Cheval de Troie récalcitrant

[keytronix]

Bonjour,

 

depuis deux semaines j'ai Antivir qui détecte un cheval de troie ( TR/Dldr.Agent.dfhk dans le fichier omgyyqdf.dll) , je n'arrive pas à le supprimer,

à la fermeture de windows (xp sp2) j'ai un message qui me dit que l'explorer ne répond plus, pour finir j'ai des plantages de pilote de cartes sons .

peut être ces symptômes sont indépendants les uns des autres , peut être est ce lié ?

j'ai essayé plusieurs fois de faire un scan complet hors connection internet avec Avir , il plante à 98% de progression de scan, et avec ZHPdiag il ne semble pas détecter le cheval de troie.

j'utilise très peu de clés USB que je scan régulièrement aussi.

 

merci de m'indiquer la marche à suivre !

[Gof]

Bonsoir keytronix

 

Messages: 1

Bienvenue sur les forums de Zebulon.

 

Quelques liens pour t'aider à commencer :

• Comment participer à un forum
  
• retrouver ses messages et activer la notification par email
  

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement

 

Télécharge OTL de OldTimer : http://oldtimer.geekstogo.com/OTL.exe

• Enregistre le fichier sur ton bureau.
  
• Double-clique sur OTL.exe pour le lancer (l'extension peut ne pas apparaître).
  
• Coche la case Tous les utilisateurs comme indiqué sur l'image.
  
  
• Fais de même avec Recherche Lop et Recherche Purity.
  
   
  
• Clique ensuite sur Analyse puis patiente pendant qu'il scanne le registre et les fichiers.
  
• Un texte s'ouvre alors (il s'appelle "OTL.txt"), c'est le rapport... que tu "copies-colles" dans ta prochaine réponse.
  

[keytronix]

voici le rapport d'analyse d'OTL :

 

OTL logfile created on: 03/05/2010 17:18:49 - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrateur\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 48,83 Gb Total Space | 20,33 Gb Free Space | 41,63% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Drive G: | 249,26 Gb Total Space | 198,03 Gb Free Space | 79,45% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: XPSP2

Current User Name: Administrateur

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Processes (SafeList) ==========

 

PRC - [2010/05/03 17:17:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe

PRC - [2009/11/26 19:00:51 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2009/11/26 19:00:51 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2009/11/20 11:19:53 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

PRC - [2009/09/18 23:50:58 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/03/02 14:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/02/18 11:16:30 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2006/12/23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

PRC - [2006/12/23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2006/12/23 18:54:04 | 000,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

PRC - [2006/11/13 15:07:02 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe

PRC - [2006/11/13 15:06:52 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe

PRC - [2006/07/07 18:45:00 | 001,052,672 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SuperCopier2.exe

PRC - [2006/06/16 00:28:36 | 000,987,136 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe

PRC - [2006/05/18 08:22:02 | 000,843,776 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe

PRC - [2006/03/30 14:58:14 | 000,143,360 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

PRC - [2006/03/30 14:54:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

PRC - [2006/03/30 14:54:18 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

PRC - [2006/02/07 00:13:32 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

PRC - [2005/10/18 15:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe

PRC - [2005/09/23 23:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/05/03 17:17:36 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe

MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2006/07/07 18:12:46 | 000,086,528 | ---- | M] (SFX TEAM) -- C:\Program Files\SuperCopier2\SC2Hook.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- -- (fsssvc)

SRV - [2009/11/26 19:00:51 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2009/11/26 19:00:51 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/02/18 11:16:30 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2006/12/23 18:54:04 | 000,262,144 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2006/03/30 14:58:14 | 000,143,360 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

SRV - [2006/03/30 14:54:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)

SRV - [2006/03/30 14:54:18 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)

SRV - [2006/02/07 00:13:32 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)

SRV - [2005/10/18 15:00:10 | 000,241,152 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)

SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2001/09/28 13:00:00 | 000,109,568 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\orztegv.dll -- (lxnhiewa)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010/04/04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2010/01/28 16:25:05 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)

DRV - [2009/12/10 23:54:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/11/26 19:00:51 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)

