Trojan win32: fasec --- RESOLU !

[dynatek]

Voici le rapportde Combo

 

ComboFix 09-02-21.01 - 007 2009-02-22 16:42:30.1 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1320 [GMT 1:00]

Lancé depuis: c:\users\007\Downloads\plop.exe

AV: avast! antivirus 4.8.1229 [VPS 081112-0] *On-access scanning enabled* (Updated)

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\autorun.inf

c:\windows\system32\gaopdxcounter

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_Boonty Games

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))

.

 

2009-02-22 16:18 . 2009-02-22 16:18 <REP> d-------- c:\users\All Users\Malwarebytes

2009-02-22 16:18 . 2009-02-22 16:18 <REP> d-------- c:\users\007\AppData\Roaming\Malwarebytes

2009-02-22 16:18 . 2009-02-22 16:18 <REP> d-------- c:\programdata\Malwarebytes

2009-02-22 16:18 . 2009-02-22 16:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-22 16:18 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-02-22 16:18 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-02-22 14:48 . 2009-02-22 14:49 <REP> d-------- C:\rsit

2009-02-22 14:48 . 2009-02-22 14:49 <REP> d-------- c:\program files\trend micro

2009-02-12 07:33 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll

2009-02-12 07:33 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe

2009-02-12 07:33 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe

2009-02-12 07:33 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll

2009-02-12 07:33 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll

2009-02-12 07:33 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll

2009-02-12 07:33 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl

2009-02-12 07:33 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll

2009-02-12 07:22 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll

2009-02-12 07:22 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll

2009-02-12 07:22 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll

2009-02-12 07:22 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll

2009-02-12 07:22 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll

2009-02-11 20:42 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll

2009-02-11 20:42 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll

2009-02-11 20:42 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax

2009-02-11 20:42 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax

2009-02-11 20:42 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax

2009-02-11 07:02 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2009-02-11 07:02 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

2009-02-10 18:07 . 2009-02-10 18:07 <REP> d-------- c:\users\007\AppData\Roaming\World-LooM

2009-02-04 13:00 . 2009-02-04 13:00 <REP> d-------- c:\users\007\AppData\Roaming\GameInvest

2009-02-03 11:55 . 2009-02-03 11:55 <REP> d-------- c:\users\007\AppData\Roaming\YoudaGames

2009-01-28 18:32 . 2009-01-28 18:33 <REP> d-------- c:\program files\Shareaza

2009-01-28 15:41 . 2009-01-28 15:41 <REP> d-------- c:\users\007\AppData\Roaming\Boomzap

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-22 15:46 84,711 ----a-w c:\windows\system32\drivers\stwrte.log

2009-02-12 11:10 --------- d-----w c:\program files\Windows Mail

2009-02-12 06:54 --------- d-----w c:\programdata\Microsoft Help

2009-02-10 20:41 --------- d---a-w c:\programdata\TEMP

2009-02-10 17:04 --------- d-----w c:\program files\Oberon Media

2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys

2009-02-05 19:03 --------- d-----w c:\programdata\Roxio

2009-02-03 15:55 --------- d-----w c:\users\007\AppData\Roaming\iWin

2009-02-03 15:54 --------- d-----w c:\users\007\AppData\Roaming\Zylom

2009-01-28 16:10 --------- d-----w c:\program files\M6 Jeux

2009-01-28 11:41 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-28 11:41 --------- d-----w c:\program files\Orange

2009-01-27 15:06 --------- d-----w c:\program files\BoontyGames

2009-01-03 09:58 --------- d-----w c:\programdata\eMule

2008-07-02 08:33 174 --sha-w c:\program files\desktop.ini

2008-11-14 16:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-11-14 16:45 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-11-14 16:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-11-23 77824]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"SystrayORAHSS"="c:\program files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 90112]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 202544]

"PMX Daemon"="ICO.EXE" [2006-11-08 c:\windows\System32\ico.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\startupfolder\C:^Users^007^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\users\007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

--a------ 2007-10-09 19:56 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

--a------ 2007-10-09 19:57 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

--a------ 2007-05-25 07:03 17920 c:\dell\E-Center\EULALauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

--a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbkbmgr.exe]

--a------ 2007-04-26 12:03 74672 c:\program files\Lexmark X1100 Series\LXBKbmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

--a------ 2006-11-05 12:22 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2006-11-10 13:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]

--a------ 2006-11-08 16:01 49152 c:\windows\System32\ico.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

--a------ 2007-09-24 10:41 4452352 c:\windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{110C98B4-E267-4BF9-B5A0-F0363DE8A894}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{B126F1A0-7B2A-4579-B43E-E2D6633E073A}"= UDP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System

