Internet Explorer pollué

Jean-Claude -  
 Jean-Claude -
Bonjour,
Bonjour ,

depuis plusieurs jours mon PC semble infecté et est extrèmement long ainsi que internet Explorer
qui affiche entre autre des pages parasites indiquant que mon PC est infecté.

QUE PUIS JE FAIRE ? Merci de votre aide si c'est possible svp.

===========================================================================

Logfile of HijackThis v1.99.1
Scan saved at 19:01:52, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\Documents and Settings\Jean-Claude\Bureau\setup_fr.exe"
O4 - HKLM\..\Run: [e4b1788f] rundll32.exe "C:\WINDOWS\system32\bupqbrgt.dll",b
O4 - HKLM\..\Run: [BMe7824b13] Rundll32.exe "C:\WINDOWS\system32\vgjnlxuf.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: Speed Disk service - Sony Corporation - (no file)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
Configuration: Windows XP
Internet Explorer 7.0

11 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Documents and Settings\Jean-Claude\Bureau\setup_fr.exe
    C:\WINDOWS\system32\bupqbrgt.dll
    C:\WINDOWS\system32\vgjnlxuf.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _____________

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
    1. Jean-claude
       
      Bonjour,

      d'abord merci de vous intéresser à mon cas. J'ai fait ce que vous m'avez indiqué en voici les rapports


      --------------------------------------------------- OtoMoveit
      File/Folder C:\Documents and Settings\Jean-Claude\Bureau\setup_fr.exe not found.
      DllUnregisterServer procedure not found in C:\WINDOWS\system32\bupqbrgt.dll
      C:\WINDOWS\system32\bupqbrgt.dll NOT unregistered.
      C:\WINDOWS\system32\bupqbrgt.dll moved successfully.
      DllUnregisterServer procedure not found in C:\WINDOWS\system32\vgjnlxuf.dll
      C:\WINDOWS\system32\vgjnlxuf.dll NOT unregistered.
      C:\WINDOWS\system32\vgjnlxuf.dll moved successfully.

      OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05132008_085608

      --------------------------------------------------- Combo


      ComboFix 08-05-12.1 - Jean-Claude 2008-05-13 9:02:44.1 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.246 [GMT 2:00]
      Endroit: C:\Documents and Settings\Jean-Claude\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\pskt.ini
      C:\WINDOWS\system32\baaKkUvw.ini
      C:\WINDOWS\system32\baaKkUvw.ini2
      C:\WINDOWS\system32\bomhprgl.ini
      C:\WINDOWS\system32\bxwaolrw.ini
      C:\WINDOWS\system32\dyjbwdjg.ini
      C:\WINDOWS\system32\EOVDcfii.ini
      C:\WINDOWS\system32\EOVDcfii.ini2
      C:\WINDOWS\system32\fmqitrvq.ini
      C:\WINDOWS\system32\jkprdafo.dll
      C:\WINDOWS\system32\ljJBuvwU.dll
      C:\WINDOWS\system32\lubjqtou.dll
      C:\WINDOWS\system32\qoMdCvsr.dll
      C:\WINDOWS\system32\radwcppk.ini
      C:\WINDOWS\system32\sfdrixpp.dll
      C:\WINDOWS\system32\tgrbqpub.ini
      C:\WINDOWS\system32\tywoccqi.ini
      C:\WINDOWS\system32\wintmh32.dll
      C:\WINDOWS\system32\wvUkKaab.dll
      G:\Autorun.inf

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))))))))
      .

      2008-05-13 09:02 . 2008-05-13 09:02 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
      2008-05-13 08:56 . 2008-05-13 08:56 <REP> d----c--- C:\_OTMoveIt
      2008-05-12 18:23 . 2008-05-12 18:23 2,112 --a--c--- C:\WINDOWS\system32\qxhltpuf.exe
      2008-05-12 15:15 . 2008-05-12 15:15 18,944 --a------ C:\WINDOWS\system32\drvjob.dll
      2008-05-12 09:06 . 2008-05-12 09:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
      2008-05-12 09:05 . 2008-05-12 14:41 <REP> d----c--- C:\Documents and Settings\Jean-Claude\.housecall6.6
      2008-05-11 18:19 . 2008-05-11 18:19 2,112 --a--c--- C:\WINDOWS\system32\bnukmbxr.exe
      2008-05-11 14:55 . 2008-05-11 14:55 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-05-11 14:55 . 2008-05-11 15:58 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-05-10 17:03 . 2008-05-10 17:03 2,112 --a--c--- C:\WINDOWS\system32\amonhjob.exe
      2008-05-09 19:48 . 2008-05-09 19:48 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
      2008-05-09 16:58 . 2008-05-09 16:58 2,112 --a--c--- C:\WINDOWS\system32\jgpuchqa.exe
      2008-05-08 16:56 . 2008-05-08 16:56 2,112 --a--c--- C:\WINDOWS\system32\ygrwxwcd.exe
      2008-05-06 18:39 . 2008-05-06 18:39 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
      2008-05-06 09:37 . 2008-05-13 08:49 109,830 --a------ C:\WINDOWS\BMe7824b13.xml
      2008-05-05 17:52 . 2008-05-05 17:52 <REP> d-------- C:\Program Files\WinAVI Video Converter
      2008-05-02 14:15 . 2008-05-02 14:15 <REP> d----c--- C:\Documents and Settings\Jean-Claude\Application Data\TaoUSign
      2008-04-23 22:29 . 2008-04-23 22:29 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
      2008-04-23 22:29 . 2007-02-20 15:31 25,600 --a------ C:\WINDOWS\AVR309.dll
      2008-04-23 22:29 . 2007-02-20 15:31 8,652 --a------ C:\WINDOWS\system32\drivers\AVR309.sys
      2008-04-20 18:35 . 2008-04-20 18:35 <REP> d-------- C:\Program Files\XP Autoptimize