DRV - [2009/03/30 11:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2009/02/13 13:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008/07/10 19:43:36 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\STEC3.sys -- (STEC3)

DRV - [2008/04/13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Pilote USB audio (WDM)

DRV - [2008/04/13 18:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2006/08/22 17:32:58 | 000,022,144 | ---- | M] (Lumenera Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lwldr1dc.sys -- (LWLDR1dc) Lumenera USB Loader Driver (lwldr1dc.sys)

DRV - [2006/08/03 15:00:44 | 000,454,784 | ---- | M] (Lumenera Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lwcam1dc.sys -- (USBlwcam1dc)

DRV - [2006/06/16 09:30:16 | 000,176,128 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)

DRV - [2006/06/15 10:02:22 | 000,142,464 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\adidts.sys -- (ADIDTSFiltService)

DRV - [2006/05/10 11:27:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2006/05/02 11:12:06 | 000,229,376 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

DRV - [2006/03/31 04:39:54 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)

DRV - [2006/03/22 08:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2006/03/22 08:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2006/03/22 08:23:50 | 000,109,568 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)

DRV - [2005/10/19 18:00:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)

DRV - [2005/10/18 15:01:38 | 000,011,008 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)

DRV - [2005/06/14 05:06:06 | 000,020,480 | R--- | M] (MICRIUM TECHNOLOGIES CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbScout.sys -- (SKYSCOUT)

DRV - [2005/01/20 00:30:52 | 000,067,200 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\SI3132.sys -- (SI3132)

DRV - [2004/11/01 21:21:32 | 000,010,368 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)

DRV - [2004/08/13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2001/08/17 22:04:46 | 000,223,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv21.sys -- (camvid20)

DRV - [2001/08/17 20:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

DRV - [1999/09/10 13:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.sys -- (Aspi32)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nixud.com/

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-343818398-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-343818398-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nasa.gov/

IE - HKU\S-1-5-21-343818398-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-343818398-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKU\S-1-5-21-343818398-2077806209-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 A7 1C 66 4E 69 CA 01 [binary data]

IE - HKU\S-1-5-21-343818398-2077806209-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://fr.yahoo.com/"

FF - prefs.js..extensions.enabledItems: fr@dictionaries.addons.mozilla.org:3.5

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 23:46:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 23:46:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/12/14 19:15:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/12/22 13:42:18 | 000,000,000 | ---D | M]

 

[2009/12/14 19:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions

[2009/12/14 19:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010/04/30 19:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ds3dbj2j.default\extensions

[2010/04/15 12:38:06 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ds3dbj2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/04/06 23:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ds3dbj2j.default\extensions\fr@dictionaries.addons.mozilla.org

[2010/04/30 19:23:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/06/07 16:05:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2010/04/01 19:07:29 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/04/01 19:07:29 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/04/01 19:07:29 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/04/01 19:07:29 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/04/01 19:07:29 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2001/09/28 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)

O2 - BHO: () - {C15B3081-6F8A-4B5C-8E55-5FC623B29FBC} - C:\WINDOWS\system32\orztegv.dll ()

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-343818398-2077806209-839522115-500\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Microsoft Spool 13 Service] File not found

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] File not found

O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-343818398-2077806209-839522115-500..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-343818398-2077806209-839522115-500..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-343818398-2077806209-839522115-500..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found

O4 - HKU\S-1-5-21-343818398-2077806209-839522115-500..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (SFX TEAM)

O4 - HKU\S-1-5-21-343818398-2077806209-839522115-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-343818398-2077806209-839522115-500..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk = C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe (ASUSTek Computer Inc.)

O4 - Startup: C:\Documents and Settings\Al

[Gof]

Bonjour keytronix,

 

Navré de te répondre si tard, j'ai eu des impératifs indépendant de ma volonté cette semaine qui m'ont éloigné des réseaux. Ton rapport n'est pas complet, il n'a pas été copié-collé entièrement. Néanmoins, on voit en effet la présence d'élements infectieux.

 

Procède comme ceci je te prie (il sera nécessaire de désactiver l'antivirus, qui risque de gêner l'outil).

 

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.

• Double-clique combofix.exe afin de l'exécuter et suis les instructions.
  
• Lorsque l'analyse sera complétée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.