Fonctionnement altéré

Bonjour,


OS : Windows Vista Edition Familiale Premium Service Pack 1

Objet du problème : alors que je naviguais sur Internet et que j'avais plusieurs applications actives (bureautique, dessin) mon portable s'est brusquement arrêté puis a redémarré.

J'ai rapidement constaté que dans la barre de notification l'icône réseau était et reste encore maintenant barrée d'une croix rouge en indiquant "Vous n'êtes actuellement connecté à aucun réseau".



Lorsque je recours à la commande Diagnostiquer et réparer j'obtiens :


- Branchez un câble dans la carte réseau "Connexion au réseau local"

- Démarrer le service sans fil de Windows



Dans le Gestionnaire de périphériques la carte réseau : Intel(R) PRO/Wireless 3945ABG Network Connection apparaît et indique "Ce périphérique fonctionne correctement."

Je l'ai désinstallé et réinstallé pour vérifier que le pilote n'était pas endommagé.


Impossible de faire une restauration système, la procédure se déroule mais lorsque Windows redémarre un message précise "Une erreur s'est produite" et les fichiers systèmes ne sont pas modifiés.

Enfin, impossible de lancer mon antivirus depuis ce matin j'ai le message : ashAvast.exe n'est pas une application win32 valide.
Hier il avait détecté le troja, win32:beagle-aaw.


Merci de votre aide.

Amicalement.
rv

Bonjour FanDANGEKDARK et merci pour ton aide,

voilà j'ai passé Elibagla (en mode normale puis finalement en mode sans échec car sinon impossible, le processus d'analyse s'arrêtait ???)

j'obtiens le rapport suivant :



Mon Nov 03 15:50:59 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 03 15:51:50 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 03 15:53:05 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 03 15:53:14 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 03 15:54:21 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 03 15:54:24 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 1213
Nº Total de Ficheros: 10449
Nº de Ficheros Analizados: 349
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Mon Nov 03 15:54:42 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 03 15:55:39 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 03 15:55:45 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad H:\

Nº Total de Directorios: 221
Nº Total de Ficheros: 3359
Nº de Ficheros Analizados: 97
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Mon Nov 03 15:56:15 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 03 15:56:55 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 03 15:56:58 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 03 15:58:24 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 03 15:58:26 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 03 15:59:51 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 03 16:01:29 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 03 16:01:32 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 03 16:03:01 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 03 16:03:10 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 03 16:06:03 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Reinicie para Completar la Limpieza.

Mon Nov 03 16:06:08 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon Nov 03 16:10:07 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)

Mon Nov 03 16:10:12 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\System Volume Information\SystemRestore\FRStaging{2490CA05-23DB-4BA9-B135-7B7D5227A62A}\Windows\System32\drivers\SROSA.SYS --> Eliminado Bagle (rootkit)
C:\System Volume Information\SystemRestore\FRStaging{B2A1306C-15CB-4421-83AD-9275316EEB8A}\Windows\System32\drivers\SROSA.SYS --> Eliminado Bagle (rootkit)

Nº Total de Directorios: 26225
Nº Total de Ficheros: 189576
Nº de Ficheros Analizados: 20169
Nº de Ficheros Infectados: 2
Nº de Ficheros Limpiados: 2

Mon Nov 03 16:28:51 2008
EliBagle v11.91 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 29 de Octubre del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Bonjour FanDANGELDARK et merci à nouveau pour ton aide et le temps passé à ce soutien,


j'ai suivi tes indications et j'obtiens le rapport ci-après :


ComboFix 08-11-03.04 - siana 2008-11-04 14:28:41.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1282 [GMT 1:00]
Lancé depuis: C:\Combo-Fix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dell\E-Center\EULALauncher.exe
C:\InfoSat.txt
c:\program files\GamesBar\oberontb.dll
c:\users\siana\AppData\Local\bgqjdox_navfx.dat
c:\users\siana\AppData\Local\ekeui.dat
c:\users\siana\AppData\Local\ekeui_nav.dat
c:\users\siana\AppData\Local\ekeui_navps.dat
c:\users\siana\AppData\Local\oqwefmc.dat
c:\users\siana\AppData\Local\oqwefmc_nav.dat
c:\users\siana\AppData\Local\oqwefmc_navps.dat
c:\users\siana\AppData\Local\pvyznq.dat
c:\users\siana\AppData\Local\pvyznq_nav.dat
c:\users\siana\AppData\Local\pvyznq_navps.dat
c:\windows\system32\drivers\downld
c:\windows\system32\drivers\winfilse.exe
c:\windows\system32\GDIPLUS.DLL
c:\windows\system32\x64
H:\InfoSat.txt

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-04 au 2008-11-04 ))))))))))))))))))))))))))))))))))))
.

