Trojan TR/BHO.abo.9

Résolu
annalana -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
depuis quelque temps j'ai un trojan TR/BHO.abo.9 la mise en quarantaine est impossible

ci-jont un extrait du rapport antivir fait ce matin

Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP650\A0422122.dll
[DETECTION] Is the Trojan horse TR/BHO.abo.9
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16004
[WARNING] The source file could not be found.
Begin scan in 'F:\' <BACKUP>

End of the scan: lundi 11 février 2008 12:07
Used time: 3:10:30 min

The scan has been done completely.

7192 Scanning directories
554693 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
554692 Files not concerned
13013 Archives were scanned
3 Warnings
154 Notes

et un rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:44:34, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\MSI\Common\RaUI.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\karine lopez\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 212.150.54.250 dv-networks.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {37629D47-C1DF-4B13-931B-DB7934336BFB} - C:\WINDOWS\system32\clusap.dll (file missing)
O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsr37.dll (file missing)
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/KARINE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 10220 bytes

MERCI BEAUCOUP POUR VOTRE AIDE
annalana
Configuration: Windows XP
Internet Explorer 7.0

23 réponses

  • 1
  • 2
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    repost un nouveau hijack this egalement

    @+
    0
  2. annalana
     
    MERCI POUR TA REPONSE

    ComboFix 08-02.05.3 - kl 2008-02-10 23:30:39.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.502 [GMT 1:00]
    Endroit: C:\Documents and Settings\kl\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-10 23:22 . 2004-08-20 00:09 400,896 --a------ C:\kmd.exe
    2008-01-29 00:45 . 2008-02-03 10:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-28 19:03 . 2008-01-28 19:03 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-28 19:03 . 2008-01-28 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-28 19:01 . 2008-01-28 19:01 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-28 18:56 . 2008-01-28 18:56 <REP> d-------- C:\Program Files\Yahoo!
    2008-01-28 18:56 . 2008-01-28 18:56 <REP> d-------- C:\Program Files\CCleaner
    2008-01-28 18:51 . 2008-01-28 18:51 <REP> d-------- C:\Program Files\Avira
    2008-01-28 18:51 . 2008-01-28 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-12 22:16 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-01-12 22:16 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-01-12 22:16 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-01-12 22:16 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-01-12 22:16 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-01-12 22:16 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-01-12 22:16 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-01-12 22:16 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-01-12 22:16 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-01-12 22:15 . 2008-01-12 22:16 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-12 22:11 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-27 19:00 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
    2008-01-27 10:37 --------- d-----w C:\Program Files\eMule
    2008-01-27 10:31 --------- d-----w C:\Program Files\Panda Security
    2008-01-27 10:29 --------- d-----w C:\Program Files\BitTorrent
    2008-01-27 10:24 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2007-12-22 11:18 --------- d-----w C:\Documents and Settings\karine lopez\Application Data\Vso
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-08-04 07:34 47,360 ----a-w C:\Documents and Settings\karine lopez\Application Data\pcouffin.sys
    2005-04-24 11:01 49,072 -c--a-w C:\Documents and Settings\karine lopez\Application Data\GDIPFONTCACHEV1.DAT
    2005-01-03 18:56 61 -csh--w C:\WINDOWS\cnerolf.dat
    .
    [code]<pre>
    -c--a-w 414,311,881 2003-12-10 11:55:12 C:\Documents and Settings\kl\Mes documents\Nouveau dossier\Microsoft Office 2002 XP ( .exe
    </pre>/code

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37629D47-C1DF-4B13-931B-DB7934336BFB}]
    C:\WINDOWS\system32\clusap.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
    C:\WINDOWS\system32\nsr37.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sonic RecordNow!"="" []
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "Update Service"="C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe" [2004-04-23 11:43 30208]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 23:03 68856]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 14:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
    "UpdateManager"="c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
    "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 09:33 299008]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-03-29 10:08 151597]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2003-10-26 22:53 57344]
    "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-12-04 12:34 406016]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-01-30 11:45 81920]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 19:44 65536]
    "eCarteBleue-BP"="C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" [2003-06-20 10:09 188416]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-03-29 10:08 77824]
    "NWEReboot"="" []
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-28 18:58 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 23:03 68856]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Contr“leur de calendrier Ulead.lnk - C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2004-04-18 22:12:44 69632]
    MSI Wireless Utility.lnk - C:\Program Files\MSI\Common\RaUI.exe [2007-05-23 16:30:20 425984]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{478CAB9E-9E28-11D4-97FF-0050047D51FB}"= C:\WINDOWS\System32\EZUPBH~1.DLL [2004-04-23 11:44 49152]

