[ok] problème de virus ou de trojan indéterminé

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede toutatafr » 08 Oct 2010, 18:02

Bonsoir,

J'ai suivi la procédure mais...
- lors de l'arret du à OTL le pc à mis 1h00 à s'arrêter (ça il le fait toujours depuis que j'ai récupéré ce virus/trojan)
- lors du redémarrage j'ai eu l'erreur suivante:

Image

Depuis je ne peux plus démarrer OTL car j'ai systématiquement l'erreur suivante (et il a fallu que je relance explorer.exe manuellement) :

Image

Je suppose qu'il y a plusieurs choses à supprimer (base de registre et/ou log?) pour qu'OTL puisse se relancer normalement?
Je poste ci dessous les log que j'ai pu générer
Merci de votre aide
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede toutatafr » 08 Oct 2010, 18:17

rapport de rkill

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as jMy_Name on 08/10/2010 at 13:39:30.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\jMy_Name\Bureau\rkill.scr


Rkill completed on 08/10/2010 at 13:39:39.
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede toutatafr » 08 Oct 2010, 18:18

rapport de Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4776

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

08/10/2010 13:50:32
mbam-log-2010-10-08 (13-50-32).txt

Scan type: Quick scan
Objects scanned: 180162
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede toutatafr » 08 Oct 2010, 18:20

Premier rapport OTL

All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
Service ilbobbbe stopped successfully!
Service ilbobbbe deleted successfully!
File C:\WINDOWS\System32\dlo58.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7726D850-5F6E-4704-AD82-6C6F57245516}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7726D850-5F6E-4704-AD82-6C6F57245516}\ .
File C:\WINDOWS\System32\dlo58.dll not found.
ilbobbbe removed from NetSvcs value successfully!
File C:\WINDOWS\System32\dlo58.dll not found.
========== FILES ==========
File move failed. C:\WINDOWS\System32\dlo58.dll scheduled to be moved on reboot.
File\Folder c:\windows\system32\dlo58.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrateur.TN400
->Temp folder emptied: 76461376 bytes
->Temporary Internet Files folder emptied: 3833148 bytes
->FireFox cache emptied: 46087791 bytes
->Flash cache emptied: 843 bytes

User: Administrator
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 112094 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: jMyName
->Temp folder emptied: 391850 bytes
->Temporary Internet Files folder emptied: 41364 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42299447 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 853 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 814490 bytes
->Java cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 19285990 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 469 bytes

User: tpojMyName
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48699186 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 641 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3871232 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 231,00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10082010_140233
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede toutatafr » 08 Oct 2010, 18:21

Deuxième rapport OTL

All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
Error: No service named ilbobbbe was found to stop!
Service\Driver key ilbobbbe not found.
File C:\WINDOWS\System32\dlo58.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7726D850-5F6E-4704-AD82-6C6F57245516}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7726D850-5F6E-4704-AD82-6C6F57245516}\ .
File C:\WINDOWS\System32\dlo58.dll not found.
ilbobbbe removed from NetSvcs value successfully!
File C:\WINDOWS\System32\dlo58.dll not found.
========== FILES ==========
File move failed. C:\WINDOWS\System32\dlo58.dll scheduled to be moved on reboot.
File\Folder c:\windows\system32\dlo58.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrateur.TN400
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: jMyName
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4830113 bytes
->Java cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 278232 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: tpojMyName
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5,00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10082010_160001
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede nickW » 09 Oct 2010, 00:17

Bonsoir,

Peux-tu faire une analyse avec un autre outil:


Étape 1: DDS (de sUBs)
Télécharger DDS depuis l'un des liens ci-dessous:
http://www.techsupportforum.com/sectools/sUBs/dds/
http://download.bleepingcomputer.com/sUBs/dds.scr
http://download.bleepingcomputer.com/sUBs/dds.com
http://www.forospyware.com/sUBs/dds
Enregistrer le fichier sur le Bureau.

