mnt\usr\local\apache2\bin\Apache.exe”=
“l:\GALERIE MARCHANDE 1.5.10\MovAMP_Joomla_1.5.10\mnt\usr\local\mysql\bin\mysqld.exe”=
“d:\Phone\Phone\Skype.exe”=
“d:\Office 2007\Office12\OUTLOOK.EXE”=
“d:\AVG9\avgemc.exe”=
“d:\AVG9\avgupd.exe”=
“d:\AVG9\avgnsx.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“1723:TCP”= 1723:TCP:@xpsp2res.dll,-22015
“1701:UDP”= 1701:UDP:@xpsp2res.dll,-22016
“500:UDP”= 500:UDP:@xpsp2res.dll,-22017
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/03/2010 11:16 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/03/2010 11:16 360584]
S2 avg9emc;AVG Free E-mail Scanner;d:\avg9\avgemc.exe [08/03/2010 11:15 906520]
S2 avg9wd;AVG Free WatchDog;d:\avg9\avgwdsvc.exe [08/03/2010 11:15 285392]
S4 Saapinsk;Saapinsk;c:\windows\system32\drivers\ws2ifsl.sys [30/08/2002 13:00 12032]
.
Contenu du dossier ‘Tâches planifiées’
2009-12-07 c:\windows\Tasks\Nettoyage de disque.job
- c:\windows\system32\cleanmgr.exe [2002-08-30 02:33]
2010-03-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2020-10-28 19:14]
2010-03-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 20:18]
.
.
------- Examen supplémentaire -------
.
uStart Page = www.netvibes.com…
mStart Page = www.windowsxlive.net…
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - d:\office~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d’impressions - d:\canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - d:\canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - d:\canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - d:\canon\Easy-WebPrint\Resource.dll/RC_Preview.html
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - […](file:///C:/WINDOWS/Java/classes/xmldso.cab)
. -
-
-
- ORPHELINS SUPPRIMES - - - -
-
-
HKLM-Run-P2P Networking - c:\windows\System32\P2P Networking\P2P Networking.exe
HKLM-Run-AltnetPointsManager - c:\program files\Altnet\Points Manager\Points Manager.exe
MSConfigStartUp-AltnetPointsManager - c:\program files\Altnet\Points Manager\Points Manager.exe
MSConfigStartUp-P2P Networking - c:\windows\System32\P2P Networking\P2P Networking.exe
AddRemove-Multi Virus Cleaner 2007_is1 - l:\logiciels\Multi Virus Cleaner 2007\unins000.exe
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2010-03-11 17:04
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés …
Recherche d’éléments en démarrage automatique cachés …
Recherche de fichiers cachés …
Scan terminé avec succès
Fichiers cachés: 0
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\BabelPad.*?eöN\DefaultIcon]
@=“l:\LOGICI~1\BABELP~1\BabelPad.exe,0”
[HKEY_LOCAL_MACHINE\software\Classes\BabelPad.*?eöN\shell\open\command]
@="l:\LOGICI~1\BABELP~1\BabelPad.exe “%1"”
[HKEY_LOCAL_MACHINE\software\Classes\BabelPad.*?eöN\shell\print\command]
@="l:\LOGICI~1\BABELP~1\BabelPad.exe /p “%1"”
[HKEY_LOCAL_MACHINE\software\Classes\BabelPad.*?eöN\shell\printto\command]
@="l:\LOGICI~1\BABELP~1\BabelPad.exe /pt “%1” “%2” “%3” “%4"”
[HKEY_LOCAL_MACHINE\software\Classes\CLSID{4B97FFF0-B9C6-5687-96F2-758FC97234FD}\InProcServer32*]
“oamjfeidccalnofhjcnapobplmmjej”=hex:6a,61,6e,63,6f,66,6e,70,6b,69,66,6f,61,64,
66,63,67,6a,6d,6f,00,07
“namjpogighkifkoghkfagihjfihg”=hex:69,61,61,64,69,6a,62,66,66,70,66,6c,6b,6c,
65,6a,63,62,00,00
.
--------------------- DLLs chargées dans les processus actifs ---------------------
-
-
-
-
-
-
-
‘winlogon.exe’(608)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2010-03-11 17:09:29
ComboFix-quarantined-files.txt 2010-03-11 16:09
-
-
-
-
-
-
Avant-CF: 2 640 949 248 octets libres
Après-CF: 2 965 647 360 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professionnel” /fastdetect /NoExecute=OptIn
-
- End Of File - - 1A453683CE884DF1DD383976CBC1BD53