    R0 fjnkikil;fjnkikil;C:\WINDOWS\system32\drivers\rgyulkhy.dat []
    R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
    R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 15:02]
    R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-04 18:39]
    R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2004-04-08 11:04]
    R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 10:44]
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 10:17]
    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 09:17]
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 02:23]
    S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [1999-09-23 12:02]
    S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
    S1 sonypvd2;sonypvd2;C:\WINDOWS\system32\DRIVERS\sonypvd2.sys [2003-06-24 10:29]
    S3 ASIOMI;ASIOMI;C:\WINDOWS\system32\drivers\ASIOMI.sys [2004-01-30 11:39]
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2004-04-19 20:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2004-04-25 19:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2004-05-02 20:50:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2004-04-18 17:45:18 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    disk not found C:\

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    disk not found C:\

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-10 23:33:35
    ComboFix-quarantined-files.txt 2008-02-10 22:32:41
    ComboFix2.txt 2008-02-10 22:29:08
    ComboFix3.txt 2008-01-28 15:20:10
    .
    2008-01-14 02:01:00 --- E O F ---

    hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:31, on 2008-02-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\MSI\Common\RaUI.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\kl\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: 212.150.54.250 dv-networks.com
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: (no name) - {37629D47-C1DF-4B13-931B-DB7934336BFB} - C:\WINDOWS\system32\clusap.dll (file missing)
    O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsr37.dll (file missing)
    O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/KARINE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut annalana,

    Télécharge Zeb-Restore http://telechargement.zebulon.fr/zeb-restore.html enregistre ce fichier sur le bureau.

    -Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
    -Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
    - Coche la case devant : Réinitialiser Fichier Hosts
    - Ne coche aucune autre case
    -Clique sur Restaurer
    -Redémarre ton PC

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\drivers\rgyulkhy.dat
    C:\WINDOWS\Tasks\Symantec NetDetect.job

    Folder::
    C:\Program Files\Symantec

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37629D47-C1DF-4B13-931B-DB7934336BFB}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]

    Driver::
    fjnkikil

    FileLook::
    C:\WINDOWS\system32\BhoECart.dll

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  4. annalana Messages postés 8 Statut Membre
     
    voici les rapports aprés le redémarage

    combofix

    ComboFix 08-02.05.3 - kl2008-02-11 2:47:55.6 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.666 [GMT 1:00]
    Endroit: C:\Documents and Settings\kl\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\kl\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    FILE
    C:\WINDOWS\system32\drivers\rgyulkhy.dat
    C:\WINDOWS\Tasks\Symantec NetDetect.job
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Symantec
    C:\Program Files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
    C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE
    C:\Program Files\Symantec\LiveUpdate\LuAll.cnt
    C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
    C:\Program Files\Symantec\LiveUpdate\LUALL.HLP
    C:\Program Files\Symantec\LiveUpdate\LuComServer.EXE
    C:\Program Files\Symantec\LiveUpdate\LuComServerPS.DLL
    C:\Program Files\Symantec\LiveUpdate\ludirloc.dat
    C:\Program Files\Symantec\LiveUpdate\LUINFO.INF
    C:\Program Files\Symantec\LiveUpdate\LUInit.exe
    C:\Program Files\Symantec\LiveUpdate\LUInit.ini
    C:\Program Files\Symantec\LiveUpdate\LUINSDLL.DLL
    C:\Program Files\Symantec\LiveUpdate\LuResult.txt
    C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    C:\Program Files\Symantec\LiveUpdate\NetDetectController.DLL
    C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL
    C:\Program Files\Symantec\LiveUpdate\ProductRegComPS.DLL
    C:\Program Files\Symantec\LiveUpdate\S32LIVE1.DLL
    C:\Program Files\Symantec\LiveUpdate\S32LUCP1.CPL
    C:\Program Files\Symantec\LiveUpdate\S32LUIS1.DLL
    C:\Program Files\Symantec\LiveUpdate\S32LUWI1.DLL
    C:\Program Files\Symantec\LiveUpdate\SymantecRootInstaller.exe
    C:\WINDOWS\system32\drivers\rgyulkhy.dat . . . . Echec de suppression
    C:\WINDOWS\Tasks\Symantec NetDetect.job
    C:\WINDOWS\system32\drivers\rgyulkhy.dat . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_FJNKIKIL
    -------\fjnkikil