Faire un double clic sur l'icône de DDS pour le lancer.
S'il y a un avertissement de sécurité "Fichier ouvert", cliquer sur exécuter.

Une fenêtre à fond noir "D.D.S." va s'ouvrir, aucune action n'est nécessaire, l'analyse est en cours.

Lorsque l'outil a terminé, deux fenêtres du Bloc-notes vont s'ouvrir.

Enregistrer sur le Bureau les deux fichiers ouverts dans ces fenêtres du Bloc-notes sous les noms DDS-101008.txt et Attach-101008.txt


Étape 2: Résultats
Envoyer en réponse dans deux messages distincts (à cause de la longueur des fichiers):
*- les deux rapports de DDS (contenu des fichiers DDS-101008.txt et Attach-101008.txt situés sur le Bureau).


Note importante: Pour l'envoi de ces deux derniers rapports, il ne faut pas créer de nouveaux sujets, mais cliquer sur le bouton "Répondre"
Image pour continuer dans le même fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede toutatafr » 11 Oct 2010, 08:20

Bonjour,

voici le rapport DDS.txt
Je poste dans le message suivant le rapport Attach.txt

Merci de votre aide


DDS (Ver_09-09-29.01) - NTFSx86
Run by jMyName at 9:13:08,52 on 11/10/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.994.260 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Esker\Common\ESLCBcst.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\LANDesk\LDClient\amtmon.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\USBDLM\USBDLM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jMyName\Bureau\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://intranet
uDefault_Page_URL = hxxp://intranet
mDefault_Page_URL = hxxp://intranet
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: : {7726d850-5f6e-4704-ad82-6c6f57245516} - c:\windows\system32\dlo58.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
mRun: [MplSetUp] c:\program files\rds\rmclient\MplSetUp.exe
mRun: [JobHisInit] c:\program files\rds\rmclient\JobHisInit.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [OTL] "c:\documents and settings\jMyName\bureau\OTL.exe"
StartupFolder: c:\docume~1\jguill~1\menudm~1\progra~1\dmarra~1\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\jguill~1\menudm~1\progra~1\dmarra~1\firefox.lnk - c:\program files\mozilla firefox\firefox.exe
StartupFolder: c:\docume~1\jguill~1\menudm~1\progra~1\dmarra~1\outlook.lnk - c:\program files\microsoft office\office12\OUTLOOK.EXE
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
AppInit_DLLs: c:\windows\system32\APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = SbHpNp scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jguill~1\applic~1\mozilla\firefox\profiles\cc12w2xh.default\
FF - prefs.js: browser.startup.homepage - hxxps://172.18.2.8:4100//|chrome&#058;/ ... tdial.html
FF - component: c:\documents and settings\jMyName\application data\mozilla\firefox\profiles\cc12w2xh.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\winnt-32\MinimizeToTrayPlus.dll
FF - plugin: c:\documents and settings\jMyName\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npiexec.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-6-13 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-6-14 13184]
R0 zvukxfus;zvukxfus;c:\windows\system32\drivers\zvukxfus.sys [2001-8-18 23424]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-21 11608]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2005-11-21 11008]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-4-18 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-6-13 5808]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-21 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-21 267432]
R2 ASBroker;Courtier de session de connexion;c:\windows\system32\svchost.exe -k Cognizance [2004-8-20 14336]
R2 ASChannel;Canal de communication local;c:\windows\system32\svchost.exe -k Cognizance [2004-8-20 14336]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-19 60936]
R2 CBA8;LANDesk(R) Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2007-11-29 155648]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-7-9 221184]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2008-7-29 118784]
R2 LANDesk(R) Out-of-Band Monitor Service;LANDesk(R) Out-of-Band Monitor Service;c:\program files\landesk\ldclient\amtmon.exe [2008-7-29 983040]
R2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2008-7-29 331776]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-7-29 2521880]
R2 USBDLM;USBDLM;c:\program files\usbdlm\USBDLM.exe [2007-10-19 134656]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-30 41216]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2008-7-29 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2008-7-29 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2008-7-29 3712]
S3 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2006-2-24 106496]