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-05-12 20:23 --------- d-----w C:\Program Files\Legacy
      2008-05-11 08:46 --------- dc----w C:\Documents and Settings\Jean-Claude\Application Data\LimeWire
      2008-05-11 08:25 --------- d-----w C:\Program Files\Google
      2008-05-09 06:10 --------- d-----w C:\Program Files\AVPersonal
      2008-05-05 17:09 --------- d-----w C:\Program Files\Lavasoft
      2008-04-30 14:13 --------- d-----w C:\Program Files\Lexmark X1100 Series
      2008-04-29 13:30 --------- d-----w C:\Program Files\LimeWire
      2008-04-21 12:53 --------- d-----w C:\Program Files\Roxio
      2008-04-01 16:19 --------- d-----r C:\Program Files\NIMEGUE2
      2008-04-01 15:44 --------- dc----w C:\Documents and Settings\Jean-Claude\Application Data\BSD Concept
      2008-04-01 15:44 --------- dc----w C:\Documents and Settings\All Users\Application Data\BSD
      2008-03-29 12:34 --------- dc----w C:\Documents and Settings\All Users\Application Data\IM
      2008-03-29 12:33 --------- dc----w C:\Documents and Settings\All Users\Application Data\IncrediMail
      2008-03-21 21:40 --------- d-----w C:\Program Files\MSXML 4.0
      2008-03-20 17:43 --------- dc----w C:\Documents and Settings\Jean-Claude\Application Data\Roxio
      2008-03-20 17:31 --------- dc----w C:\Documents and Settings\All Users\Application Data\Uninstall
      2008-03-20 17:29 --------- dc----w C:\Documents and Settings\All Users\Application Data\Sonic
      2008-03-20 17:28 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
      2008-03-20 17:25 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
      2008-03-20 17:24 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
      2008-03-20 17:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\InstallShield
      2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-03-18 07:44 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
      2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
      2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
      2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
      2008-02-15 10:18 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
      2008-02-15 10:18 118,784 ----a-w C:\WINDOWS\system32\pdfmona.dll
      2008-02-13 16:31 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
      2008-02-13 16:31 253,952 ----a-w C:\WINDOWS\Setup1.exe
      2007-10-19 15:50 32 --sha-w C:\WINDOWS\{25C9E61F-FE5C-4508-A03A-38C7542AD18E}.dat
      2007-10-19 15:40 32 --sha-w C:\WINDOWS\{2C2150BB-B0F4-46F8-8A11-3CBD20B7756E}.dat
      2007-10-19 15:49 32 --sha-w C:\WINDOWS\{47FFA98E-41F4-4015-A309-5C0F9AA01A55}.dat
      2007-10-19 15:46 32 --sha-w C:\WINDOWS\{85935300-F213-4960-B7B1-FB8260492DAF}.dat
      2007-10-19 15:46 32 --sha-w C:\WINDOWS\system32\{0E8796FD-AE33-4EA4-A03E-26079F1D09BD}.dat
      2007-10-19 15:50 32 --sha-w C:\WINDOWS\system32\{7A0F2ED5-2E0A-4479-8F12-018D1C2337EB}.dat
      2007-10-19 15:49 32 --sha-w C:\WINDOWS\system32\{98DB320D-C607-4CAF-AF9A-2BFE58EE1694}.dat
      2007-10-19 15:40 32 --sha-w C:\WINDOWS\system32\{FACCF891-E5A5-492A-9CFA-54A9EE94D777}.dat
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D608F8A-81AD-4E50-A014-EFAF50B5FCAC}]
      C:\WINDOWS\system32\iifcDVOE.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
      "FreeRAM XP"="C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2007-02-05 11:53 1591808]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-12 11:30 68856]
      "Ashampoo PopUpBlocker"="C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe" [2004-02-03 14:13 1216000]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Cloneur Expert Monitor"="C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2007-12-23 12:16 437675]
      "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-12-23 12:16 61440]
      "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 15:21 57344]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
      "NI.UGESV_0001_N122M0303"="C:\Documents and Settings\Jean-Claude\Bureau\setup_fr.exe" [ ]
      "e4b1788f"="C:\WINDOWS\system32\bupqbrgt.dll" [ ]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-16 18:17 282624]
      "BMe7824b13"="C:\WINDOWS\system32\vgjnlxuf.dll" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoLowDiskSpaceCheck"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "vidc.I420"= i420vfw.dll
      "VIDC.ACDV"= ACDV.dll
      "vidc.yv12"= yv12vfw.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
      --a------ 2007-12-23 12:16 61440 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl]
      --a------ 2005-07-29 10:19 168039 C:\Program Files\AVPersonal\AVGNT.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe7824b13]
      C:\WINDOWS\system32\yhjrgalg.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e4b1788f]
      C:\WINDOWS\system32\wrloawxb.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
      --a------ 2007-02-05 11:53 1591808 C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDisp32]
      --a------ 2008-05-12 15:15 18944 C:\WINDOWS\system32\drvjob.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
      --a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2007-12-16 18:17 282624 C:\Program Files\QuickTime\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
      -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      --a------ 2007-12-12 11:30 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      C:\Program Files\Winamp\winampa.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
      "C:\\WINDOWS\\system32\\mmc.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\WINDOWS\\system32\\winver.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "13141:TCP"= 13141:TCP:*:Disabled:NortonAV
      "18951:TCP"= 18951:TCP:*:Disabled:NortonAV
      "17954:TCP"= 17954:TCP:*:Disabled:NortonAV
      "18494:TCP"= 18494:TCP:*:Disabled:NortonAV
      "17514:TCP"= 17514:TCP:*:Disabled:NortonAV
      "18925:TCP"= 18925:TCP:*:Disabled:NortonAV
      "13628:TCP"= 13628:TCP:*:Disabled:NortonAV
      "15086:TCP"= 15086:TCP:*:Disabled:NortonAV
      "13307:TCP"= 13307:TCP:*:Disabled:NortonAV
      "14499:TCP"= 14499:TCP:NortonAV
      "14979:TCP"= 14979:TCP:NortonAV
      "15720:TCP"= 15720:TCP:NortonAV
      "15846:TCP"= 15846:TCP:NortonAV
      "13137:TCP"= 13137:TCP:NortonAV
      "13415:TCP"= 13415:TCP:NortonAV
      "12062:TCP"= 12062:TCP:NortonAV
      "14926:TCP"= 14926:TCP:NortonAV
      "14960:TCP"= 14960:TCP:NortonAV
      "14588:TCP"= 14588:TCP:NortonAV
      "18018:TCP"= 18018:TCP:NortonAV
      "15127:TCP"= 15127:TCP:NortonAV
      "13946:TCP"= 13946:TCP:NortonAV
      "16470:TCP"= 16470:TCP:NortonAV
      "17396:TCP"= 17396:TCP:NortonAV
      "15249:TCP"= 15249:TCP:NortonAV
      "18736:TCP"= 18736:TCP:NortonAV
      "17016:TCP"= 17016:TCP:NortonAV
      "15394:TCP"= 15394:TCP:NortonAV
      "14956:TCP"= 14956:TCP:NortonAV
      "17153:TCP"= 17153:TCP:NortonAV
      "12212:TCP"= 12212:TCP:NortonAV

      R2 AVWUpSrv;AntiVir Update;"C:\Program Files\AVPersonal\AVWUPSRV.EXE" [2005-04-29 09:07]
      R3 avgntdw;avgntdw;C:\PROGRAM FILES\AVPERSONAL\AVGNTDW.SYS [2005-04-29 08:07]
      R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
      R3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys [2001-08-17 22:50]
      S1 GhPciScan;GhostPciScanner;C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys []
      S3 AVR309Prj;AVR309:USB to UART device driver;C:\WINDOWS\system32\Drivers\AVR309.sys [2007-02-20 15:31]
      S3 musbehco;musbehco;C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\musbehco.sys []
      S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

      .
      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-05-13 09:11:38
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\system32\netdde.exe
      C:\Program Files\AVPersonal\AVGUARD.EXE
      C:\WINDOWS\system32\snmp.exe
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\system32\verclsid.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-05-13 9:15:51 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-05-13 07:15:40

      Pre-Run: 56,448,663,552 octets libres
      Post-Run: 56,420,106,240 octets libres

      236 --- E O F --- 2008-05-12 21:05:10
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse ces fichiers sur virus total et tu me dira lesquels sont considérés comme inféctés:

    https://www.virustotal.com/gui/

    C:\WINDOWS\system32\qxhltpuf.exe
    C:\WINDOWS\system32\bnukmbxr.exe
    C:\WINDOWS\system32\amonhjob.exe
    C:\WINDOWS\system32\jgpuchqa.exe
    C:\WINDOWS\system32\ygrwxwcd.exe
    C:\WINDOWS\system32\iifcDVOE.dll
    C:\WINDOWS\system32\yhjrgalg.dll
    C:\WINDOWS\system32\wrloawxb.dll
    C:\WINDOWS\system32\drvjob.dll

    _______________

    Télécharge RavAntivirus d'Evosla :
    http://ww25.evosla.com/compteur.php?soft=rav_antivirus

    # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
    # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
    # Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
    # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
    # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
    # Retire tes disques amovibles et redémarrez votre ordinateur.
    # Poste le rapport, si infection!
    _______________

    colle un rapport avec antivir que tu as et un rapport hijakchits et dis tes soucis actuels
    0
  3. Jean-claude
     
    J'ai suivi tes conseils dont je te remercie.
    C:\WINDOWS\system32\drvjob.dll
    C:\WINDOWS\system32\qxhltpuf.exe
    Ces 2 fichiers dans VIRUSTOTAL semblent connus pour poser problèmes. Mais je ne comprend pas bien le rapport et surtout je ne vois pas ce que je dois faire.

    Par jlpjlp, le mardi 13 mai 2008 à 13:36:16
    analyse ces fichiers sur virus total et tu me dira lesquels sont considérés comme inféctés:

    https://www.virustotal.com/gui/

    RavAntivirus d'Evosla indique "Ordinateur SAin".

    Enfin à l'utilisation tout semble redevenu normal, enfin pour l'instant. J'avais également préalablement à ton mail passer Combofix.

    Je te joins le dernier rapport Hijackthis . Encore merci de ton aide

    =======================================================================
    Logfile of HijackThis v1.99.1
    Scan saved at 14:27:34, on 13/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\netdde.exe
    C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {2D608F8A-81AD-4E50-A014-EFAF50B5FCAC} - C:\WINDOWS\system32\iifcDVOE.dll (file missing)
    O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUp.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\Documents and Settings\Jean-Claude\Bureau\setup_fr.exe"
    O4 - HKLM\..\Run: [e4b1788f] rundll32.exe "C:\WINDOWS\system32\bupqbrgt.dll",b
    O4 - HKLM\..\Run: [BMe7824b13] Rundll32.exe "C:\WINDOWS\system32\vgjnlxuf.dll",s
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\Symantec Shared\Script Blocking\SBServ.exe
    O23 - Service: Speed Disk service - Sony Corporation - (no file)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: (no name) - {2D608F8A-81AD-4E50-A014-EFAF50B5FCAC} - C:\WINDOWS\system32\iifcDVOE.dll (file missing)

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\Documents and Settings\Jean-Claude\Bureau\setup_fr.exe"
    O4 - HKLM\..\Run: [e4b1788f] rundll32.exe "C:\WINDOWS\system32\bupqbrgt.dll",b
    O4 - HKLM\..\Run: [BMe7824b13] Rundll32.exe "C:\WINDOWS\system32\vgjnlxuf.dll",s

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    ______________

    pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    ________________

    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    Driver ::
    musbehco

    File::
    C:\WINDOWS\system32\iifcDVOE.dll
    C:\WINDOWS\system32\vgjnlxuf.dll
    C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\musbehco.sys
    C:\WINDOWS\system32\drvjob.dll
    C:\WINDOWS\system32\qxhltpuf.exe
    C:\Documents and Settings\Jean-Claude\Bureau\setup_fr.exe
    C:\WINDOWS\system32\bupqbrgt.dll
    C:\WINDOWS\system32\vgjnlxuf.dll

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D608F8A-81AD-4E50-A014-EFAF50B5FCAC}]
    "NI.UGESV_0001_N122M0303"=-
    "e4b1788f"=-
    "BMe7824b13"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDisp32]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Jean-Claude
     
    Bonjour,

    A nouveau merci de vos conseils. J'ai essayé de les suivre au maximum, même si j'avoue que je ne comprend pas tout, à mon grand regret.

