[Résolu] Ordinateur de plus en plus bloqué

[angelique]

perfect!!! ça me parrait ok , ça mérite un raisin ;o), le gros vilain n'apparrait plus , par contre tous tes ghost[tu as norton Ghost] de cette partoche , faudra les virer et en refaire une propre.

 

• desinstalle ComboFix en copiant\collant la ligne ci dessous dans executer et valide la:

 

ComboFix /u

 

• met à jour la console javasun via panneau de configuration , clic sur la tasse de thé java , met à jour

 

Avec le rapport antivir , tu ferras:

 

• telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

• Télécharge ewido anti-spyware micro scanner sur ton bureau.

http://downloads.ewido.net/ewido_micro.exe

 

* Double-clique sur le fichier ewido_micro.exe pour l'exécuter.

* Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.

* Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.

* Clique sur Start Scan et laisse l'outil travailler.

* Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.

* Poste le dans ta prochaine réponse.

 

Nb, clique sur Remove infections

 

 

• * Fais un scan en ligne Kaspersky avec IE

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Clique sur Accept

* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.

* clique une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patiente un moment

* Clique sur Next.

* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

tuto et poste le rapport avec celui d'antivir+ ewido : http://www.malekal.com/scan_Av_en_ligne.php#mozTocId291566

 

=========== c'est de la broutille tout ça , vu ce que tu as deja parfaitement fait ===== ça prendra qlqs heures !!!!mais c'est essentielle pour finir de virer les dernieres petites merdasses qui trainaillent

[Cartier83]

Ok, c'est super !!! je te dis bonne soirée parce que j'ai l'impression que ça va mouliner pendant un moment. Je posterai les rapports dès que possible

[angelique]

Ok!! tu posteras les rapports quand tu les auras fait .Mais traine pas trop si tu te serts frequemment de ce PC

 

Bonne soirée ;o)

[Cartier83]

Bonjour ! bon, fin des fêtes de Pâques, on va pouvoir reprendre le boulot...

 

Mais traine pas trop si tu te serts frequemment de ce PC

Pas d'inquiétudes. Depuis le début des problèmes et jusqu'à nouvel ordre, cet ordi est déclaré INDISPONIBLE pour tout le monde. C'est l'ordi commun de la maison et j'ai compris la leçon, je vais "resserrer les boulons" ! J'ai lu pas mal de trucs sur le site de Malekal qui sont très édifiants

 

Mon deuxième disque physique n'est toujours pas rebranché.

 

J'ai fait 2 scan avec Antivir. Le premier en mode sans échec et le second en mode normal. Les rapports sont ci-dessous.

 

A chaque démarrage de l'ordi, après avoir cliqué sur l'utilisateur, j'a le message suivant :

 

RUNDLL:

X : Erreur de chargement de C:\WINDOWS\SYSTEM32\fqbgbiton.nls

Le module spécifié est introuvable.

 

En ce moment je fais un scan avec ewido...

 

 

 

AntiVir PersonalEdition Classic

Report file date: dimanche 23 mars 2008 20:14

 

Scanning for 1163542 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Ed

Computer name: AMATEUR

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:02:05

ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 19:02:05

ANTIVIR3.VDF : 7.0.3.65 36864 Bytes 23/03/2008 19:02:05

AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 23/03/2008 19:02:05

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 23/03/2008 19:02:05

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Local Hard Disks

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: dimanche 23 mars 2008 20:14

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

15 processes with 15 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[NOTE] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '20' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Administrateur\Bureau\SDFix\backups\backups.zip

[0] Archive type: ZIP

--> backups/cftmon.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.22528

[iNFO] The file was moved to '4849ac74.qua'!

C:\Documents and Settings\Administrateur.AMATEUR\Bureau\SDFix\backups_old\backups.zip

[0] Archive type: ZIP

--> backups/cftmon.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.22528

[iNFO] The file was moved to '4849ac8e.qua'!

C:\Documents and Settings\All Users\Bureau\SDFix\backups\backups.zip

[0] Archive type: ZIP

--> backups/cftmon.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.22528

[iNFO] The file was moved to '4849ac97.qua'!

C:\Documents and Settings\All Users.WINDOWS\Bureau\SDFix\backups_old\backups.zip

[0] Archive type: ZIP

--> backups/cftmon.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.22528

[iNFO] The file was moved to '4849acc1.qua'!

C:\Documents and Settings\Ed\Bureau\SmitfraudFix.exe

[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.66

[iNFO] The file was moved to '484fad09.qua'!