============== File Associations ===============

txtfile="c:\program files\pspad editor\PSPad.exe" "%1"

=============== Created Last 30 ================

2010-10-08 13:40 405 a------- C:\rkill.log.bak
2010-10-06 14:33 <DIR> --d----- c:\program files\OTL
2010-10-06 11:18 <DIR> --d----- C:\_OTL_old
2010-09-28 16:37 <DIR> --d----- C:\test
2010-09-27 10:50 <DIR> --d----- c:\windows\system32\NtmsData
2010-09-27 09:47 <DIR> --d----- c:\docume~1\jguill~1\applic~1\Avira
2010-09-21 09:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2010-09-20 18:41 7 a------- c:\windows\system32\dlo58.dll
2010-09-20 15:42 680,350 a------- c:\windows\system32\drivers\Cat.DB
2010-09-20 15:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2010-09-16 11:29 <DIR> --d----- c:\documents and settings\jMyName\SunONE
2010-09-15 10:57 38 a------- C:\files.txt.bak
2010-09-15 09:27 58,880 -------- c:\windows\system32\dllcache\spoolsv.exe
2010-09-15 09:27 293,888 -------- c:\windows\system32\dllcache\winsrv.dll
2010-09-15 09:27 406,016 -------- c:\windows\system32\dllcache\usp10.dll
2010-09-14 16:42 <DIR> a-dshr-- C:\cmdcons
2010-09-14 13:55 <DIR> --d----- c:\docume~1\jguill~1\applic~1\Malwarebytes
2010-09-14 10:15 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2010-09-14 10:15 <DIR> --d----- c:\program files\Terminaux de Normandie
2010-09-14 10:12 202 a------- c:\windows\wininit.ini

==================== Find3M ====================

2010-10-04 09:15 513,498 a------- c:\windows\system32\perfh00C.dat
2010-10-04 09:15 85,644 a------- c:\windows\system32\perfc00C.dat
2010-08-17 15:17 58,880 a------- c:\windows\system32\spoolsv.exe
2010-07-27 08:30 8,518,656 -------- c:\windows\system32\dllcache\shell32.dll
2010-07-22 17:48 590,848 a------- c:\windows\system32\rpcrt4.dll
2010-07-22 17:48 590,848 -------- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 11:49 5,632 a------- c:\windows\system32\xpsp4res.dll
2006-05-03 12:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 13:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 15:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 9:14:51,38 ===============
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede toutatafr » 11 Oct 2010, 08:20