    En voici les rapports :

    Combofix ==================================================================
    ComboFix 08-05-12.1 - Jean-Claude 2008-05-14 12:21:20.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.276 [GMT 2:00]
    Endroit: C:\Documents and Settings\Jean-Claude\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Jean-Claude\Bureau\CFscript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\musbehco.sys
    C:\Documents and Settings\Jean-Claude\Bureau\setup_fr.exe
    C:\WINDOWS\system32\bupqbrgt.dll
    C:\WINDOWS\system32\drvjob.dll
    C:\WINDOWS\system32\iifcDVOE.dll
    C:\WINDOWS\system32\qxhltpuf.exe
    C:\WINDOWS\system32\vgjnlxuf.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drvjob.dll
    C:\WINDOWS\system32\qxhltpuf.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-13 14:12 . 2008-05-13 14:12 172 --a--c--- C:\curr_ver.tmp
    2008-05-13 09:02 . 2008-05-13 09:02 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    2008-05-13 08:56 . 2008-05-13 08:56 <REP> d----c--- C:\_OTMoveIt
    2008-05-12 09:06 . 2008-05-12 09:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-05-11 18:19 . 2008-05-11 18:19 2,112 --a--c--- C:\WINDOWS\system32\bnukmbxr.exe
    2008-05-11 14:55 . 2008-05-11 14:55 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-11 14:55 . 2008-05-11 15:58 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-10 17:03 . 2008-05-10 17:03 2,112 --a--c--- C:\WINDOWS\system32\amonhjob.exe
    2008-05-09 19:48 . 2008-05-09 19:48 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-05-09 16:58 . 2008-05-09 16:58 2,112 --a--c--- C:\WINDOWS\system32\jgpuchqa.exe
    2008-05-08 16:56 . 2008-05-08 16:56 2,112 --a--c--- C:\WINDOWS\system32\ygrwxwcd.exe
    2008-05-06 18:39 . 2008-05-06 18:39 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
    2008-05-06 09:37 . 2008-05-13 08:49 109,830 --a------ C:\WINDOWS\BMe7824b13.xml
    2008-05-05 17:52 . 2008-05-05 17:52 <REP> d-------- C:\Program Files\WinAVI Video Converter
    2008-05-02 14:15 . 2008-05-02 14:15 <REP> d----c--- C:\Documents and Settings\Jean-Claude\Application Data\TaoUSign
    2008-04-23 22:29 . 2008-04-23 22:29 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-04-23 22:29 . 2007-02-20 15:31 25,600 --a------ C:\WINDOWS\AVR309.dll
    2008-04-23 22:29 . 2007-02-20 15:31 8,652 --a------ C:\WINDOWS\system32\drivers\AVR309.sys
    2008-04-20 18:35 . 2008-04-20 18:35 <REP> d-------- C:\Program Files\XP Autoptimize

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-13 21:16 --------- d-----w C:\Program Files\AVPersonal
    2008-05-12 20:23 --------- d-----w C:\Program Files\Legacy
    2008-05-11 08:46 --------- dc----w C:\Documents and Settings\Jean-Claude\Application Data\LimeWire
    2008-05-11 08:25 --------- d-----w C:\Program Files\Google
    2008-05-05 17:09 --------- d-----w C:\Program Files\Lavasoft
    2008-04-30 14:13 --------- d-----w C:\Program Files\Lexmark X1100 Series
    2008-04-29 13:30 --------- d-----w C:\Program Files\LimeWire
    2008-04-21 12:53 --------- d-----w C:\Program Files\Roxio
    2008-04-01 16:19 --------- d-----r C:\Program Files\NIMEGUE2
    2008-04-01 15:44 --------- dc----w C:\Documents and Settings\Jean-Claude\Application Data\BSD Concept
    2008-04-01 15:44 --------- dc----w C:\Documents and Settings\All Users\Application Data\BSD
    2008-03-29 12:34 --------- dc----w C:\Documents and Settings\All Users\Application Data\IM
    2008-03-29 12:33 --------- dc----w C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-03-21 21:40 --------- d-----w C:\Program Files\MSXML 4.0
    2008-03-20 17:43 --------- dc----w C:\Documents and Settings\Jean-Claude\Application Data\Roxio
    2008-03-20 17:31 --------- dc----w C:\Documents and Settings\All Users\Application Data\Uninstall
    2008-03-20 17:29 --------- dc----w C:\Documents and Settings\All Users\Application Data\Sonic
    2008-03-20 17:28 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
    2008-03-20 17:25 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
    2008-03-20 17:24 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
    2008-03-20 17:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-18 07:44 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-15 10:18 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
    2008-02-15 10:18 118,784 ----a-w C:\WINDOWS\system32\pdfmona.dll
    2007-10-19 15:50 32 --sha-w C:\WINDOWS\{25C9E61F-FE5C-4508-A03A-38C7542AD18E}.dat
    2007-10-19 15:40 32 --sha-w C:\WINDOWS\{2C2150BB-B0F4-46F8-8A11-3CBD20B7756E}.dat
    2007-10-19 15:49 32 --sha-w C:\WINDOWS\{47FFA98E-41F4-4015-A309-5C0F9AA01A55}.dat
    2007-10-19 15:46 32 --sha-w C:\WINDOWS\{85935300-F213-4960-B7B1-FB8260492DAF}.dat
    2007-10-19 15:46 32 --sha-w C:\WINDOWS\system32\{0E8796FD-AE33-4EA4-A03E-26079F1D09BD}.dat
    2007-10-19 15:50 32 --sha-w C:\WINDOWS\system32\{7A0F2ED5-2E0A-4479-8F12-018D1C2337EB}.dat
    2007-10-19 15:49 32 --sha-w C:\WINDOWS\system32\{98DB320D-C607-4CAF-AF9A-2BFE58EE1694}.dat
    2007-10-19 15:40 32 --sha-w C:\WINDOWS\system32\{FACCF891-E5A5-492A-9CFA-54A9EE94D777}.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-13_ 9.15.13.26 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-13 07:10:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-14 06:26:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
    + 2006-10-27 13:09:58 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
    - 2006-10-27 13:09:58 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
    + 2007-07-12 23:30:52 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
    + 2008-05-14 06:26:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_158.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "FreeRAM XP"="C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2007-02-05 11:53 1591808]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-12 11:30 68856]
    "Ashampoo PopUpBlocker"="C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe" [2004-02-03 14:13 1216000]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cloneur Expert Monitor"="C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2007-12-23 12:16 437675]
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-12-23 12:16 61440]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 15:21 57344]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-16 18:17 282624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceCheck"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "VIDC.ACDV"= ACDV.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    --a------ 2007-12-23 12:16 61440 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl]
    --a------ 2005-07-29 10:19 168039 C:\Program Files\AVPersonal\AVGNT.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe7824b13]
    C:\WINDOWS\system32\yhjrgalg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e4b1788f]
    C:\WINDOWS\system32\wrloawxb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
    --a------ 2007-02-05 11:53 1591808 C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDisp32]
    C:\WINDOWS\system32\drvjob.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-12-16 18:17 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-12-12 11:30 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\WINDOWS\\system32\\mmc.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\winver.exe"=

    R2 AVWUpSrv;AntiVir Update;"C:\Program Files\AVPersonal\AVWUPSRV.EXE" [2005-04-29 09:07]
    R3 avgntdw;avgntdw;C:\PROGRAM FILES\AVPERSONAL\AVGNTDW.SYS [2005-04-29 08:07]
    R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
    R3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys [2001-08-17 22:50]
    S1 GhPciScan;GhostPciScanner;C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys []
    S3 AVR309Prj;AVR309:USB to UART device driver;C:\WINDOWS\system32\Drivers\AVR309.sys [2007-02-20 15:31]
    S3 musbehco;musbehco;C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\musbehco.sys []
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-14 12:24:11
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-14 12:26:26
    ComboFix-quarantined-files.txt 2008-05-14 10:26:15
    ComboFix2.txt 2008-05-13 07:15:54