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-10 23:30 . 2004-08-20 00:09 400,896 --a------ C:\kmd.exe
    2008-01-29 00:45 . 2008-02-03 10:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-28 19:03 . 2008-01-28 19:03 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-28 19:03 . 2008-01-28 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-28 19:01 . 2008-01-28 19:01 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-28 18:56 . 2008-01-28 18:56 <REP> d-------- C:\Program Files\Yahoo!
    2008-01-28 18:56 . 2008-01-28 18:56 <REP> d-------- C:\Program Files\CCleaner
    2008-01-28 18:51 . 2008-01-28 18:51 <REP> d-------- C:\Program Files\Avira
    2008-01-28 18:51 . 2008-01-28 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-12 22:16 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-01-12 22:16 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-01-12 22:16 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-01-12 22:16 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-01-12 22:16 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-01-12 22:16 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-01-12 22:16 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-01-12 22:16 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-01-12 22:16 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-01-12 22:15 . 2008-01-12 22:16 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-12 22:11 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-27 19:00 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
    2008-01-27 10:37 --------- d-----w C:\Program Files\eMule
    2008-01-27 10:31 --------- d-----w C:\Program Files\Panda Security
    2008-01-27 10:29 --------- d-----w C:\Program Files\BitTorrent
    2007-12-22 11:18 --------- d-----w C:\Documents and Settings\kl\Application Data\Vso
    2007-08-04 07:34 47,360 ----a-w C:\Documents and Settings\kl\Application Data\pcouffin.sys
    2005-04-24 11:01 49,072 -c--a-w C:\Documents and Settings\kl\Application Data\GDIPFONTCACHEV1.DAT
    2005-01-03 18:56 61 -csh--w C:\WINDOWS\cnerolf.dat
    .
    [code]<pre>
    -c--a-w 414,311,881 2003-12-10 11:55:12 C:\Documents and Settings\kl\Mes documents\Nouveau dossier\Microsoft Office 2002 XP ( .exe
    </pre>/code

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- C:\WINDOWS\system32\BhoECart.dll ----

    Company: Orbiscom Ltd. All rights reserved.
    File Description: e-Carte Bleue
    File Version: 2, 2, 1, 3, 94
    Product Name: e-Carte Bleue
    Copyright: Copyright ¸ 1999-2002, Orbiscom Ltd.
    All rights reserved.
    Original file name: BhoECarteBleue.DLL

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37629D47-C1DF-4B13-931B-DB7934336BFB}]
    C:\WINDOWS\system32\clusap.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sonic RecordNow!"="" []
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "Update Service"="C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe" [2004-04-23 11:43 30208]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 23:03 68856]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 14:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
    "UpdateManager"="c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
    "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 09:33 299008]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-03-29 10:08 151597]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2003-10-26 22:53 57344]
    "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-12-04 12:34 406016]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-01-30 11:45 81920]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 19:44 65536]
    "eCarteBleue-BP"="C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" [2003-06-20 10:09 188416]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-03-29 10:08 77824]
    "NWEReboot"="" []
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-28 18:58 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 23:03 68856]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{478CAB9E-9E28-11D4-97FF-0050047D51FB}"= C:\WINDOWS\System32\EZUPBH~1.DLL [2004-04-23 11:44 49152]

    R0 fjnkikil;fjnkikil;C:\WINDOWS\system32\drivers\rgyulkhy.dat []
    R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
    R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 15:02]
    R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-04 18:39]
    R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2004-04-08 11:04]
    R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 10:44]
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 10:17]
    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 09:17]
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 02:23]
    S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [1999-09-23 12:02]
    S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
    S1 sonypvd2;sonypvd2;C:\WINDOWS\system32\DRIVERS\sonypvd2.sys [2003-06-24 10:29]
    S3 ASIOMI;ASIOMI;C:\WINDOWS\system32\drivers\ASIOMI.sys [2004-01-30 11:39]
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []

    *Newly Created Service* - FJNKIKIL
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2004-04-19 20:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2004-04-25 19:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2004-05-02 20:50:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    .
    **************************************************************************

    disk not found C:\

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    disk not found C:\

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\apps\ABoard\AOSD.exe
    C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\MSI\Common\RaUI.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-11 2:56:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-11 01:55:38
    ComboFix2.txt 2008-02-10 22:33:36
    ComboFix3.txt 2008-02-10 22:29:08
    ComboFix4.txt 2008-01-28 15:20:10
    .
    2008-01-14 02:01:00 --- E O F ---

    hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:02, on 2008-02-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\apps\ABoard\AOSD.exe
    C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\MSI\Common\RaUI.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\karine lopez\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: (no name) - {37629D47-C1DF-4B13-931B-DB7934336BFB} - C:\WINDOWS\system32\clusap.dll (file missing)
    O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/KARINE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    j´allais aller me coucher, mais voila que tu reviens ;-)

    le driver et le fichier C:\WINDOWS\system32\drivers\rgyulkhy.dat n´ont pas etre supprimé ;-(

    on va essayer comme ca

    Copie le texte ci-dessous :

    killall::

    File::
    C:\WINDOWS\system32\drivers\rgyulkhy.dat

    Driver::
    fjnkikil

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37629D47-C1DF-4B13-931B-DB7934336BFB}]

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt5 accompagné d'un rapport Hijackthis.