"{88091847-1AC6-4AB9-980E-C454D0CE3FD0}"= TCP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System

"{FA83E195-2EC4-424F-9346-CBF266A641DE}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window

"{B9C507D5-62EF-499C-8D79-71A373621B38}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window

"TCP Query User{9A5AF0D4-1CE7-4491-AA6C-520042186D81}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{96F4609A-1456-44D6-9E70-6D2E0294B513}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{3EC0DE3F-B0C1-46C3-A609-EB556F879473}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

"{52CE4FD7-F66D-4903-B190-BCB20A773034}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

"TCP Query User{41DBEA7D-281F-424C-AD91-D6CCFE774336}c:\\program files\\palm\\hotsync.exe"= UDP:c:\program files\palm\hotsync.exe:HotSync® Manager Application

"UDP Query User{9C48CA53-08EF-4D3C-9996-31DCB08F94ED}c:\\program files\\palm\\hotsync.exe"= TCP:c:\program files\palm\hotsync.exe:HotSync® Manager Application

"TCP Query User{67954C02-B91A-48C1-9EBC-DA5C08EF5FE5}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{A983FA1E-CB8E-4722-8489-B524CBB7C146}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{F0321945-F46A-4BE6-8D49-B125F91BD033}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing

"UDP Query User{7BAF0931-D657-4C39-BF89-A0B236F135D0}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-04 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-04 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2007-12-08 51792]

R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]

R3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxmouse.sys [2007-11-23 18432]

R3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxusblf.sys [2007-11-23 19008]

S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2007-11-29 28224]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a6a2908-99f8-11dc-a21f-806e6f6e6963}]

\shell\AutoRun\command - E:\go.exe autorun.hta

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ace8ce6b-a639-11dc-9b36-001aa05f868a}]

\shell\AutoRun\command - J:\setupSNK.exe

.

- - - - ORPHELINS SUPPRIMES - - - -

 

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: gouv.fr\inscriptionpart.impots

FF - ProfilePath - c:\users\007\AppData\Roaming\Mozilla\Firefox\Profiles\nm1g2uof.default\

FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll

FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll

FF - plugin: c:\users\007\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-22 16:47:29

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\windows\System32\lxbkcoms.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\System32\WUDFHost.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\windows\System32\conime.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\pmxmiced.exe

c:\windows\System32\wbem\WMIADAP.exe

c:\windows\System32\dllhost.exe

.

**************************************************************************

.

Heure de fin: 2009-02-22 16:52:47 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-02-22 15:52:43

 

Avant-CF: 191 802 679 296 octets libres

Après-CF: 191,716,569,088 octets libres

 

207 --- E O F --- 2009-02-20 06:01:36

[Falkra]

:!: Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

Branche tes clés USB et autres périphériques amovibles avant ce qui suit.

 

• Ouvre le Bloc-notes. Vérifie que dans le menu "Format", le "retour automatique à la ligne" est désactivé. Copie colle ceci dedans :
  

Killall::

 

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a6a2908-99f8-11dc-a21f-806e6f6e6963}]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=-

• Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
   
  
• Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture
  

• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

[dynatek]

Je ne trouve pas le fichier Combofix.exe

Faut il que je le telecharge à nouveau ?

[Falkra]

C'est plop.exe (combofix renommé).

[dynatek]

Voici le rapport... JE SUIS VRAIMENT TROP BETE ...

Desolé!

 

ComboFix 09-02-21.01 - 007 2009-02-22 17:24:18.2 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1299 [GMT 1:00]

Lancé depuis: c:\users\007\Downloads\plop.exe

Commutateurs utilisés :: c:\users\007\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1229 [VPS 081112-0] *On-access scanning enabled* (Updated)

* Un nouveau point de restauration a été créé

.

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))

.

 

2009-02-22 16:18 . 2009-02-22 16:18 <REP> d-------- c:\users\All Users\Malwarebytes

2009-02-22 16:18 . 2009-02-22 16:18 <REP> d-------- c:\users\007\AppData\Roaming\Malwarebytes

2009-02-22 16:18 . 2009-02-22 16:18 <REP> d-------- c:\programdata\Malwarebytes

2009-02-22 16:18 . 2009-02-22 16:18 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-22 16:18 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-02-22 16:18 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-02-22 14:48 . 2009-02-22 14:49 <REP> d-------- C:\rsit