    Pre-Run: 56,414,507,008 octets libres
    Post-Run: 56,562,806,784 octets libres

    178 --- E O F --- 2008-05-13 07:34:16
    ========================================================================

    Combofix QUARANTAINE

    2008-04-24 18:57 78 --a--c--- C:\Qoobox\Quarantine\G\AUTORUN.INF.vir
    2008-05-05 18:35 25600 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wintmh32.dll.vir
    2008-05-05 18:36 35840 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJBuvwU.dll.vir
    2008-05-06 19:19 1480022 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dyjbwdjg.ini.vir
    2008-05-08 16:55 810848 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tywoccqi.ini.vir
    2008-05-09 08:11 811028 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fmqitrvq.ini.vir
    2008-05-10 16:56 837513 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bomhprgl.ini.vir
    2008-05-11 15:56 345 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\EOVDcfii.ini2.vir
    2008-05-11 15:56 837813 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bxwaolrw.ini.vir
    2008-05-11 15:57 457 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\EOVDcfii.ini.vir
    2008-05-11 18:16 276992 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUkKaab.dll.vir
    2008-05-11 18:17 98368 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\sfdrixpp.dll.vir
    2008-05-11 18:22 101952 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\lubjqtou.dll.vir
    2008-05-12 15:15 18944 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drvjob.dll.vir
    2008-05-12 15:15 35840 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMdCvsr.dll.vir
    2008-05-12 17:14 1505233 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\radwcppk.ini.vir
    2008-05-12 18:20 101440 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\jkprdafo.dll.vir
    2008-05-12 18:23 2112 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\qxhltpuf.exe.vir
    2008-05-13 07:37 22 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir
    2008-05-13 08:57 1499318 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tgrbqpub.ini.vir
    2008-05-13 09:02 523904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\baaKkUvw.ini.vir
    2008-05-13 09:02 523904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\baaKkUvw.ini2.vir
    2008-05-13 09:06 260709 --a--c--- C:\Qoobox\Quarantine\catchme2008-05-13_ 90643,37.zip
    2008-05-14 12:23 269 --a--c--- C:\Qoobox\Quarantine\catchme.log

    ========================================================================

    HIJACKTHIS

    Logfile of HijackThis v1.99.1
    Scan saved at 13:28:25, on 14/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\netdde.exe
    C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUp.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\Symantec Shared\Script Blocking\SBServ.exe
    O23 - Service: Speed Disk service - Sony Corporation - (no file)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe

    =======================================================================
    j'espère ne pas avoir fait trop de bétises. Merci à vous bien sincèrement.
    0
  7. Jean-Claude
     
    Bonjour,

    A nouveau merci de vos conseils. J'ai essayé de les suivre au maximum, même si j'avoue que je ne comprend pas tout, à mon grand regret.

    En voici les rapports :

    Combofix ==================================================================
    ComboFix 08-05-12.1 - Jean-Claude 2008-05-14 12:21:20.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.276 [GMT 2:00]
    Endroit: C:\Documents and Settings\Jean-Claude\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Jean-Claude\Bureau\CFscript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\musbehco.sys
    C:\Documents and Settings\Jean-Claude\Bureau\setup_fr.exe
    C:\WINDOWS\system32\bupqbrgt.dll
    C:\WINDOWS\system32\drvjob.dll
    C:\WINDOWS\system32\iifcDVOE.dll
    C:\WINDOWS\system32\qxhltpuf.exe
    C:\WINDOWS\system32\vgjnlxuf.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drvjob.dll
    C:\WINDOWS\system32\qxhltpuf.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-13 14:12 . 2008-05-13 14:12 172 --a--c--- C:\curr_ver.tmp
    2008-05-13 09:02 . 2008-05-13 09:02 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    2008-05-13 08:56 . 2008-05-13 08:56 <REP> d----c--- C:\_OTMoveIt
    2008-05-12 09:06 . 2008-05-12 09:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-05-11 18:19 . 2008-05-11 18:19 2,112 --a--c--- C:\WINDOWS\system32\bnukmbxr.exe
    2008-05-11 14:55 . 2008-05-11 14:55 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-11 14:55 . 2008-05-11 15:58 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-10 17:03 . 2008-05-10 17:03 2,112 --a--c--- C:\WINDOWS\system32\amonhjob.exe
    2008-05-09 19:48 . 2008-05-09 19:48 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-05-09 16:58 . 2008-05-09 16:58 2,112 --a--c--- C:\WINDOWS\system32\jgpuchqa.exe
    2008-05-08 16:56 . 2008-05-08 16:56 2,112 --a--c--- C:\WINDOWS\system32\ygrwxwcd.exe
    2008-05-06 18:39 . 2008-05-06 18:39 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
    2008-05-06 09:37 . 2008-05-13 08:49 109,830 --a------ C:\WINDOWS\BMe7824b13.xml
    2008-05-05 17:52 . 2008-05-05 17:52 <REP> d-------- C:\Program Files\WinAVI Video Converter
    2008-05-02 14:15 . 2008-05-02 14:15 <REP> d----c--- C:\Documents and Settings\Jean-Claude\Application Data\TaoUSign
    2008-04-23 22:29 . 2008-04-23 22:29 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-04-23 22:29 . 2007-02-20 15:31 25,600 --a------ C:\WINDOWS\AVR309.dll
    2008-04-23 22:29 . 2007-02-20 15:31 8,652 --a------ C:\WINDOWS\system32\drivers\AVR309.sys
    2008-04-20 18:35 . 2008-04-20 18:35 <REP> d-------- C:\Program Files\XP Autoptimize

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-13 21:16 --------- d-----w C:\Program Files\AVPersonal
    2008-05-12 20:23 --------- d-----w C:\Program Files\Legacy
    2008-05-11 08:46 --------- dc----w C:\Documents and Settings\Jean-Claude\Application Data\LimeWire
    2008-05-11 08:25 --------- d-----w C:\Program Files\Google
    2008-05-05 17:09 --------- d-----w C:\Program Files\Lavasoft
    2008-04-30 14:13 --------- d-----w C:\Program Files\Lexmark X1100 Series
    2008-04-29 13:30 --------- d-----w C:\Program Files\LimeWire
    2008-04-21 12:53 --------- d-----w C:\Program Files\Roxio
    2008-04-01 16:19 --------- d-----r C:\Program Files\NIMEGUE2
    2008-04-01 15:44 --------- dc----w C:\Documents and Settings\Jean-Claude\Application Data\BSD Concept
    2008-04-01 15:44 --------- dc----w C:\Documents and Settings\All Users\Application Data\BSD
    2008-03-29 12:34 --------- dc----w C:\Documents and Settings\All Users\Application Data\IM
    2008-03-29 12:33 --------- dc----w C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-03-21 21:40 --------- d-----w C:\Program Files\MSXML 4.0
    2008-03-20 17:43 --------- dc----w C:\Documents and Settings\Jean-Claude\Application Data\Roxio
    2008-03-20 17:31 --------- dc----w C:\Documents and Settings\All Users\Application Data\Uninstall
    2008-03-20 17:29 --------- dc----w C:\Documents and Settings\All Users\Application Data\Sonic
    2008-03-20 17:28 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
    2008-03-20 17:25 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
    2008-03-20 17:24 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
    2008-03-20 17:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-18 07:44 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-15 10:18 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
    2008-02-15 10:18 118,784 ----a-w C:\WINDOWS\system32\pdfmona.dll
    2007-10-19 15:50 32 --sha-w C:\WINDOWS\{25C9E61F-FE5C-4508-A03A-38C7542AD18E}.dat
    2007-10-19 15:40 32 --sha-w C:\WINDOWS\{2C2150BB-B0F4-46F8-8A11-3CBD20B7756E}.dat
    2007-10-19 15:49 32 --sha-w C:\WINDOWS\{47FFA98E-41F4-4015-A309-5C0F9AA01A55}.dat
    2007-10-19 15:46 32 --sha-w C:\WINDOWS\{85935300-F213-4960-B7B1-FB8260492DAF}.dat
    2007-10-19 15:46 32 --sha-w C:\WINDOWS\system32\{0E8796FD-AE33-4EA4-A03E-26079F1D09BD}.dat
    2007-10-19 15:50 32 --sha-w C:\WINDOWS\system32\{7A0F2ED5-2E0A-4479-8F12-018D1C2337EB}.dat
    2007-10-19 15:49 32 --sha-w C:\WINDOWS\system32\{98DB320D-C607-4CAF-AF9A-2BFE58EE1694}.dat
    2007-10-19 15:40 32 --sha-w C:\WINDOWS\system32\{FACCF891-E5A5-492A-9CFA-54A9EE94D777}.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-13_ 9.15.13.26 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-13 07:10:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-14 06:26:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
    + 2006-10-27 13:09:58 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
    - 2006-10-27 13:09:58 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
    + 2007-07-12 23:30:52 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
    + 2008-05-14 06:26:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_158.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "FreeRAM XP"="C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2007-02-05 11:53 1591808]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-12 11:30 68856]
    "Ashampoo PopUpBlocker"="C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe" [2004-02-03 14:13 1216000]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cloneur Expert Monitor"="C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2007-12-23 12:16 437675]
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-12-23 12:16 61440]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 15:21 57344]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-16 18:17 282624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceCheck"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "VIDC.ACDV"= ACDV.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    --a------ 2007-12-23 12:16 61440 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl]
    --a------ 2005-07-29 10:19 168039 C:\Program Files\AVPersonal\AVGNT.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe7824b13]
    C:\WINDOWS\system32\yhjrgalg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e4b1788f]
    C:\WINDOWS\system32\wrloawxb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
    --a------ 2007-02-05 11:53 1591808 C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDisp32]
    C:\WINDOWS\system32\drvjob.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-12-16 18:17 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-12-12 11:30 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\WINDOWS\\system32\\mmc.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\winver.exe"=