    bonne nuit

    @+
    0
  7. annalana Messages postés 8 Statut Membre
     
    bonjour,
    et encore merci pour ton aide si tardive
    je ne pense pas que le fichier soit supprimé

    rapport combofix

    ComboFix 08-02.05.3 - kl2008-02-11 6:36:44.7 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.716 [GMT 1:00]
    Endroit: C:\Documents and Settings\kl\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\kl\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    FILE
    C:\WINDOWS\system32\drivers\rgyulkhy.dat
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\rgyulkhy.dat . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_FJNKIKIL
    -------\fjnkikil

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-11 02:46 . 2004-08-20 00:09 400,896 --a------ C:\kmd.exe
    2008-01-29 00:45 . 2008-02-03 10:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-28 19:03 . 2008-01-28 19:03 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-28 19:03 . 2008-01-28 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-28 19:01 . 2008-01-28 19:01 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-28 18:56 . 2008-01-28 18:56 <REP> d-------- C:\Program Files\Yahoo!
    2008-01-28 18:56 . 2008-01-28 18:56 <REP> d-------- C:\Program Files\CCleaner
    2008-01-28 18:51 . 2008-01-28 18:51 <REP> d-------- C:\Program Files\Avira
    2008-01-28 18:51 . 2008-01-28 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-12 22:16 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-01-12 22:16 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-01-12 22:16 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-01-12 22:16 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-01-12 22:16 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-01-12 22:16 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-01-12 22:16 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-01-12 22:16 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-01-12 22:16 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-01-12 22:15 . 2008-01-12 22:16 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-12 22:11 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-27 19:00 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
    2008-01-27 10:37 --------- d-----w C:\Program Files\eMule
    2008-01-27 10:31 --------- d-----w C:\Program Files\Panda Security
    2008-01-27 10:29 --------- d-----w C:\Program Files\BitTorrent
    2007-12-22 11:18 --------- d-----w C:\Documents and Settings\kl\Application Data\Vso
    2007-08-04 07:34 47,360 ----a-w C:\Documents and Settings\kl\Application Data\pcouffin.sys
    2005-04-24 11:01 49,072 -c--a-w C:\Documents and Settings\kl\Application Data\GDIPFONTCACHEV1.DAT
    2005-01-03 18:56 61 -csh--w C:\WINDOWS\cnerolf.dat
    .
    [code]<pre>
    -c--a-w 414,311,881 2003-12-10 11:55:12 C:\Documents and Settings\kl\Mes documents\Nouveau dossier\Microsoft Office 2002 XP ( .exe
    </pre>/code

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37629D47-C1DF-4B13-931B-DB7934336BFB}]
    C:\WINDOWS\system32\clusap.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sonic RecordNow!"="" []
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "Update Service"="C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe" [2004-04-23 11:43 30208]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 23:03 68856]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 14:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
    "UpdateManager"="c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
    "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 09:33 299008]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-03-29 10:08 151597]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2003-10-26 22:53 57344]
    "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-12-04 12:34 406016]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-01-30 11:45 81920]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 19:44 65536]
    "eCarteBleue-BP"="C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" [2003-06-20 10:09 188416]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-03-29 10:08 77824]
    "NWEReboot"="" []
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-28 18:58 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 23:03 68856]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{478CAB9E-9E28-11D4-97FF-0050047D51FB}"= C:\WINDOWS\System32\EZUPBH~1.DLL [2004-04-23 11:44 49152]

    R0 fjnkikil;fjnkikil;C:\WINDOWS\system32\drivers\rgyulkhy.dat []
    R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
    R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 15:02]
    R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-04 18:39]
    R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2004-04-08 11:04]
    R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 10:44]
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 10:17]
    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 09:17]
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 02:23]
    S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [1999-09-23 12:02]
    S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
    S1 sonypvd2;sonypvd2;C:\WINDOWS\system32\DRIVERS\sonypvd2.sys [2003-06-24 10:29]
    S3 ASIOMI;ASIOMI;C:\WINDOWS\system32\drivers\ASIOMI.sys [2004-01-30 11:39]
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []

    *Newly Created Service* - FJNKIKIL
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2004-04-19 20:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2004-04-25 19:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2004-05-02 20:50:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    .
    **************************************************************************

    disk not found C:\

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    disk not found C:\

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\MSI\Common\RaUI.exe
    C:\apps\ABoard\AOSD.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-11 6:56:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-11 05:55:41
    ComboFix2.txt 2008-02-11 01:56:32
    ComboFix3.txt 2008-02-10 22:33:36
    ComboFix4.txt 2008-02-10 22:29:08
    ComboFix5.txt 2008-01-28 15:20:10
    .
    2008-01-14 02:01:00 --- E O F ---

    hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:08, on 2008-02-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\MSI\Common\RaUI.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\kl\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: (no name) - {37629D47-C1DF-4B13-931B-DB7934336BFB} - C:\WINDOWS\system32\clusap.dll (file missing)
    O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/KARINE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    Bonjour annalana,

    encore merci pour ton aide si tardive

    je t´en prie.

    je ne pense pas que le fichier soit supprimé

    oui tu as vu juste; il joue a la forte tete on dirait...

    on va sortir l´artillerie lourde :

    Icesword est un outil dangereux et ne doit pas être utilisé par quelqu'un d'autre. Ces consignes sont destinées au cas présent et à personne d'autre.