C:\Documents and Settings\Ed\Bureau\SDFix\backups_old\backups.zip

[0] Archive type: ZIP

--> backups/cftmon.exe

[DETECTION] Is the Trojan horse TR/Drop.Agent.22528

[iNFO] The file was moved to '4849ad39.qua'!

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\aiqcodo.drv.vir

[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1

[iNFO] The file was moved to '4857c7eb.qua'!

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\cegegsiagl.drv.vir

[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1

[iNFO] The file was moved to '484dc7e8.qua'!

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ojclpcsdlqi.sys.vir

[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1

[iNFO] The file was moved to '4849c7ed.qua'!

C:\WINDOWS\SYSTEM32\BluetoothAuthorizationAgent.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '485bce0c.qua'!

C:\WINDOWS\SYSTEM32\fqhgbiton.nls

[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

C:\WINDOWS\TEMP\cegegsiagl.drv

[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1

[iNFO] The file was moved to '484ddb1f.qua'!

 

 

End of the scan: dimanche 23 mars 2008 23:36

Used time: 3:22:12 min

 

The scan has been done completely.

 

13949 Scanning directories

406546 Files were scanned

12 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

11 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

406534 Files not concerned

5981 Archives were scanned

9 Warnings

0 Notes

 

 

 

 

AntiVir PersonalEdition Classic

Report file date: lundi 24 mars 2008 19:16

 

Scanning for 1163542 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: AMATEUR

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:02:05

ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 19:02:05

ANTIVIR3.VDF : 7.0.3.65 36864 Bytes 23/03/2008 19:02:05

AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 23/03/2008 19:02:05

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 23/03/2008 19:02:05

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: lundi 24 mars 2008 19:16

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'avgas.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'EBRR.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SAgentNT.exe' - '1' Module(s) have been scanned

Scan process 'NOPDB.exe' - '1' Module(s) have been scanned

Scan process 'NPROTECT.EXE' - '1' Module(s) have been scanned

Scan process 'GhostStartService.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '0' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

29 processes with 29 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[NOTE] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '16' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\System Volume Information\_restore{2C1B21AA-4B0E-4F49-B842-5BA1CD3171C2}\RP5\A0003803.dll

[DETECTION] Is the Trojan horse TR/Drop.Small.bgx

[iNFO] The file was moved to '48180050.qua'!

C:\System Volume Information\_restore{2C1B21AA-4B0E-4F49-B842-5BA1CD3171C2}\RP5\A0003807.exe

[DETECTION] Is the Trojan horse TR/Shell.Eviell

[iNFO] The file was moved to '49655c89.qua'!

C:\System Volume Information\_restore{2C1B21AA-4B0E-4F49-B842-5BA1CD3171C2}\RP5\A0003809.EXE

[DETECTION] Contains detection pattern of the dropper DR/NavExcel.D.10

[iNFO] The file was moved to '48180051.qua'!

C:\System Volume Information\_restore{2C1B21AA-4B0E-4F49-B842-5BA1CD3171C2}\RP5\A0003810.DRV

[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1

[iNFO] The file was moved to '49655c8a.qua'!

C:\System Volume Information\_restore{2C1B21AA-4B0E-4F49-B842-5BA1CD3171C2}\RP5\A0003811.sys

[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1

[iNFO] The file was moved to '48180052.qua'!

C:\System Volume Information\_restore{2C1B21AA-4B0E-4F49-B842-5BA1CD3171C2}\RP5\A0003812.DLL

[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1

[iNFO] The file was moved to '49655c8b.qua'!

C:\System Volume Information\_restore{2C1B21AA-4B0E-4F49-B842-5BA1CD3171C2}\RP6\A0003828.sys

[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1

[iNFO] The file was moved to '48180053.qua'!

C:\System Volume Information\_restore{2C1B21AA-4B0E-4F49-B842-5BA1CD3171C2}\RP7\A0003953.drv

[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1

[iNFO] The file was moved to '48180059.qua'!

C:\System Volume Information\_restore{2C1B21AA-4B0E-4F49-B842-5BA1CD3171C2}\RP7\A0003954.drv

[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1

[iNFO] The file was moved to '4818005a.qua'!

C:\System Volume Information\_restore{2C1B21AA-4B0E-4F49-B842-5BA1CD3171C2}\RP8\A0004089.exe

[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.66

[iNFO] The file was moved to '48180062.qua'!

C:\System Volume Information\_restore{2C1B21AA-4B0E-4F49-B842-5BA1CD3171C2}\RP8\A0004090.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[iNFO] The file was moved to '49655cbb.qua'!

 

 

End of the scan: lundi 24 mars 2008 20:49

Used time: 1:33:02 min

 

The scan has been done completely.