    R2 AVWUpSrv;AntiVir Update;"C:\Program Files\AVPersonal\AVWUPSRV.EXE" [2005-04-29 09:07]
    R3 avgntdw;avgntdw;C:\PROGRAM FILES\AVPERSONAL\AVGNTDW.SYS [2005-04-29 08:07]
    R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
    R3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys [2001-08-17 22:50]
    S1 GhPciScan;GhostPciScanner;C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys []
    S3 AVR309Prj;AVR309:USB to UART device driver;C:\WINDOWS\system32\Drivers\AVR309.sys [2007-02-20 15:31]
    S3 musbehco;musbehco;C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\musbehco.sys []
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-14 12:24:11
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-14 12:26:26
    ComboFix-quarantined-files.txt 2008-05-14 10:26:15
    ComboFix2.txt 2008-05-13 07:15:54

    Pre-Run: 56,414,507,008 octets libres
    Post-Run: 56,562,806,784 octets libres

    178 --- E O F --- 2008-05-13 07:34:16
    ========================================================================

    Combofix QUARANTAINE

    2008-04-24 18:57 78 --a--c--- C:\Qoobox\Quarantine\G\AUTORUN.INF.vir
    2008-05-05 18:35 25600 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wintmh32.dll.vir
    2008-05-05 18:36 35840 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJBuvwU.dll.vir
    2008-05-06 19:19 1480022 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dyjbwdjg.ini.vir
    2008-05-08 16:55 810848 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tywoccqi.ini.vir
    2008-05-09 08:11 811028 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fmqitrvq.ini.vir
    2008-05-10 16:56 837513 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bomhprgl.ini.vir
    2008-05-11 15:56 345 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\EOVDcfii.ini2.vir
    2008-05-11 15:56 837813 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bxwaolrw.ini.vir
    2008-05-11 15:57 457 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\EOVDcfii.ini.vir
    2008-05-11 18:16 276992 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUkKaab.dll.vir
    2008-05-11 18:17 98368 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\sfdrixpp.dll.vir
    2008-05-11 18:22 101952 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\lubjqtou.dll.vir
    2008-05-12 15:15 18944 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drvjob.dll.vir
    2008-05-12 15:15 35840 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMdCvsr.dll.vir
    2008-05-12 17:14 1505233 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\radwcppk.ini.vir
    2008-05-12 18:20 101440 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\jkprdafo.dll.vir
    2008-05-12 18:23 2112 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\qxhltpuf.exe.vir
    2008-05-13 07:37 22 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir
    2008-05-13 08:57 1499318 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tgrbqpub.ini.vir
    2008-05-13 09:02 523904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\baaKkUvw.ini.vir
    2008-05-13 09:02 523904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\baaKkUvw.ini2.vir
    2008-05-13 09:06 260709 --a--c--- C:\Qoobox\Quarantine\catchme2008-05-13_ 90643,37.zip
    2008-05-14 12:23 269 --a--c--- C:\Qoobox\Quarantine\catchme.log

    ========================================================================

    HIJACKTHIS

    Logfile of HijackThis v1.99.1
    Scan saved at 13:28:25, on 14/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\netdde.exe
    C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUp.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\Symantec Shared\Script Blocking\SBServ.exe
    O23 - Service: Speed Disk service - Sony Corporation - (no file)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe

    =======================================================================
    j'espère ne pas avoir fait trop de bétises. Merci à vous bien sincèrement.
    0
  8. Jean-Claude
     
    Bonjour,

    A nouveau merci de vos conseils. J'ai essayé de les suivre au maximum, même si j'avoue que je ne comprend pas tout, à mon grand regret.

    En voici les rapports :

    Combofix ==================================================================
    ComboFix 08-05-12.1 - Jean-Claude 2008-05-14 12:21:20.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.276 [GMT 2:00]
    Endroit: C:\Documents and Settings\Jean-Claude\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Jean-Claude\Bureau\CFscript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\musbehco.sys
    C:\Documents and Settings\Jean-Claude\Bureau\setup_fr.exe
    C:\WINDOWS\system32\bupqbrgt.dll
    C:\WINDOWS\system32\drvjob.dll
    C:\WINDOWS\system32\iifcDVOE.dll
    C:\WINDOWS\system32\qxhltpuf.exe
    C:\WINDOWS\system32\vgjnlxuf.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drvjob.dll
    C:\WINDOWS\system32\qxhltpuf.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-13 14:12 . 2008-05-13 14:12 172 --a--c--- C:\curr_ver.tmp
    2008-05-13 09:02 . 2008-05-13 09:02 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    2008-05-13 08:56 . 2008-05-13 08:56 <REP> d----c--- C:\_OTMoveIt
    2008-05-12 09:06 . 2008-05-12 09:05 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-05-11 18:19 . 2008-05-11 18:19 2,112 --a--c--- C:\WINDOWS\system32\bnukmbxr.exe
    2008-05-11 14:55 . 2008-05-11 14:55 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-11 14:55 . 2008-05-11 15:58 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-05-10 17:03 . 2008-05-10 17:03 2,112 --a--c--- C:\WINDOWS\system32\amonhjob.exe
    2008-05-09 19:48 . 2008-05-09 19:48 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-05-09 16:58 . 2008-05-09 16:58 2,112 --a--c--- C:\WINDOWS\system32\jgpuchqa.exe
    2008-05-08 16:56 . 2008-05-08 16:56 2,112 --a--c--- C:\WINDOWS\system32\ygrwxwcd.exe
    2008-05-06 18:39 . 2008-05-06 18:39 5,120 --ahs---- C:\WINDOWS\system32\Thumbs.db
    2008-05-06 09:37 . 2008-05-13 08:49 109,830 --a------ C:\WINDOWS\BMe7824b13.xml
    2008-05-05 17:52 . 2008-05-05 17:52 <REP> d-------- C:\Program Files\WinAVI Video Converter
    2008-05-02 14:15 . 2008-05-02 14:15 <REP> d----c--- C:\Documents and Settings\Jean-Claude\Application Data\TaoUSign
    2008-04-23 22:29 . 2008-04-23 22:29 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-04-23 22:29 . 2007-02-20 15:31 25,600 --a------ C:\WINDOWS\AVR309.dll
    2008-04-23 22:29 . 2007-02-20 15:31 8,652 --a------ C:\WINDOWS\system32\drivers\AVR309.sys
    2008-04-20 18:35 . 2008-04-20 18:35 <REP> d-------- C:\Program Files\XP Autoptimize