2009-02-22 14:48 . 2009-02-22 14:49 <REP> d-------- c:\program files\trend micro

2009-02-12 07:33 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll

2009-02-12 07:33 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe

2009-02-12 07:33 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe

2009-02-12 07:33 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll

2009-02-12 07:33 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll

2009-02-12 07:33 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll

2009-02-12 07:33 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl

2009-02-12 07:33 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll

2009-02-12 07:22 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll

2009-02-12 07:22 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll

2009-02-12 07:22 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll

2009-02-12 07:22 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll

2009-02-12 07:22 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll

2009-02-11 20:42 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll

2009-02-11 20:42 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll

2009-02-11 20:42 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax

2009-02-11 20:42 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax

2009-02-11 20:42 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax

2009-02-11 07:02 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2009-02-11 07:02 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

2009-02-10 18:07 . 2009-02-10 18:07 <REP> d-------- c:\users\007\AppData\Roaming\World-LooM

2009-02-04 13:00 . 2009-02-04 13:00 <REP> d-------- c:\users\007\AppData\Roaming\GameInvest

2009-02-03 11:55 . 2009-02-03 11:55 <REP> d-------- c:\users\007\AppData\Roaming\YoudaGames

2009-01-28 18:32 . 2009-01-28 18:33 <REP> d-------- c:\program files\Shareaza

2009-01-28 15:41 . 2009-01-28 15:41 <REP> d-------- c:\users\007\AppData\Roaming\Boomzap

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-22 16:26 84,898 ----a-w c:\windows\system32\drivers\stwrte.log

2009-02-12 11:10 --------- d-----w c:\program files\Windows Mail

2009-02-12 06:54 --------- d-----w c:\programdata\Microsoft Help

2009-02-10 20:41 --------- d---a-w c:\programdata\TEMP

2009-02-10 17:04 --------- d-----w c:\program files\Oberon Media

2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys

2009-02-05 19:03 --------- d-----w c:\programdata\Roxio

2009-02-03 15:55 --------- d-----w c:\users\007\AppData\Roaming\iWin

2009-02-03 15:54 --------- d-----w c:\users\007\AppData\Roaming\Zylom

2009-01-28 16:10 --------- d-----w c:\program files\M6 Jeux

2009-01-28 11:41 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-28 11:41 --------- d-----w c:\program files\Orange

2009-01-27 15:06 --------- d-----w c:\program files\BoontyGames

2009-01-03 09:58 --------- d-----w c:\programdata\eMule

2008-07-02 08:33 174 --sha-w c:\program files\desktop.ini

2008-11-14 16:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-11-14 16:45 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-11-14 16:45 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-02-22_16.51.20.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-02-22 16:27:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-02-22 16:27:08 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-02-22 15:47:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-02-22 16:27:47 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2009-02-22 16:27:47 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-02-22 15:47:57 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-02-22 16:28:20 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2009-02-22 16:28:20 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-02-22 15:48:21 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-02-22 16:28:28 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-02-22 15:48:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-22 16:28:28 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-02-22 15:48:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-02-22 16:28:28 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-02-22 15:38:26 104,742 ----a-w c:\windows\System32\perfc009.dat

+ 2009-02-22 16:07:45 104,742 ----a-w c:\windows\System32\perfc009.dat

- 2009-02-22 15:38:26 127,798 ----a-w c:\windows\System32\perfc00C.dat

+ 2009-02-22 16:07:45 127,798 ----a-w c:\windows\System32\perfc00C.dat

- 2009-02-22 15:38:26 595,308 ----a-w c:\windows\System32\perfh009.dat

+ 2009-02-22 16:07:45 595,308 ----a-w c:\windows\System32\perfh009.dat

- 2009-02-22 15:38:26 678,718 ----a-w c:\windows\System32\perfh00C.dat

+ 2009-02-22 16:07:45 678,718 ----a-w c:\windows\System32\perfh00C.dat

- 2009-02-22 15:48:21 10,996 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2306153881-456578782-1591670270-1000_UserData.bin

+ 2009-02-22 16:29:08 11,140 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2306153881-456578782-1591670270-1000_UserData.bin

- 2009-02-22 15:48:21 60,422 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-02-22 16:29:07 60,438 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-02-22 15:34:53 48,814 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-02-22 16:29:07 49,198 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-11-23 77824]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"SystrayORAHSS"="c:\program files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 90112]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 202544]

"PMX Daemon"="ICO.EXE" [2006-11-08 c:\windows\System32\ico.exe]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\startupfolder\C:^Users^007^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\users\007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

--a------ 2007-10-09 19:56 202544 c:\program files\Dell Support Center\bin\sprtcmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

--a------ 2007-10-09 19:57 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

--a------ 2007-05-25 07:03 17920 c:\dell\E-Center\EULALauncher.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

--a------ 2008-01-19 08:33 125952 c:\windows\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbkbmgr.exe]

--a------ 2007-04-26 12:03 74672 c:\program files\Lexmark X1100 Series\LXBKbmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