Bonjour,

voici le rapport DDS.txt
Je poste dans le message suivant le rapport Attach.txt

Merci de votre aide


DDS (Ver_09-09-29.01) - NTFSx86
Run by jMyName at 9:13:08,52 on 11/10/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.994.260 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Esker\Common\ESLCBcst.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\LANDesk\LDClient\amtmon.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\USBDLM\USBDLM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jMyName\Bureau\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://intranet
uDefault_Page_URL = hxxp://intranet
mDefault_Page_URL = hxxp://intranet
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: : {7726d850-5f6e-4704-ad82-6c6f57245516} - c:\windows\system32\dlo58.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
mRun: [MplSetUp] c:\program files\rds\rmclient\MplSetUp.exe
mRun: [JobHisInit] c:\program files\rds\rmclient\JobHisInit.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [OTL] "c:\documents and settings\jMyName\bureau\OTL.exe"
StartupFolder: c:\docume~1\jguill~1\menudm~1\progra~1\dmarra~1\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\jguill~1\menudm~1\progra~1\dmarra~1\firefox.lnk - c:\program files\mozilla firefox\firefox.exe
StartupFolder: c:\docume~1\jguill~1\menudm~1\progra~1\dmarra~1\outlook.lnk - c:\program files\microsoft office\office12\OUTLOOK.EXE
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=67633
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
AppInit_DLLs: c:\windows\system32\APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = SbHpNp scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jguill~1\applic~1\mozilla\firefox\profiles\cc12w2xh.default\
FF - prefs.js: browser.startup.homepage - hxxps://172.18.2.8:4100//|chrome&#058;/ ... tdial.html
FF - component: c:\documents and settings\jMyName\application data\mozilla\firefox\profiles\cc12w2xh.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\winnt-32\MinimizeToTrayPlus.dll
FF - plugin: c:\documents and settings\jMyName\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npiexec.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-6-13 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-6-14 13184]
R0 zvukxfus;zvukxfus;c:\windows\system32\drivers\zvukxfus.sys [2001-8-18 23424]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-21 11608]
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2005-11-21 11008]
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-4-18 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-6-13 5808]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-21 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-21 267432]
R2 ASBroker;Courtier de session de connexion;c:\windows\system32\svchost.exe -k Cognizance [2004-8-20 14336]
R2 ASChannel;Canal de communication local;c:\windows\system32\svchost.exe -k Cognizance [2004-8-20 14336]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-19 60936]
R2 CBA8;LANDesk(R) Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2007-11-29 155648]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-7-9 221184]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2008-7-29 118784]
R2 LANDesk(R) Out-of-Band Monitor Service;LANDesk(R) Out-of-Band Monitor Service;c:\program files\landesk\ldclient\amtmon.exe [2008-7-29 983040]
R2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2008-7-29 331776]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-7-29 2521880]
R2 USBDLM;USBDLM;c:\program files\usbdlm\USBDLM.exe [2007-10-19 134656]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-30 41216]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2008-7-29 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2008-7-29 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2008-7-29 3712]
S3 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2006-2-24 106496]

============== File Associations ===============

txtfile="c:\program files\pspad editor\PSPad.exe" "%1"

=============== Created Last 30 ================

2010-10-08 13:40 405 a------- C:\rkill.log.bak
2010-10-06 14:33 <DIR> --d----- c:\program files\OTL
2010-10-06 11:18 <DIR> --d----- C:\_OTL_old
2010-09-28 16:37 <DIR> --d----- C:\test
2010-09-27 10:50 <DIR> --d----- c:\windows\system32\NtmsData
2010-09-27 09:47 <DIR> --d----- c:\docume~1\jguill~1\applic~1\Avira
2010-09-21 09:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2010-09-20 18:41 7 a------- c:\windows\system32\dlo58.dll
2010-09-20 15:42 680,350 a------- c:\windows\system32\drivers\Cat.DB
2010-09-20 15:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2010-09-16 11:29 <DIR> --d----- c:\documents and settings\jMyName\SunONE
2010-09-15 10:57 38 a------- C:\files.txt.bak
2010-09-15 09:27 58,880 -------- c:\windows\system32\dllcache\spoolsv.exe
2010-09-15 09:27 293,888 -------- c:\windows\system32\dllcache\winsrv.dll
2010-09-15 09:27 406,016 -------- c:\windows\system32\dllcache\usp10.dll
2010-09-14 16:42 <DIR> a-dshr-- C:\cmdcons
2010-09-14 13:55 <DIR> --d----- c:\docume~1\jguill~1\applic~1\Malwarebytes
2010-09-14 10:15 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2010-09-14 10:15 <DIR> --d----- c:\program files\Terminaux de Normandie
2010-09-14 10:12 202 a------- c:\windows\wininit.ini

==================== Find3M ====================

2010-10-04 09:15 513,498 a------- c:\windows\system32\perfh00C.dat
2010-10-04 09:15 85,644 a------- c:\windows\system32\perfc00C.dat
2010-08-17 15:17 58,880 a------- c:\windows\system32\spoolsv.exe
2010-07-27 08:30 8,518,656 -------- c:\windows\system32\dllcache\shell32.dll
2010-07-22 17:48 590,848 a------- c:\windows\system32\rpcrt4.dll
2010-07-22 17:48 590,848 -------- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 11:49 5,632 a------- c:\windows\system32\xpsp4res.dll
2006-05-03 12:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 13:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 15:30 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 9:14:51,38 ===============
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede toutatafr » 11 Oct 2010, 08:21