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-13 21:16 --------- d-----w C:\Program Files\AVPersonal
    2008-05-12 20:23 --------- d-----w C:\Program Files\Legacy
    2008-05-11 08:46 --------- dc----w C:\Documents and Settings\Jean-Claude\Application Data\LimeWire
    2008-05-11 08:25 --------- d-----w C:\Program Files\Google
    2008-05-05 17:09 --------- d-----w C:\Program Files\Lavasoft
    2008-04-30 14:13 --------- d-----w C:\Program Files\Lexmark X1100 Series
    2008-04-29 13:30 --------- d-----w C:\Program Files\LimeWire
    2008-04-21 12:53 --------- d-----w C:\Program Files\Roxio
    2008-04-01 16:19 --------- d-----r C:\Program Files\NIMEGUE2
    2008-04-01 15:44 --------- dc----w C:\Documents and Settings\Jean-Claude\Application Data\BSD Concept
    2008-04-01 15:44 --------- dc----w C:\Documents and Settings\All Users\Application Data\BSD
    2008-03-29 12:34 --------- dc----w C:\Documents and Settings\All Users\Application Data\IM
    2008-03-29 12:33 --------- dc----w C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-03-21 21:40 --------- d-----w C:\Program Files\MSXML 4.0
    2008-03-20 17:43 --------- dc----w C:\Documents and Settings\Jean-Claude\Application Data\Roxio
    2008-03-20 17:31 --------- dc----w C:\Documents and Settings\All Users\Application Data\Uninstall
    2008-03-20 17:29 --------- dc----w C:\Documents and Settings\All Users\Application Data\Sonic
    2008-03-20 17:28 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
    2008-03-20 17:25 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
    2008-03-20 17:24 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
    2008-03-20 17:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-18 07:44 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-15 10:18 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
    2008-02-15 10:18 118,784 ----a-w C:\WINDOWS\system32\pdfmona.dll
    2007-10-19 15:50 32 --sha-w C:\WINDOWS\{25C9E61F-FE5C-4508-A03A-38C7542AD18E}.dat
    2007-10-19 15:40 32 --sha-w C:\WINDOWS\{2C2150BB-B0F4-46F8-8A11-3CBD20B7756E}.dat
    2007-10-19 15:49 32 --sha-w C:\WINDOWS\{47FFA98E-41F4-4015-A309-5C0F9AA01A55}.dat
    2007-10-19 15:46 32 --sha-w C:\WINDOWS\{85935300-F213-4960-B7B1-FB8260492DAF}.dat
    2007-10-19 15:46 32 --sha-w C:\WINDOWS\system32\{0E8796FD-AE33-4EA4-A03E-26079F1D09BD}.dat
    2007-10-19 15:50 32 --sha-w C:\WINDOWS\system32\{7A0F2ED5-2E0A-4479-8F12-018D1C2337EB}.dat
    2007-10-19 15:49 32 --sha-w C:\WINDOWS\system32\{98DB320D-C607-4CAF-AF9A-2BFE58EE1694}.dat
    2007-10-19 15:40 32 --sha-w C:\WINDOWS\system32\{FACCF891-E5A5-492A-9CFA-54A9EE94D777}.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2008-05-13_ 9.15.13.26 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-13 07:10:42 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-14 06:26:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
    + 2006-10-27 13:09:58 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
    - 2006-10-27 13:09:58 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
    + 2007-07-12 23:30:52 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
    + 2008-05-14 06:26:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_158.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "FreeRAM XP"="C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2007-02-05 11:53 1591808]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-12 11:30 68856]
    "Ashampoo PopUpBlocker"="C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe" [2004-02-03 14:13 1216000]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cloneur Expert Monitor"="C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe" [2007-12-23 12:16 437675]
    "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2007-12-23 12:16 61440]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 15:21 57344]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-16 18:17 282624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceCheck"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "VIDC.ACDV"= ACDV.dll
    "vidc.yv12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    --a------ 2007-12-23 12:16 61440 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVGCtrl]
    --a------ 2005-07-29 10:19 168039 C:\Program Files\AVPersonal\AVGNT.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe7824b13]
    C:\WINDOWS\system32\yhjrgalg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e4b1788f]
    C:\WINDOWS\system32\wrloawxb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
    --a------ 2007-02-05 11:53 1591808 C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSDisp32]
    C:\WINDOWS\system32\drvjob.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2007-10-23 23:18 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-12-16 18:17 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    -rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-12-12 11:30 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "C:\\WINDOWS\\system32\\mmc.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\winver.exe"=

    R2 AVWUpSrv;AntiVir Update;"C:\Program Files\AVPersonal\AVWUPSRV.EXE" [2005-04-29 09:07]
    R3 avgntdw;avgntdw;C:\PROGRAM FILES\AVPERSONAL\AVGNTDW.SYS [2005-04-29 08:07]
    R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]
    R3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys [2001-08-17 22:50]
    S1 GhPciScan;GhostPciScanner;C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys []
    S3 AVR309Prj;AVR309:USB to UART device driver;C:\WINDOWS\system32\Drivers\AVR309.sys [2007-02-20 15:31]
    S3 musbehco;musbehco;C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\musbehco.sys []
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-14 12:24:11
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-14 12:26:26
    ComboFix-quarantined-files.txt 2008-05-14 10:26:15
    ComboFix2.txt 2008-05-13 07:15:54

    Pre-Run: 56,414,507,008 octets libres
    Post-Run: 56,562,806,784 octets libres

    178 --- E O F --- 2008-05-13 07:34:16
    ========================================================================

    Combofix QUARANTAINE

    2008-04-24 18:57 78 --a--c--- C:\Qoobox\Quarantine\G\AUTORUN.INF.vir
    2008-05-05 18:35 25600 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wintmh32.dll.vir
    2008-05-05 18:36 35840 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ljJBuvwU.dll.vir
    2008-05-06 19:19 1480022 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\dyjbwdjg.ini.vir
    2008-05-08 16:55 810848 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tywoccqi.ini.vir
    2008-05-09 08:11 811028 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fmqitrvq.ini.vir
    2008-05-10 16:56 837513 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bomhprgl.ini.vir
    2008-05-11 15:56 345 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\EOVDcfii.ini2.vir
    2008-05-11 15:56 837813 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bxwaolrw.ini.vir
    2008-05-11 15:57 457 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\EOVDcfii.ini.vir
    2008-05-11 18:16 276992 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wvUkKaab.dll.vir
    2008-05-11 18:17 98368 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\sfdrixpp.dll.vir
    2008-05-11 18:22 101952 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\lubjqtou.dll.vir
    2008-05-12 15:15 18944 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drvjob.dll.vir
    2008-05-12 15:15 35840 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMdCvsr.dll.vir
    2008-05-12 17:14 1505233 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\radwcppk.ini.vir
    2008-05-12 18:20 101440 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\jkprdafo.dll.vir
    2008-05-12 18:23 2112 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\system32\qxhltpuf.exe.vir
    2008-05-13 07:37 22 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir
    2008-05-13 08:57 1499318 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tgrbqpub.ini.vir
    2008-05-13 09:02 523904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\baaKkUvw.ini.vir
    2008-05-13 09:02 523904 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\baaKkUvw.ini2.vir
    2008-05-13 09:06 260709 --a--c--- C:\Qoobox\Quarantine\catchme2008-05-13_ 90643,37.zip
    2008-05-14 12:23 269 --a--c--- C:\Qoobox\Quarantine\catchme.log

    ========================================================================

    HIJACKTHIS

    Logfile of HijackThis v1.99.1
    Scan saved at 13:28:25, on 14/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\netdde.exe
    C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUp.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O4 - HKLM\..\Run: [Cloneur Expert Monitor] "C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\Ashampoo WinOptimizer Platinum Suite\PopUpKiller.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\Symantec Shared\Script Blocking\SBServ.exe
    O23 - Service: Speed Disk service - Sony Corporation - (no file)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe

    =======================================================================
    j'espère ne pas avoir fait trop de bétises. Merci à vous bien sincèrement.
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    c'est parfait!!!

    ______________

    vire ce qui est dans quarantine en allant dans poste de travail puis:

    C:\Qoobox\Quarantine

    ______________

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    _______________

    colle un rapport avec antivir que tu as
    et dis moi si encore des problèmes
    0
  10. Jean-Claude
     
    Bonsoir,

    voici les résultats de Malwarebyte :

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 748

    Type de recherche: Examen rapide
    Eléments examinés: 34879
    Temps écoulé: 11 minute(s), 49 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    ========================================================================
    MALWAREBYTE 2 ème passage

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 748

    Type de recherche: Examen rapide
    Eléments examinés: 34979
    Temps écoulé: 12 minute(s), 0 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    ====================================================================

    Et enfin mon antivirus

    Creation date of the report file: mercredi 14 mai 2008 18:55

    AntiVir®/XP (2000 + NT) PersonalEdition Classic
    Build 1064 of 13.09.2005
    Mainprogram 6.32.00.06 of 07.09.2005
    VDF file 6.32.0.24 (0) of 20.09.2005

    This program is for PERSONAL USE only.
    Any other use is PROHIBITED.
    Informations regarding commercial versions of AntiVir may be obtained from:
    www.hbedv.com.

    Scanning for 220889 virus strains and unwanted programs.