--a------ 2006-11-05 12:22 221184 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

--a------ 2006-11-10 13:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMX Daemon]

--a------ 2006-11-08 16:01 49152 c:\windows\System32\ico.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

--a------ 2007-09-24 10:41 4452352 c:\windows\RtHDVCpl.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{110C98B4-E267-4BF9-B5A0-F0363DE8A894}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{B126F1A0-7B2A-4579-B43E-E2D6633E073A}"= UDP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System

"{88091847-1AC6-4AB9-980E-C454D0CE3FD0}"= TCP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System

"{FA83E195-2EC4-424F-9346-CBF266A641DE}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window

"{B9C507D5-62EF-499C-8D79-71A373621B38}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxbkpswx.exe:Printer Status Window

"TCP Query User{9A5AF0D4-1CE7-4491-AA6C-520042186D81}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{96F4609A-1456-44D6-9E70-6D2E0294B513}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer

"{3EC0DE3F-B0C1-46C3-A609-EB556F879473}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

"{52CE4FD7-F66D-4903-B190-BCB20A773034}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil

"TCP Query User{41DBEA7D-281F-424C-AD91-D6CCFE774336}c:\\program files\\palm\\hotsync.exe"= UDP:c:\program files\palm\hotsync.exe:HotSync® Manager Application

"UDP Query User{9C48CA53-08EF-4D3C-9996-31DCB08F94ED}c:\\program files\\palm\\hotsync.exe"= TCP:c:\program files\palm\hotsync.exe:HotSync® Manager Application

"TCP Query User{67954C02-B91A-48C1-9EBC-DA5C08EF5FE5}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule

"UDP Query User{A983FA1E-CB8E-4722-8489-B524CBB7C146}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

"TCP Query User{F0321945-F46A-4BE6-8D49-B125F91BD033}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing

"UDP Query User{7BAF0931-D657-4C39-BF89-A0B236F135D0}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-04 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-04 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2007-12-08 51792]

R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]

R3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxmouse.sys [2007-11-23 18432]

R3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxusblf.sys [2007-11-23 19008]

S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2007-11-29 28224]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ace8ce6b-a639-11dc-9b36-001aa05f868a}]

\shell\AutoRun\command - J:\setupSNK.exe

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.fr/

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Trusted Zone: gouv.fr\inscriptionpart.impots

FF - ProfilePath - c:\users\007\AppData\Roaming\Mozilla\Firefox\Profiles\nm1g2uof.default\

FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll

FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll

FF - plugin: c:\users\007\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-22 17:29:01

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\windows\System32\lxbkcoms.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\System32\WUDFHost.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\windows\System32\conime.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\windows\System32\pmxmiced.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\wbem\WMIADAP.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Heure de fin: 2009-02-22 17:32:51 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-02-22 16:32:48

ComboFix2.txt 2009-02-22 15:52:48

 

Avant-CF: 191 410 036 736 octets libres

Après-CF: 191,583,277,056 octets libres

 

223 --- E O F --- 2009-02-20 06:01:36

[Falkra]

Voici le rapport... JE SUIS VRAIMENT TROP BETE ...

Desolé!

Tu n'es pas bête du tout, rien à voir. Aucun souci ! Il vaut mieux demander, ce que tu as fait, en cas de doute, ça c'est bien, et pas bête du tout.

 

Là tu devrais pouvoir mettre à jour MBAM. Si ça marche, branche tes périphériques amovibles, fais le scan rapide après la mise à jour, et poste le rapport.

[dynatek]

Voici le rapport avec exaen rapide...

 

Malwarebytes' Anti-Malware 1.34

Version de la base de données: 1793

Windows 6.0.6001 Service Pack 1

 

22/02/2009 18:41:25

mbam-log-2009-02-22 (18-41-25).txt

 

Type de recherche: Examen rapide

Eléments examinés: 52463

Temps écoulé: 3 minute(s), 15 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

[Falkra]

Bien.

 

Poste un nouveau rapport HijackThis, normalement les mises à jour ça doit marcher là (tu confirmes ?).

[dynatek]

Les mises à jours sont OK, tout à bien fonctionné!

[dynatek]

Désolé j'ai oublié le rapport hij...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:52:56, on 22/02/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Windows\System32\ico.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\Pmxmiced.exe

C:\Windows\Explorer.exe

C:\Program Files\OrangeHSS\Launcher\Launcher.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe

C:\Program Files\OrangeHSS\systray\systrayapp.exe

C:\Program Files\OrangeHSS\Deskboard\deskboard.exe

C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe

C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Users\007\AppData\Local\Temp\Temp2_HiJackThis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&cli...amp;ibd=4071124

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 6042 bytes

 

 

Suis je sorti d'affaire ?