    Suis très exactement ceci :

    1/ Télécharge Icesword ici : https://www.majorgeeks.com/
    Extrais l'archive Icesword sur ton bureau, puis, dans ce dossier, double-clique sur icesword.exe

    Choisis la fonction "file" en bas à gauche. Par l'arboressence fournie, choisis ce fichier :

    Fais un clic droit dessus et choisis "delete".
    C:\WINDOWS\system32\drivers\rgyulkhy.dat

    À gauche, vers le haut maintenant, clique sur le bouton Registry (juste sous Functions) ;

    - Par l'arborescence fournie, retrouve cette clé :

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fjnkikil
    - Dans la fenêtre de gauche, fais un clic droit sur le petit dossier nommé fjnkikil et clique Delete

    Choisis le bouton "function" puis le bouton BHO. Fais un clic droit sur cette BHO et choisis delete :
    {37629D47-C1DF-4B13-931B-DB7934336BFB}

    refais un rapport a l´aide de hijack this et post le resultat ici .

    @+
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    Allo?
    Ton dernier message est vide?
    @+
    0
  10. annalana Messages postés 8 Statut Membre
     
    salut

    j'ai suivi tes intructions
    pas de probleme jusqu'à celle-ci

    Choisis le bouton "function" puis le bouton BHO. Fais un clic droit sur cette BHO et choisis delete :
    {37629D47-C1DF-4B13-931B-DB7934336BFB}


    mais la fonction delete ne s'affiche pas

    quand je clique droit sur BHO j'ai 4 choix : deux sur la taille des icones+ remove from outlook bar+ rename shortcut
    suis pas une bete en anglais mais à priori pas la même fonction que delete

    quand je double clique sur BHO plusieurs lignes s'affichent dont 37629D47-C1DF-4B13-931B-DB7934336BFB} mais quand je clique droit s'affiche la fonction refresh

    que dois je faire ?
    attends ta réponse avant tout clic!!

    annalana
    0
  11. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut,

    Ne t´occupe pas de la valeur bho alors.

    Le plus important en faite c´est ceci :

    Choisis la fonction "file" en bas à gauche. Par l'arboressence fournie, choisis ce fichier :

    Fais un clic droit dessus et choisis "delete".
    C:\WINDOWS\system32\drivers\rgyulkhy.dat

    À gauche, vers le haut maintenant, clique sur le bouton Registry (juste sous Functions) ;

    - Par l'arborescence fournie, retrouve cette clé :

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fjnkikil
    - Dans la fenêtre de gauche, fais un clic droit sur le petit dossier nommé fjnkikil et clique Delete

    @+
    0
  12. annalana Messages postés 8 Statut Membre
     
    ci-joint le rapport hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:53, on 2008-02-11
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\MSI\Common\RaUI.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\kl\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: (no name) - {37629D47-C1DF-4B13-931B-DB7934336BFB} - C:\WINDOWS\system32\clusap.dll (file missing)
    O2 - BHO: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Online_TV toolbar - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - C:\Program Files\Online_TV\tbOnl0.dll
    O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
    O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [eCarteBleue-BP] "C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" /dontopenmycards
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: MSI Wireless Utility.lnk = C:\Program Files\MSI\Common\RaUI.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\System32\SHDOCVW.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/KARINE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
    0
  13. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    peux tu reposter un rapport combofix stp
    0
  14. annalana Messages postés 8 Statut Membre
     