2008-11-04 10:05 . 2008-11-03 15:45 57,867 --a------ C:\ELIBAGLA.ØIAABØØH.EXE
2008-10-31 11:46 . 2008-10-31 11:46 <REP> d-------- c:\program files\Alwil Software
2008-10-31 11:46 . 2008-07-19 16:36 51,280 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-10-30 09:43 . 2008-10-30 09:43 <REP> d-------- c:\users\siana\AppData\Roaming\PeerNetworking
2008-10-30 08:20 . 2008-11-01 08:04 176,876,558 --a------ c:\windows\MEMORY.DMP
2008-10-30 08:10 . 2008-10-30 08:13 62,976 --a------ c:\windows\PegtopUI.exe
2008-10-30 07:27 . 2008-10-30 11:08 <REP> d-------- c:\users\All Users\eMule
2008-10-30 07:27 . 2008-10-30 11:08 <REP> d-------- c:\progra~2\eMule
2008-10-29 18:44 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 18:44 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 18:44 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-29 15:01 . 2008-10-29 15:01 <REP> d-------- c:\program files\Easy Gif Animator Extension
2008-10-29 15:01 . 2008-10-29 15:01 234,418 --a------ c:\windows\EasyGifAnimator_Toolbar_Uninstaller_6132.exe
2008-10-29 14:59 . 2008-10-29 14:59 <REP> d-------- c:\program files\Easy GIF Animator
2008-10-27 14:03 . 2008-10-27 14:03 <REP> d-------- c:\program files\Pegtop
2008-10-23 21:55 . 2008-10-23 21:55 <REP> d-------- c:\program files\BinaryMark
2008-10-21 17:31 . 2008-10-21 17:32 <REP> d-------- c:\program files\Common Files\Adobe
2008-10-21 17:19 . 2008-10-21 17:23 <REP> d-------- c:\users\All Users\NOS
2008-10-21 17:19 . 2008-10-21 17:19 <REP> d-------- c:\program files\NOS
2008-10-21 17:19 . 2008-10-21 17:23 <REP> d-------- c:\progra~2\NOS
2008-10-20 07:46 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-20 07:46 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-20 07:46 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-20 07:45 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-20 07:45 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-19 05:34 . 2008-10-29 05:55 <REP> d-------- c:\users\All Users\BVRP Software
2008-10-19 05:34 . 2008-10-29 05:55 <REP> d-------- c:\progra~2\BVRP Software
2008-10-16 17:37 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-16 17:37 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-16 17:37 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-16 17:37 . 2008-09-03 04:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-10-16 17:37 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-16 17:37 . 2008-09-03 04:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-10-16 17:36 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-16 17:36 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll
2008-10-12 23:39 . 2008-10-12 23:39 <REP> d-------- c:\program files\Common Files\Adobe AIR
2008-10-11 13:49 . 2008-10-11 13:49 100 --a------ c:\windows\lexstat.ini
2008-10-11 13:49 . 2008-10-11 13:49 76 --a------ c:\windows\dellstat.ini
2008-10-11 09:45 . 1997-04-18 10:49 298,496 --a------ c:\windows\unin040c.exe
2008-10-11 09:10 . 2008-10-11 09:48 <REP> d-------- c:\program files\Lexmark 1200 Series
2008-10-05 09:24 . 2006-12-12 17:51 61,440 --a------ c:\windows\System32\Autodial2000.dll
2008-10-05 09:22 . 2008-10-05 09:22 <REP> d-------- c:\program files\Common Files\France Telecom
2008-10-05 09:19 . 2008-10-05 09:19 <REP> d-------- c:\program files\SAGEM
2008-10-05 09:18 . 2008-10-05 09:18 <REP> d-------- c:\users\siana\AppData\Roaming\InstallShield
2008-10-05 09:17 . 2008-10-05 09:17 <REP> d-------- C:\Securitoo