    Licensed for: AntiVir Personal Edition
    Serial number: 0000149991-WURGE-0001

    Please enter the workstation and
    contact name with phone number in this form:

    Name ___________________________________________

    Street ___________________________________________

    Town ___________________________________________

    Phone/Fax ___________________________________________

    Email ___________________________________________

    Platform: Windows NT Workstation
    Windows version: 5.1 Build 2600 (Service Pack 2)
    Username: Jean-Claude
    Computername: PC-BUREAU
    Processor: Pentium
    Working memory: 523760 KB free

    Version information:
    AVWIN.DLL : 6.32.00.04 561192 16.08.2005 10:22:36
    AVEWIN32.DLL : 6.32.0.3 823808 05.09.2005 11:27:02
    AVGNT.EXE : 6.32.00.00 168039 29.07.2005 10:19:28
    AVGUARD.EXE : 6.32.00.06 207912 07.09.2005 16:34:50
    GUARDMSG.DLL : 6.30.00.02 94248 01.02.2005 11:24:12
    AVGCMSG.DLL : 6.32.00.00 258165 29.07.2005 10:19:30
    AVGNTDW.SYS : 6.31.00.01 32896 29.04.2005 08:07:16
    AVPACK32.DLL : 6.31.01.07 327720 07.09.2005 09:08:28
    AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 18:10:20
    AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 18:10:22
    AVSched32.EXE : 6.32.00.00 110632 29.07.2005 10:19:28
    AVSched32.DLL : 6.30.00.00 122880 01.02.2005 11:24:12
    AVREG.DLL : 6.31.00.05 41000 07.09.2005 16:34:50
    AVRep.DLL : 6.32.00.23 1359912 20.09.2005 08:22:46
    INETUPD.EXE : 6.32.00.05 254011 16.08.2005 16:46:10
    INETUPD.DLL : 6.32.00.05 143360 16.08.2005 16:46:10
    CTL3D32.DLL : 2.31.000 27136 05.08.2004 14:00:00
    MFC42.DLL : 6.02.4131.0 1028096 05.08.2004 14:00:00
    MSVCRT.DLL : 7.0.2600.2180 (xpsp_sp2_rtm.0408
    MSVCRT.DLL : 7.0.2600.2180 343040 05.08.2004 14:00:00
    CTL3DV2.DLL : No information

    Configuration file:

    Name of configuration file: C:\Program Files\AVPersonal\AVWIN.INI
    Name of report file: C:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
    Start path: C:\Program Files\AVPersonal
    Command line:
    Start mode: unknown

    Mode of report file:
    [ ] Do not create report
    [X] Overwrite report
    [ ] Append new report

    Data in report file:
    [X] Infected files
    [ ] Infected files with paths
    [ ] All scanned files
    [ ] Full information

    Abridge report file:
    [ ] Abridge report file

    Warnings in report:
    [X] Access denied/file locked
    [X] Wrong file size in directory
    [X] Wrong creation time in directory
    [ ] COM file is too large
    [X] Invalid start address
    [X] Invalid EXE header
    [X] Possibly damaged

    Summary report:
    [X] Create summary report
    Output file: AVWIN.ACT
    Maximum number of entries: 100

    Where to search:
    [X] Memory
    [X] Boot record of selected drives
    [ ] Report unknown boot sectors
    [ ] All files
    [X] Program files
    Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

    Response in case of a detection:
    [X] Repair with prompt
    [ ] Repair without prompt
    [ ] Delete with prompt
    [ ] Delete without prompt
    [ ] Write in report file only
    [X] Acoustic alarm

    Response in case of destroyed files:
    [X] Delete with prompt
    [ ] Delete without prompt
    [ ] Ignore

    Response in case of destroyed files:
    [X] No change
    [ ] Current system time
    [ ] Correct date

    Drag&drop settings:
    [X] Scan subdirectories

    Profile settings:
    [X] Scan subdirectories

    Archive options
    [X] Search archive
    [X] All archive types

    Miscellaneous options:
    Temporary path: %TEMP% -> C:\DOCUME~1\JEAN-C~1\LOCALS~1\Temp
    [X] Overwrite infected files
    [ ] Detect idle time
    [X] Allow interruptions of scan
    [X] Load AVWin®/NT Guard on System start

    General settings:
    [X] Save options on exiting AntiVir
    Priority: medium

    Drives:
    A: Floppy drive
    C: Hard disk
    E: CD-ROM
    F: CD-ROM
    G: Hard disk

    Start of scan: mercredi 14 mai 2008 18:55

    Memory test OK
    Master boot record of hard disk HD0 OK
    Master boot record of hard disk HD1 OK
    Boot record of drive C: OK