    voilà

    ComboFix 08-02.05.3 - karine lopez 2008-02-11 21:16:59.8 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.706 [GMT 1:00]
    Endroit: C:\Documents and Settings\kl\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-11 06:35 . 2004-08-20 00:09 400,896 --a------ C:\kmd.exe
    2008-01-29 00:45 . 2008-02-03 10:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-28 19:03 . 2008-01-28 19:03 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-28 19:03 . 2008-01-28 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-28 19:01 . 2008-01-28 19:01 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-28 18:56 . 2008-01-28 18:56 <REP> d-------- C:\Program Files\Yahoo!
    2008-01-28 18:56 . 2008-01-28 18:56 <REP> d-------- C:\Program Files\CCleaner
    2008-01-28 18:51 . 2008-01-28 18:51 <REP> d-------- C:\Program Files\Avira
    2008-01-28 18:51 . 2008-01-28 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-12 22:16 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-01-12 22:16 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-01-12 22:16 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-01-12 22:16 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-01-12 22:16 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-01-12 22:16 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-01-12 22:16 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-01-12 22:16 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-01-12 22:16 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-01-12 22:15 . 2008-01-12 22:16 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-12 22:11 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-27 19:00 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
    2008-01-27 10:37 --------- d-----w C:\Program Files\eMule
    2008-01-27 10:31 --------- d-----w C:\Program Files\Panda Security
    2008-01-27 10:29 --------- d-----w C:\Program Files\BitTorrent
    2008-01-27 10:24 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2007-12-22 11:18 --------- d-----w C:\Documents and Settings\karine lopez\Application Data\Vso
    2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2007-08-04 07:34 47,360 ----a-w C:\Documents and Settings\kl\Application Data\pcouffin.sys
    2005-04-24 11:01 49,072 -c--a-w C:\Documents and Settings\kl\Application Data\GDIPFONTCACHEV1.DAT
    2005-01-03 18:56 61 -csh--w C:\WINDOWS\cnerolf.dat
    .
    [code]<pre>
    -c--a-w 414,311,881 2003-12-10 11:55:12 C:\Documents and Settings\kl\Mes documents\Nouveau dossier\Microsoft Office 2002 XP ( .exe
    </pre>/code

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37629D47-C1DF-4B13-931B-DB7934336BFB}]
    C:\WINDOWS\system32\clusap.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sonic RecordNow!"="" []
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "Update Service"="C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe" [2004-04-23 11:43 30208]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 23:03 68856]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 14:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
    "UpdateManager"="c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
    "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 09:33 299008]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-03-29 10:08 151597]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2003-10-26 22:53 57344]
    "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-12-04 12:34 406016]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-01-30 11:45 81920]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 19:44 65536]
    "eCarteBleue-BP"="C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" [2003-06-20 10:09 188416]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-03-29 10:08 77824]
    "NWEReboot"="" []
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-28 18:58 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 23:03 68856]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Contr“leur de calendrier Ulead.lnk - C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2004-04-18 22:12:44 69632]
    MSI Wireless Utility.lnk - C:\Program Files\MSI\Common\RaUI.exe [2007-05-23 16:30:20 425984]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{478CAB9E-9E28-11D4-97FF-0050047D51FB}"= C:\WINDOWS\System32\EZUPBH~1.DLL [2004-04-23 11:44 49152]

    R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
    R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 15:02]
    R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-04 18:39]
    R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2004-04-08 11:04]
    R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 10:44]
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 10:17]
    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 09:17]
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 02:23]
    S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [1999-09-23 12:02]
    S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
    S1 sonypvd2;sonypvd2;C:\WINDOWS\system32\DRIVERS\sonypvd2.sys [2003-06-24 10:29]
    S3 ASIOMI;ASIOMI;C:\WINDOWS\system32\drivers\ASIOMI.sys [2004-01-30 11:39]
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []

    *Newly Created Service* - ISDRV120
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2004-04-19 20:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2004-04-25 19:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2004-05-02 20:50:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    .
    **************************************************************************

    disk not found C:\

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    disk not found C:\

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-11 21:21:11
    ComboFix-quarantined-files.txt 2008-02-11 20:20:19
    ComboFix2.txt 2008-02-11 05:56:35
    ComboFix3.txt 2008-02-11 01:56:32
    ComboFix4.txt 2008-02-10 22:33:36
    ComboFix5.txt 2008-02-10 22:29:08
    .
    2008-01-14 02:01:00 --- E O F ---
    0
  15. g!rly Messages postés 18462 Statut Contributeur 407
     
    Ok c´est bon ;-)

    a l´aide de hijack this coche et fix les lignes ci dessous :

    O2 - BHO: (no name) - {37629D47-C1DF-4B13-931B-DB7934336BFB} - C:\WINDOWS\system32\clusap.dll (file missing)
    O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    quittes tes applications et navigateur et fix les

    comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    instales un par feu :

    par feu : kerio

    http://www.malekal.com/kerio_firewall.php#mozTocId721480

    https://www.vulgarisation-informatique.com/kerio.php

    https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

    ou zone alarm plus facil a configurer mais moins performant

    https://www.malekal.com/tutoriel-zonealarm-firewall/

    ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

    et instale la derniere :

    https://get2.adobe.com/reader/otherversions/

    ou foxit plus léger :

    https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

    puis j´aimerais que tu performes un scan complet de ta machine avec antivir et que tu poste le resultat ici

    pour les reglages :

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    @+
    0
  16. annalana Messages postés 8 Statut Membre
     
    bonjour,

    ci-joint le rapport antivir je crois que c'est bon

    AntiVir PersonalEdition Classic
    Report file date: 2008-02-11 22:16

    Scanning for 1096761 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: KARINE

    Version information:
    BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 17:58:25
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 07:58:33
    ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 2008-02-08 07:58:33
    AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2008-02-03 09:34:21
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-01-28 17:58:25
    AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: F:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high