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 13:42 --------- d-----w c:\users\siana\AppData\Roaming\OpenOffice.org2
2008-11-04 13:29 --------- d-----w c:\program files\GamesBar
2008-11-04 13:20 3,024,509 ----a-r C:\Combo-Fix.exe
2008-11-01 08:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-01 08:05 --------- d-----w c:\users\siana\AppData\Roaming\Vso
2008-11-01 08:05 --------- d-----w c:\users\siana\AppData\Roaming\Notepad++
2008-11-01 08:05 --------- d-----w c:\users\siana\AppData\Roaming\Azureus
2008-11-01 08:05 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-01 08:05 --------- d-----w c:\program files\PhotoFiltre
2008-11-01 08:05 --------- d-----w c:\progra~2\Spybot - Search & Destroy
2008-10-30 17:28 --------- d-----w c:\program files\Windows Mail
2008-10-30 17:28 --------- d-----w c:\program files\Songbeat
2008-10-30 08:04 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-30 08:03 --------- d-----w c:\program files\Norton Security Scan
2008-10-30 04:54 --------- d-----w c:\users\siana\AppData\Roaming\gtk-2.0
2008-10-29 14:15 --------- d-----w c:\users\siana\AppData\Roaming\FileZilla
2008-10-28 08:56 --------- d-----w c:\program files\McAfee
2008-10-09 08:39 --------- d-----w c:\program files\Freecorder
2008-10-04 20:23 --------- d-----w c:\program files\IncrediMail
2008-09-29 03:56 --------- d-----w c:\progra~2\RFA_Backups
2008-09-22 10:30 --------- d-----w c:\program files\Freecorder Toolbar
2008-09-22 09:22 737,280 ----a-w c:\windows\iun6002.exe
2008-09-21 08:54 --------- d-----w c:\program files\iTunes
2008-09-21 08:54 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-21 08:53 --------- d-----w c:\program files\iPod
2008-09-21 08:53 --------- d-----w c:\progra~2\Apple Computer
2008-09-21 08:47 --------- d-----w c:\program files\Common Files\Apple
2008-09-21 08:36 --------- d-----w c:\program files\Bonjour
2008-09-20 11:37 --------- d-----w c:\progra~2\IM
2008-09-20 11:34 --------- d-----w c:\progra~2\IncrediMail
2008-09-15 10:09 --------- d-----w c:\program files\Free GIF2SWF Converter
2008-09-15 09:17 --------- d-----w c:\program files\EasyPicture2Icon
2008-09-14 16:55 --------- d-----w c:\program files\Java
2008-09-14 05:35 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-14 05:24 174 --sha-w c:\program files\desktop.ini
2008-09-14 05:07 --------- d-----w c:\program files\Windows Sidebar
2008-09-14 05:07 --------- d-----w c:\program files\Windows Photo Gallery
2008-09-14 05:07 --------- d-----w c:\program files\Windows Journal
2008-09-14 05:07 --------- d-----w c:\program files\Windows Defender
2008-09-14 05:07 --------- d-----w c:\program files\Windows Collaboration
2008-09-14 05:07 --------- d-----w c:\program files\Windows Calendar
2008-09-12 20:14 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-09-12 13:15 --------- d-----w c:\program files\UnFREEz_2.1
2008-09-11 06:18 --------- d-----w c:\program files\Microsoft Works
2008-09-10 20:07 --------- d-----w c:\program files\Paint.NET
2008-09-09 18:30 --------- d-----w c:\program files\DebugMode
2008-09-09 16:43 --------- d-----w c:\program files\NoteWorthy Composer
2008-09-05 17:52 --------- d-----w c:\program files\Wondershare
2008-03-23 09:44 25,839,688 ----a-w c:\users\siana\wmp11-windowsxp-x86-FR-FR.exe
2007-08-01 07:35 0 ----a-w c:\users\siana\AppData\Roaming\wklnhst.dat
2007-12-04 18:56 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-04 18:56 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-04 18:56 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2008-10-09 1569304]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-10-09 09:39 1569304 --a------ c:\program files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-02-14 13:54 1555480 --a------ c:\program files\myBabylon\tbmyBa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2008-10-09 1569304]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "c:\program files\myBabylon\tbmyBa.dll" [2008-02-14 1555480]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2008-10-09 1569304]