 

14233 Scanning directories

436303 Files were scanned

11 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

11 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

436292 Files not concerned

5974 Archives were scanned

8 Warnings

0 Notes

[angelique]

A chaque démarrage de l'ordi, après avoir cliqué sur l'utilisateur, j'a le message suivant :

 

RUNDLL:

X : Erreur de chargement de C:\WINDOWS\SYSTEM32\fqbgbiton.nls

Le module spécifié est introuvable.

 

C:\WINDOWS\SYSTEM32\fqhgbiton.nls

[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1

[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003

[WARNING] The file could not be deleted!

 

ok!! dans le second scan antivir la detection de :

C:\WINDOWS\SYSTEM32\fqhgbiton.nls

[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1

 

n'apparrait plus , mais juste des points de restaurations systeme infectés qui sont facilement supprimables en desactivant \reactivant la restauration systeme de cette maniere:

http://service1.symantec.com/SUPPORT/INTER...020830101856924

 

• peux tu me mettre un nouveau rapport HijackThis pendant ton scan ewido là stp!!

[Cartier83]

Voilà le rapport HiJackThis :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:47:54, on 25/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe

C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\ESM2\SAgentNT.exe

C:\WINDOWS\System32\svchost.exe

C:\ESM2\EBRR.EXE

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Ed\Bureau\ewido_micro.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)

O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1186846561046

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\ESM2\SAgentNT.exe

 

--

End of file - 6123 bytes

[angelique]

ok !! le rapport HJT est pourtant propre

 

j'essaie de piger , c'est mieux d'avoir une erreur de chargement de se module , plutot qu'il se charge ; on va essayer de resoudre ce soucis!!!!

 

• C:\WINDOWS\SYSTEM32\fqhgbiton.nls se retrouve dans un ancien rapport Gmer:

 

Reg HKLM\SOFTWARE\Classes\CLSID\{2926C2DD-8E0B-4CB1-BD1C-B9C914FF9C1B}\Storage\3

Reg HKLM\SOFTWARE\Classes\CLSID\{2926C2DD-8E0B-4CB1-BD1C-B9C914FF9C1B}\Storage\3@file_name fqhgbiton

Reg HKLM\SOFTWARE\Classes\CLSID\{2926C2DD-8E0B-4CB1-BD1C-B9C914FF9C1B}\Storage\3@file_expand nls

 

• Ouvre le poste de travail

Clic sur le menu outils en haut à droite puis options des dossiers

Dans la nouvelle fenêtre, clic sur l'onglet Affichage en haut

Coche dans la liste "Afficher les fichiers cachés"

Décoche "masquer les fichier proteger du systeme d exploitation (recommandée)"

Tu vas recevoir un message qui te dit que cela peut endommager le système, n'en tiens pas compte.

 

peux tu verifier si ce fichier en gras est present: C:\WINDOWS\SYSTEM32\fqhgbiton.nls

[Cartier83]

C:\WINDOWS\SYSTEM32\fqhgbiton.nls n'a pas l'air d'être sur le disque. J'ai lancé une recherche incluant les fichiers cachés et système et j'ai également regardé avec l'explorateur dans le répertoire C:\WINDOWS\SYSTEM32\

 

Les options des dossiers étaient déjà "ouvertes". Je l'avais fait à la demande d'un post précédent, mais c'est vrai que parfois ça se modifie.

 

Tu disais tout à l'heure que peut être l'erreur venait des points de restauration système. faudrait sans doute vérifier lors d'un re-démarrage...

Modifié le 25 mars 2008 par Cartier83

[angelique]

ok

 

toujours pendant ton scan ewido :

 

• telecharge Regsearch de Bobbi Flekman à cette adresse --> http://download.bleepingcomputer.com/steelwerx/regsearch.zip

 

 

dezippe le fichier sur ton bureau , lance regsearch , et dans le cadre du haut copie fqhgbiton et clic ok, un fichier texte apparaitra à la fin de la recherche, poste le contenu stp ;o)

[Cartier83]

Voilà le rapport de RegSearch sur fqhgbiton :

 

 

 

 

Windows Registry Editor Version 5.00

 

; Registry Search 2.0 by Bobbi Flekman © 2005

; Version: 2.0.5.0

 

; Results at 25/03/2008 12:22:46 for strings:

; 'fqhgbiton'

; Strings excluded from search:

; (None)

; Search in:

; Registry Keys Registry Values Registry Data

; HKEY_LOCAL_MACHINE HKEY_USERS

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"taskman"="rundll32.exe \"C:\\WINDOWS\\system32\\fqhgbiton.nls\" WLEntryPoint"

 

[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]

"000"="fqhgbiton.nls "

 

; End Of The Log...