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume1
Install Date: 29/07/2008 19:11:31
System Uptime: 10/08/2010 17:06:12 (1480 hours ago)

Motherboard: Hewlett-Packard | | 0AA4h
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | XU1 PROCESSOR | 2327/1333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 22 GiB total, 4,593 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 29 GiB total, 26,334 GiB free.
F: is FIXED (NTFS) - 29 GiB total, 28,94 GiB free.
G: is FIXED (NTFS) - 29 GiB total, 28,71 GiB free.
H: is FIXED (NTFS) - 39 GiB total, 37,42 GiB free.
U: is NetworkDisk (NTFS) - 24 GiB total, 3,474 GiB free.
V: is NetworkDisk (NTFS) - 97 GiB total, 32,761 GiB free.
W: is NetworkDisk (NTFS) - 21 GiB total, 18,549 GiB free.
X: is NetworkDisk (NTFS) - 931 GiB total, 655,509 GiB free.
Y: is NetworkDisk (NTFS) - 54 GiB total, 41,261 GiB free.
Z: is NetworkDisk (NTFS) - 20 GiB total, 19,088 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Souris compatible PS/2
Device ID: ACPI\PNP0F13\4&16E8443F&0
Manufacturer: Microsoft
Name: Souris compatible PS/2
PNP Device ID: ACPI\PNP0F13\4&16E8443F&0
Service: i8042prt

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Clavier standard 101/102 touches ou clavier Microsoft Natural Keyboard PS/2
Device ID: ACPI\PNP0303\4&16E8443F&0
Manufacturer: (Claviers standard)
Name: Clavier standard 101/102 touches ou clavier Microsoft Natural Keyboard PS/2
PNP Device ID: ACPI\PNP0303\4&16E8443F&0
Service: i8042prt

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 7610 Supernova
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 7610 Supernova
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP1: 20/09/2010 18:27:35 - Point de vérification système
RP2: 21/09/2010 09:11:28 - Avira AntiVir Personal - 21/09/2010 09:10
RP3: 21/09/2010 15:27:58 - Installed Windows XP KB915800-v4.
RP4: 21/09/2010 15:28:17 - Le Windows Search 4.0 pour Windows XP a été installé.
RP5: 22/09/2010 18:10:15 - Point de vérification système
RP6: 23/09/2010 18:53:56 - Point de vérification système
RP7: 27/09/2010 09:33:09 - Removed grepWin
RP8: 27/09/2010 09:34:16 - Supprimé Bonjour
RP9: 28/09/2010 11:36:40 - Point de vérification système
RP10: 29/09/2010 13:06:01 - Point de vérification système
RP11: 30/09/2010 17:32:22 - Point de vérification système
RP12: 01/10/2010 18:02:39 - Point de vérification système
RP13: 02/10/2010 18:29:26 - Point de vérification système
RP14: 03/10/2010 19:29:32 - Point de vérification système
RP15: 04/10/2010 09:12:27 - Software Distribution Service 3.0
RP16: 05/10/2010 12:46:10 - Point de vérification système
RP17: 06/10/2010 11:07:23 - OTL Restore Point
RP18: 06/10/2010 11:08:46 - OTL Restore Point
RP19: 07/10/2010 13:13:09 - Point de vérification système
RP20: 08/10/2010 13:19:48 - Point de vérification système
RP21: 09/10/2010 14:11:20 - Point de vérification système
RP22: 10/10/2010 15:11:22 - Point de vérification système