    Start of the scan: 2008-02-11 22:16

    Starting search for hidden objects.
    '62224' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'updsvc.exe' - '1' Module(s) have been scanned
    Scan process 'RaUI.exe' - '1' Module(s) have been scanned
    Scan process 'CalCheck.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
    Scan process 'zlclient.exe' - '0' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'ECB-BP.exe' - '1' Module(s) have been scanned
    Scan process 'Res.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'vcsplay.exe' - '1' Module(s) have been scanned
    Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
    Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
    Scan process 'vcssecs.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'slserv.exe' - '1' Module(s) have been scanned
    Scan process 'MDM.EXE' - '1' Module(s) have been scanned
    Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'vsmon.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'StyleXPService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    46 processes with 46 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!
    Master boot sector HD1
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    Master boot sector HD2
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'F:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '34' files ).

    Starting the file scan:

    Begin scan in 'C:\' <HDD>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'F:\' <BACKUP>

    End of the scan: 2008-02-12 00:08
    Used time: 1:52:13 min

    The scan has been done completely.

    7327 Scanning directories
    558186 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    558186 Files not concerned
    13047 Archives were scanned
    2 Warnings
    156 Notes
    62224 Objects were scanned with rootkit scan
    0 Hidden objects were found

    PAR CONTRE IL RESTE DEUX WARNINGS EST CE QUE C'EST GRAVE ?

    SINON J4AI INSTALLE ZONE ALARM MAIS IL ME DEMANDE UNE AUTORISATION A CHAQUE FOIS QUE JE CHERCHE A ME CONNECTER SUR UN SITE EST CE NORMAL?

    A+
    ANNALANA
    0
  17. g!rly Messages postés 18462 Statut Contributeur 407
     
    Bonjour annalana,

    Pour les deux warning ce n´est pas grave...

    C:\pagefile.sys celui ci represente la memoire virtuelle

    C:\hiberfil.sys est un fichier temporaire créé par Windows afin de stocker l'état de sa mémoire vive afin de se mettre en veille prolongée (hibernation).

    Pour zone alarm, oui c´est normal qu´il te demande une autorisation lors des connections. Il faut lui laisser un temps d´adaptation, réponds oui et "ne plus me demander", seulement pour les connections et applications pour lequels tu es sûr; comme ca avec le temps il te laissera tranquille.

    Par contre un helper est passé sur le topik hier et m´a conseillé de te faire enlever également ceci :

    oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys

    on va proceder comme ceci :

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\drivers\oreans32.sys

    Driver::
    oreans32

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt

    S'il n'y a pas de rédémarrage, poste quand même le rapport.

    @+
    0
  18. annalana Messages postés 8 Statut Membre
     
    bonsoir,

    le rapport combofix

    ComboFix 08-02.05.3 - kl 2008-02-12 20:08:41.9 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.672 [GMT 1:00]
    Endroit: C:\Documents and Settings\kl\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\kl\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    FILE
    C:\WINDOWS\system32\drivers\oreans32.sys
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\oreans32.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_OREANS32
    -------\oreans32

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-12 to 2008-02-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-11 22:02 . 2008-02-12 20:15 15,581,216 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-02-11 22:02 . 2008-02-12 20:13 183,596 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-02-11 21:58 . 2008-02-11 21:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-02-11 21:58 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
    2008-02-11 21:58 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2008-02-11 21:58 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2008-02-11 21:58 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2008-02-11 21:58 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2008-02-11 21:58 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2008-02-11 21:58 . 2008-02-11 22:00 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-02-11 21:57 . 2008-02-11 21:57 <REP> d-------- C:\Program Files\Zone Labs
    2008-02-11 21:56 . 2008-02-12 20:07 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-02-11 21:16 . 2004-08-20 00:09 400,896 --a------ C:\kmd.exe
    2008-01-29 00:45 . 2008-02-03 10:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-28 19:03 . 2008-01-28 19:03 <REP> d-------- C:\Program Files\Lavasoft
    2008-01-28 19:03 . 2008-01-28 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-28 19:01 . 2008-01-28 19:01 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-01-28 18:56 . 2008-01-28 18:56 <REP> d-------- C:\Program Files\Yahoo!
    2008-01-28 18:56 . 2008-01-28 18:56 <REP> d-------- C:\Program Files\CCleaner
    2008-01-28 18:51 . 2008-01-28 18:51 <REP> d-------- C:\Program Files\Avira
    2008-01-28 18:51 . 2008-01-28 18:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-12 22:16 . 2007-10-11 00:49 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-01-12 22:16 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-01-12 22:16 . 2007-07-01 04:36 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-01-12 22:16 . 2007-10-11 00:49 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-01-12 22:16 . 2007-10-11 00:49 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-01-12 22:16 . 2007-10-11 00:49 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-01-12 22:16 . 2007-10-11 00:49 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-01-12 22:16 . 2007-10-11 00:49 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-01-12 22:16 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-01-12 22:15 . 2008-01-12 22:16 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-12 22:11 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-27 19:00 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
    2008-01-27 10:37 --------- d-----w C:\Program Files\eMule
    2008-01-27 10:31 --------- d-----w C:\Program Files\Panda Security
    2008-01-27 10:29 --------- d-----w C:\Program Files\BitTorrent
    2007-12-22 11:18 --------- d-----w C:\Documents and Settings\kl\Application Data\Vso
    2007-08-04 07:34 47,360 ----a-w C:\Documents and Settings\kl\Application Data\pcouffin.sys
    2005-04-24 11:01 49,072 -c--a-w C:\Documents and Settings\kl\Application Data\GDIPFONTCACHEV1.DAT
    2005-01-03 18:56 61 -csh--w C:\WINDOWS\cnerolf.dat
    .
    [code]<pre>
    -c--a-w 414,311,881 2003-12-10 11:55:12 C:\Documents and Settings\kl\Mes documents\Nouveau dossier\Microsoft Office 2002 XP ( .exe
    </pre>/code