    C:\
    pagefile.sys
    Access denied! Error during file opening!
    This is a Windows swap file. This file is locked by Windows.
    Error code: 0x000D
    WARNING! Access error/file locked!
    C:\Documents and Settings\Jean-Claude\Mes documents\Mes Logiciels\Sauvegardes\PC Cloneur Expert\mm_ress\Acrobat
    ar500fra.exe
    ArchiveType: CAB SFX (self extracting)
    --> \Abcpy.ini
    NOTE! Bad header
    --> \DATA.TAG
    NOTE! Bad header
    --> \data1.cab
    NOTE! Bad header
    --> \data1.hdr
    NOTE! Bad header
    --> \Help\ENU\ACROBAT.PDF
    NOTE! Bad header
    --> \Help\ENU\MiniReader.pdf
    NOTE! Bad header
    --> \Help\FRA\Acrobat.pdf
    NOTE! Bad header
    --> \Help\FRA\MiniReader.pdf
    NOTE! Bad header
    --> \lang.dat
    NOTE! Bad header
    --> \layout.bin
    NOTE! Bad header
    --> \Lisezmoi.html
    NOTE! Bad header
    --> \os.dat
    NOTE! Bad header
    --> \Reader\AceLite.dll
    NOTE! Bad header
    --> \Reader\ACROFX32.DLL
    NOTE! Bad header
    --> \Reader\AcroRd32.exe
    NOTE! Bad header
    --> \Reader\ActiveX\AcroIEHelper.ocx
    NOTE! Bad header
    --> \Reader\ActiveX\PDF.FRA
    NOTE! Bad header
    --> \Reader\ActiveX\pdf.ocx
    NOTE! Bad header
    --> \Reader\ActiveX\pdf.tlb
    NOTE! Bad header
    --> \Reader\Agm.dll
    NOTE! Bad header
    --> \Reader\Bib.dll
    NOTE! Bad header
    --> \Reader\Browser\nppdf32.dll
    NOTE! Bad header
    --> \Reader\Browser\nppdf32.FRA
    NOTE! Bad header
    --> \Reader\CoolType.dll
    NOTE! Bad header
    --> \Reader\JavaScripts\aform.js
    NOTE! Bad header
    --> \Reader\msvcp60.dll
    NOTE! Bad header
    --> \Reader\msvcrt.dll
    NOTE! Bad header
    --> \Reader\oleaut32.dll
    NOTE! Bad header
    --> \Reader\Optional\README.TXT
    NOTE! Bad header
    --> \Reader\plug_ins\AcroFill.api
    NOTE! Bad header
    --> \Reader\plug_ins\AcroFill.FRA
    NOTE! Bad header
    --> \Reader\plug_ins\EScript.api
    NOTE! Bad header
    --> \Reader\plug_ins\EScript.FRA
    NOTE! Bad header
    --> \Reader\plug_ins\EWH32.api
    NOTE! Bad header
    --> \Reader\plug_ins\Ewh32.fra
    NOTE! Bad header
    --> \Reader\plug_ins\hls.api
    NOTE! Bad header
    --> \Reader\plug_ins\Hls.fra
    NOTE! Bad header
    --> \Reader\plug_ins\IA32.api
    NOTE! Bad header
    --> \Reader\plug_ins\IA32.FRA
    NOTE! Bad header
    --> \Reader\plug_ins\Movie\Movie.api
    NOTE! Bad header
    --> \Reader\plug_ins\Movie\Movie.FRA
    NOTE! Bad header
    --> \Reader\plug_ins\Movie\QT2.dll
    NOTE! Bad header
    --> \Reader\plug_ins\Movie\QT3.dll
    NOTE! Bad header
    --> \Reader\plug_ins\Movie\QT4.dll
    NOTE! Bad header
    --> \Reader\plug_ins\reflow.api
    NOTE! Bad header
    --> \Reader\plug_ins\Reflow.FRA
    NOTE! Bad header
    --> \Reader\plug_ins\WEBBUY\HTML\btn_submit.gif
    NOTE! Bad header
    --> \Reader\plug_ins\WEBBUY\HTML\table_btm.gif
    NOTE! Bad header
    --> \Reader\plug_ins\WEBBUY\HTML\template1.html
    NOTE! Bad header
    --> \Reader\plug_ins\WEBBUY\HTML\template2.html
    NOTE! Bad header
    --> \Reader\plug_ins\WEBBUY\HTML\template5.html
    NOTE! Bad header
    --> \Reader\plug_ins\WEBBUY\HTML\title_acrobat.gif
    NOTE! Bad header
    --> \Reader\plug_ins\WEBBUY\HTML\title_adobe.gif
    NOTE! Bad header
    --> \Reader\plug_ins\WEBBUY\HTML\title_end.gif
    NOTE! Bad header
    --> \Reader\plug_ins\WEBBUY\HTML\title_mid.gif
    NOTE! Bad header
    --> \Reader\plug_ins\Webbuy.api
    NOTE! Bad header
    --> \Reader\plug_ins\WebBuy.FRA
    NOTE! Bad header
    --> \Reader\plug_ins\weblink.api
    NOTE! Bad header
    --> \Reader\plug_ins\Weblink.FRA
    NOTE! Bad header
    --> \Reader\plug_ins\WHA.api
    NOTE! Bad header
    --> \Reader\plug_ins\Wha.fra
    NOTE! Bad header
    --> \Reader\RdLang32.FRA
    NOTE! Bad header
    --> \Reader\RdrFRA.xml
    NOTE! Bad header
    --> \Reader\SPPlugins\ADMPlugin.apl
    NOTE! Bad header
    --> \Reader\SPPlugins\ExpressViews.apl
    NOTE! Bad header
    --> \Reader\Uninstall\Uninst.dll
    NOTE! Bad header
    --> \Reader\WHA Library.dll
    NOTE! Bad header
    --> \Reader\WHA Library.FRA
    NOTE! Bad header
    --> \Resource\CMap\Identity-H
    NOTE! Bad header
    --> \Resource\CMap\Identity-V
    NOTE! Bad header
    --> \Resource\ENUtxt.pdf
    NOTE! Bad header
    --> \Resource\Font\AdobeFnt.lst
    NOTE! Bad header
    --> \Resource\Font\cobo____.pfb
    NOTE! Bad header
    --> \Resource\Font\cob_____.pfb
    NOTE! Bad header
    --> \Resource\Font\com_____.pfb
    NOTE! Bad header
    --> \Resource\Font\coo_____.pfb
    NOTE! Bad header
    --> \Resource\Font\PFM\COBO____.PFM
    NOTE! Bad header
    --> \Resource\Font\PFM\COB_____.PFM
    NOTE! Bad header
    --> \Resource\Font\PFM\COM_____.PFM
    NOTE! Bad header
    --> \Resource\Font\PFM\COO_____.PFM
    NOTE! Bad header
    --> \Resource\Font\PFM\SY______.PFM
    NOTE! Bad header
    --> \Resource\Font\PFM\ZD______.PFM
    NOTE! Bad header
    --> \Resource\Font\PFM\ZX______.MMM
    NOTE! Bad header
    --> \Resource\Font\PFM\zx______.pfm
    NOTE! Bad header
    --> \Resource\Font\PFM\ZY______.MMM
    NOTE! Bad header
    --> \Resource\Font\PFM\zy______.pfm
    NOTE! Bad header
    --> \Resource\Font\PFM\_ABI____.PFM
    NOTE! Bad header
    --> \Resource\Font\PFM\_AB_____.PFM
    NOTE! Bad header
    --> \Resource\Font\PFM\_AI_____.PFM
    NOTE! Bad header
    --> \Resource\Font\PFM\_A______.PFM
    NOTE! Bad header
    --> \Resource\Font\PFM\_ebi____.pfm
    NOTE! Bad header
    --> \Resource\Font\PFM\_eb_____.pfm
    NOTE! Bad header
    --> \Resource\Font\PFM\_ei_____.pfm
    NOTE! Bad header
    --> \Resource\Font\PFM\_er_____.pfm
    NOTE! Bad header
    --> \Resource\Font\SY______.PFB
    NOTE! Bad header
    --> \Resource\Font\ZD______.PFB
    NOTE! Bad header
    --> \Resource\Font\ZX______.PFB
    NOTE! Bad header
    --> \Resource\Font\ZY______.PFB
    NOTE! Bad header
    --> \Resource\Font\_ABI____.PFB
    NOTE! Bad header
    --> \Resource\Font\_AB_____.PFB
    NOTE! Bad header
    --> \Resource\Font\_AI_____.PFB
    NOTE! Bad header
    --> \Resource\Font\_A______.PFB
    NOTE! Bad header
    --> \Resource\Font\_ebi____.pfb
    NOTE! Bad header
    --> \Resource\Font\_eb_____.pfb
    NOTE! Bad header
    --> \Resource\Font\_ei_____.pfb
    NOTE! Bad header
    --> \Resource\Font\_er_____.pfb
    NOTE! Bad header
    --> \Resource\FRAtxt.pdf
    NOTE! Bad header
    --> \Setup.exe
    NOTE! Bad header
    --> \SETUP.INI
    NOTE! Bad header
    --> \setup.ins
    NOTE! Bad header
    --> \setup.lid
    NOTE! Bad header
    --> \SVG Files\NPSVGVw.dll
    NOTE! Bad header
    --> \SVG Files\ReadMe.html
    NOTE! Bad header
    --> \SVG Files\SVG Viewer License.txt
    NOTE! Bad header
    --> \SVG Files\SVGAbout.svg
    NOTE! Bad header
    --> \SVG Files\SVGControl.dll
    NOTE! Bad header
    --> \SVG Files\SVGHelp.html
    NOTE! Bad header
    --> \SVG Files\SVGRSRC.DLL
    NOTE! Bad header
    --> \SVG Files\SVGView.dll
    NOTE! Bad header
    --> \SVG Files\SVGViewer.dict
    NOTE! Bad header
    --> \SVG Files\SVGViewer.ini
    NOTE! Bad header
    --> \SVG Files\SVGViewer.zip
    NOTE! Bad header
    --> \_INST32I.EX_
    NOTE! Bad header
    --> \_ISDel.exe
    NOTE! Bad header
    --> \_Setup.dll
    NOTE! Bad header
    --> \_sys1.cab
    NOTE! Bad header
    --> \_sys1.hdr
    NOTE! Bad header
    --> \_user1.cab
    NOTE! Bad header
    --> \_user1.hdr
    NOTE! Bad header
    Error! Could not change directory: System Volume Information
    C:\WINDOWS\SoftwareDistribution\EventCache
    {0EAD2F5C-A3BA-449B-876B-3ECFCA774395}.bin
    Access denied! Error during file opening!
    Error code: 0x000D
    WARNING! Access error/file locked!
    C:\WINDOWS\system32\config
    default
    Access denied! Error during file opening!
    Error code: 0x000D
    WARNING! Access error/file locked!
    SAM
    Access denied! Error during file opening!
    Error code: 0x000D
    WARNING! Access error/file locked!
    SECURITY
    Access denied! Error during file opening!
    Error code: 0x000D
    WARNING! Access error/file locked!
    software
    Access denied! Error during file opening!
    Error code: 0x000D
    WARNING! Access error/file locked!
    system
    Access denied! Error during file opening!
    Error code: 0x000D
    WARNING! Access error/file locked!

    End of scan: mercredi 14 mai 2008 19:44
    Time taken: 48:58 min

    5795 directories were scanned
    85516 files were scanned
    7 warning messages were issued
    0 files were deleted
    0 files were repaired
    0 detections

    =====================================================================

    Tout parait redevenu normal, temps de réponse et internet explorer. L'opération a été très efficace. En tout cas cette expérience m'a permis de découvrir pas mal d'outils dont je ne soupçonnait pas même l'existence.

    Sauf avis contraire de votre part je crois que l'incident peut être considéré comme clos. Merci encore à vous pour vos directives pertinentes. Bien à vous cordialmement,
    Jean-Claude Guéniot.
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui c'est bon!!!

    utilise TOOLSCLEANER pour virer tout ce que je t'ai fais mettre

    http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

    _________________

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    AVAST en français ou ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    MalwareByte's Anti-Malware + SPYBOT

    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------
    CCLEANER pour effacer les traces de surf
    ---------
    naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
    http://www.mozilla-europe.org/fr/products/firefox/
    0
  12. Jean-Claude
     
    On peut donc considérer l'incident comme clos. J'ai déjà eu ce problème par le passé, ce qui m'a valu un formattage du disque dur et une réinstallation de Windows. La méthode que tu m'as indiquée est nettement plus avantageuse et efficace.

    Merci de tes bons conseils et pour tout ce que j'ai appris grace à toi.

    Cordialement
    0