==== Installed Programs ======================


7-Zip 4.57
Adobe Flash Player 10 Plugin
Agent avancé LANDesk
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
BIOS Configuration for HP ProtectTools
Borland JBuilder X Enterprise
Borland JBuilder X Entreprise
CCleaner
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007
Connexion Bureau à distance
ConvertHelper 2.2
Credential Manager for HP ProtectTools
Crystal Reports pour Borland JBuilder
DeskTopBinder - SmartDeviceMonitor for Client
Drive Encryption for HP ProtectTools
dsFolder
Embedded Security for HP ProtectTools
ERUNT 1.1j
FileZilla Client 3.1.0.1
Foxit Reader
Free DWG Viewer 6.3
Free Musiz Zilla
getHostName v.1.3.0
Google Chrome
High Definition Audio - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Help and Support
HP Precisionscan Pro 3.1
HP ProtectTools Security Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.14.1
Interface Intel® Management Engine
InterVideo Register Manager
InterVideo WinDVD
Java 2 Runtime Environment, SE v1.4.2_05
Java Platform, Enterprise Edition 5 SDK
Java(TM) 6 Update 17
Java(TM) 6 Update 6
Java(TM) SE Runtime Environment 6 Update 1
JBuilder Toolkit for sforce
LANDesk Remote Control Console for Mozilla
LANDesk(R) Common Base Agent 8
Lecteur Windows Media 11
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Network Monitor 3.3
Microsoft Network Monitor: Microsoft Parsers 3.3
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (French) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (French) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (French) 12
Microsoft SQL Server 2000
Microsoft SQL Server 2000 Driver for JDBC Service Pack 3
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB2183461)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB974455)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB976325)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB978207)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB982381)
Mise à jour de sécurité pour Windows XP (KB923789)
Mise à jour pour Windows Internet Explorer 7 (KB976749)
Mise à jour pour Windows Internet Explorer 7 (KB980182)
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Mozilla Firefox (3.6.8)
MSVC80_x86
Nokia Connectivity Cable Driver
Nokia PC Suite
OKI Color Swatch Utility
OKI Network Extension
Opera 10.01
Outlook Attachment Remover 2.0
Package de pilotes Windows - Nokia Modem (05/22/2008 3.8)
Package de pilotes Windows - Nokia Modem (05/22/2008 7.00.0.1)
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
PartitionMagic
PC Connectivity Solution
PDFCreator
PhotoFiltre
PowerQuest PartitionMagic 8.0
PSPad editor
QuickTime
Recuva
SDMSSplash
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
SoundMAX
Spybot - Search & Destroy
Sun ONE Application Server 7 Plugin for JBuilder X
SUPER © Version 2010.bld.37 (Jan 2, 2010)
Symantec pcAnywhere
Technologie d’administration active Intel®
Tun EMUL 2005 (PC-to-Host)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Outlook 2007 Junk Email Filter (kb2291599)
USBDLM
UsbFix
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
XML Paper Specification Shared Components Language Pack 1.0

==== End Of File ===========================
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede nickW » 12 Oct 2010, 01:03

Bonsoir,

Utilisation d'un autre outil:


Étape 1: TDSSKiller (de Kaspersky), installation
Télécharger tdsskiller.zip depuis le lien ci-dessous:
http://support.kaspersky.com/downloads/ ... killer.zip

Extraire de l'archive téléchargée le fichier TDSSKiller.exe et le placer sur le Bureau.


Étape 2: TDSSKiller (de Kaspersky), exécution
Faire un double clic sur TDSSKiller.exe pour le lancer.

L'écran de TDSSKiller s'affiche:
Image

Cliquer sur Start scan pour lancer l'analyse.

Lorsque l'outil a terminé son travail d'inspection,

Si des nuisibles ("Malicious objects") ont été détectés, le programme sélectionne automatiquement l'action à effectuer (Cure ou Delete).

Si des objects suspects ("Suspicious objects") ont été détectés, sur l'écran de demande de confirmation, modifier l'action à entreprendre et indiquer Quarantine (au lieu de Skip).

Puis cliquer sur le bouton Image (Continue),

Attendre l'affichage du fichier rapport.

Si l'outil a besoin d'un redémarrage pour finaliser le nettoyage, cliquer sur le bouton Image (Reboot computer)


Étape 3: TDSSKiller (de Kaspersky), résultat
Envoyer en réponse:
*- le rapport de TDSSKiller (contenu du fichier SystemDrive\TDSSKiller.Version_Date_Heure_log.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 46 invités