[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-11 171448]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-09-08 243072]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-18 815104]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2008-09-06 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-11-03 582992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-03 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2007-12-04 111904]

c:\users\siana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Assistant de traduction IdiomaX.lnk - c:\program files\IdiomaX\Translation Assistant 4.0\TrasWord.exe [2007-01-18 410160]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-06-21 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-06-21 45056]

c:\users\siana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Windows Mail"=c:\program files\Windows Mail\WinMail.exe
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"="c:\windows\system32\msconfig.exe" /auto
"TkBellExe"="c:\program files\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1812897707-2736394745-370955149-1000]
"EnableNotificationsRef"=dword:00000009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4ADA0DCE-6E95-43C0-B91F-BEE081588F1D}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{9399CAF2-9FCD-4D9F-B3B0-DB6F8E58D8FF}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{482E6E63-B2D5-421E-B3DA-A89D2C99BC0D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4D23999E-6C67-4818-9BBF-ADB8B6B2B28D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4E16E28F-9358-483E-9592-24194815C908}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{16E0A8FA-5F5A-48BA-B36A-095023810FA2}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{51D80935-F7E1-4659-9775-611F1A9932EA}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{79EC515E-9C58-48D9-A73E-946F6A2C355A}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{DB8852A4-46E7-4CC0-B8B3-40B1AFE85434}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{6BCA26E8-38B8-431C-A810-EAE381729C91}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{1C7ACAC6-2991-4E3B-8501-C9A0CB46BE5D}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{0DDF666F-52D4-44F0-BDAF-8217EDDBF00D}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{7CF7CDC5-8B41-47E0-A57C-4676DA79D446}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"TCP Query User{ACA49A4D-42F8-45E0-86C4-B312D3E4D820}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{F4A6772F-8A19-41BE-B086-1BF956B7C50D}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{324E39F1-D8C0-490E-81E1-B903A437E6F3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{14CCAEFB-FE4C-4DAD-BB6C-8A2A99D0BB94}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C3B0F657-F049-4FD0-9CC1-A78106232417}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{CA70610C-35B5-4D1F-AD17-D77EAF02C125}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{5F94A40D-C760-415F-9F37-0D4828CE8354}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{67CBE0E1-9055-4822-A66E-D40F0B5F4C97}f:\\miniguppy\\zazouminiwebserver.exe"= UDP:f:\miniguppy\zazouminiwebserver.exe:ZazouMiniWebServer
"UDP Query User{7D8405A6-19DF-465D-AE38-753798E860A4}f:\\miniguppy\\zazouminiwebserver.exe"= TCP:f:\miniguppy\zazouminiwebserver.exe:ZazouMiniWebServer
"{BDA5B31A-D769-4199-87BF-68615BA4301A}"= Disabled:UDP:c:\users\siana\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:IncrediMail Installer
"{88E16A2A-C785-452E-BC50-B8CB38D98304}"= Disabled:TCP:c:\users\siana\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:IncrediMail Installer
"{426D70CC-6A22-46CB-97EC-51F2BA857009}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncrediMail_Install.exe:IncrediMail Installer
"{5DCBC8CA-D27B-4F73-9858-0B3848A66FD0}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncrediMail_Install.exe:IncrediMail Installer
"{EC4FE7F8-02C1-4D40-AE54-7BB64F4FCF20}"= Disabled:UDP:c:\users\siana\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:IncrediMail Installer
"{07BAC796-DBEA-4063-90F4-AB254EE482E3}"= Disabled:TCP:c:\users\siana\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:IncrediMail Installer
"{EAD33909-61B4-4DEF-B244-FD366AF331D8}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{B43B8C72-DA7F-492C-93C8-D5240480531C}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{281D48CD-748C-46A4-BBD8-C7EF69BD9836}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{438B9FF0-988A-4A10-8659-C067E541A0DA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0B19CDB2-5FC4-4ECB-B3CF-CBC8514F3E7E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{08FBC23E-CEC7-41F0-9D01-49F09527F708}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C3CC6E57-D9EB-4AB4-87DE-AAAA27039265}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{12275A88-0375-4AAF-A4CB-69D55099464B}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{26B0725F-AB46-48D5-AE28-927A658B2504}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{2E399440-21E6-43C4-944D-01953B5D2AC2}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{021AC605-08B3-4E99-9D9D-D6B71F2BB960}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{2875BB09-42C8-4F43-975B-C67E2B47BA44}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{9AB4669A-4C57-4C68-AB22-8F8FAFF2D229}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{BC291E46-21EE-43B7-A22B-2A251923A5ED}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"TCP Query User{BB4BA98D-D000-4C47-A04C-CF1CDD0EAAFD}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{C029527A-2E93-4E34-9DD2-6BBC707212C0}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
S2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe [2008-01-19 21504]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2006-11-28 27072]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [2007-12-05 20640]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{357d5b62-3908-11dd-a840-0019b9799e6b}]
\shell\AutoRun\command - G:\start.exe
\shell\iledefrance\command - G:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9208da-991a-11dc-bdf4-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9208e4-991a-11dc-bdf4-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9208ec-991a-11dc-bdf4-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9208f4-991a-11dc-bdf4-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9208fc-991a-11dc-bdf4-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d920904-991a-11dc-bdf4-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccd41edb-b456-11dc-b646-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e930a4f5-7a86-11dc-8212-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-ECenter - c:\dell\E-Center\EULALauncher.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\siana\AppData\Roaming\Mozilla\Firefox\Profiles\afh5ywne.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://sartrouville.gwalarn.org/index.php?lng=fr|http://sartrouville.gwalarn.org/plugins/coinbar/main.php?lng=fr|http://www.meric-graphisme.info/index.php?lng=fr|http://autourdeguppy.nuxit.net/accueil-fr.html|http://www.freeguppy.org/index.php?lng=fr|http://www.usvermelles.net/football/index.php?lng=fr|http://www.papinou.info/index.php?lng=fr&selskin=skin_papinou466a|http://www.monptitnet.net/index.php?lng=fr|http://hcheli.club.fr/index.php|http://guppy-skins.nuxit.net/|http://www.parisbreton.org/pbr/tinymsg.php?action=3|http://www.les-rosiers.info/|http://marco17.phpnet.org/index.php?lng=fr|http://www.guppytrucs.fr/|http://charli77.le77.info/index.php?lng=fr|http://www.keltiad.com/|http://www.papinou.info/index.php?lng=fr|http://phil-photosblog.net/|http://asso.freeguppy.org/index.php?lng=fr|http://stockastuces.org/index.php?lng=fr|http://fr.mg40.mail.yahoo.com/dc/launch?.rand=9078lvq5hprov|http://www.katrynou.fr/tinymsg.php?action=3|http://rvknobzh.lescigales.org/index.php?lng=fr
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 14:40:53
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\siana\AppData\Local\Apple Computer\SyncNotifier\SyncNotifier\Logs\110408_144137.log 0 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Common Files\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\windows\System32\conime.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2008-11-04 14:59:04 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-04 13:58:55