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sonic RecordNow!"="" []
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "Update Service"="C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe" [2004-04-23 11:43 30208]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 23:03 68856]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 14:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10 335872]
    "UpdateManager"="c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01 110592]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]
    "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 09:33 299008]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-03-29 10:08 151597]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2003-10-26 22:53 57344]
    "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-12-04 12:34 406016]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-01-30 11:45 81920]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 19:44 65536]
    "eCarteBleue-BP"="C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe" [2003-06-20 10:09 188416]
    "NWEReboot"="" []
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-28 18:58 249896]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-03-29 10:08 77824]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 23:03 68856]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{478CAB9E-9E28-11D4-97FF-0050047D51FB}"= C:\WINDOWS\System32\EZUPBH~1.DLL [2004-04-23 11:44 49152]

    R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
    R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 15:02]
    R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2004-04-08 11:04]
    R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 10:44]
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 15:07]
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 10:17]
    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-07-18 09:17]
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-07-18 02:23]
    S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [1999-09-23 12:02]
    S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 08:48]
    S1 sonypvd2;sonypvd2;C:\WINDOWS\system32\DRIVERS\sonypvd2.sys [2003-06-24 10:29]
    S3 ASIOMI;ASIOMI;C:\WINDOWS\system32\drivers\ASIOMI.sys [2004-01-30 11:39]
    S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys []

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2004-04-19 20:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2004-04-25 19:20:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    "2004-05-02 20:50:00 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    .
    **************************************************************************

    disk not found C:\

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    disk not found C:\

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\APPS\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\MSI\Common\RaUI.exe
    C:\apps\ABoard\AOSD.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-12 20:19:54 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-12 19:18:59
    ComboFix2.txt 2008-02-11 20:21:12
    ComboFix3.txt 2008-02-11 05:56:35
    ComboFix4.txt 2008-02-11 01:56:32
    ComboFix5.txt 2008-02-10 22:33:36
    .
    2008-01-14 02:01:00 --- E O F ---

    ****
    j'ai une fenetre windows qui s'affiche sytématiquement quand je démarre l'ordinateur et même parfois en plein millieu
    je pensais que c'était lié au virus mais elle apparait encore
    c'est une fenetre windows je t'en fais la description:

    windows - pas de disque

    une croix blanche dans rond rouge
    message: exception processing message c0000013 Parameters75afb9c 9 75afbf9c 75afbf9c

    et trois touche: annuler - recommencer - continuer

    en général je fais trois ou quatre fois annuler et ellle disparait
    sais tu ce que c'est et si oui peux t'on l'enlever?

    encore merci
    annalana
    0
  19. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    ok pour oreans32.sys

    pour le message d´erreure, apparament ici ils auraient resolut le probleme :

    http://forum.telecharger.01net.com/forum/high-tech/LOGICIELS/Windows-XP/message-windows-resolu-sujet_339289_1.htm

    dis moi quoid`

    @+
    0
  20. annalana
     
    bonsoir,

    pour le message d'erreur j'ai regardé le site que tu m'a donné et plusieurs autres forums parlant du problème
    à priori ils disaient que cela pouvait peut etre venir de quicktime or je viens de le désintaller et le message s'affiche toujours au rallumage
    ou le problème peut peut etre venir des lecteurs de carte mémoire qu'il faut désinstaller or des lecteurs je m'en sert assez souvent donc je ne pense pas que je vais les desinstaller je vais garder le message tanpis d'autant qu'a priori il parait que cela ne porte pas atteinte au sytème
    sinon encore merci pour la suppression du trojan et pour tes conseils
    juste une dernière question qu'est ce que je fait de tout ce j'ai installé pour la désinfection

    a+
    annalana
    0
  • 1
  • 2