Avant-CF: 92 482 273 280 octets libres
Après-CF: 94,082,412,544 octets libres

340 --- E O F --- 2008-10-30 04:51:32

re bonjour FanDANGElDARK,

voici dans un premier temps le rapport reçu de Navilog :

Search Navipromo version 3.6.8 commencé le 04/11/2008 à 17:11:22,73

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "siana"

Mise à jour le 03.11.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\siana\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\siana\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users\siana\AppData\Roaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\siana\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\siana\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\siana\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\siana\AppData\Local\Microsoft" :


* Dans "C:\Users\siana\AppData\Local\virtualstore\windows\system32" :


* Dans "C:\Users\siana\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 04/11/2008 à 17:39:37,95 ***

bonsoir FanDANGELDARK,

pas de certificats "VIP".


Voici le rapport obtenu après le scan Toolbar S&D :



-----------\\ ToolBar S&D 1.2.4 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A15
USER : siana ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:136 Go (Free:88 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:6 Go)
E:\ (CD or DVD)
H:\ (USB) - FAT - Total:244 Mo (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [1] ( 04/11/2008|23:06 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\ProgramData\GamesBar
C:\ProgramData\GamesBar\about.gif
C:\ProgramData\GamesBar\action.gif
C:\ProgramData\GamesBar\arcade.gif
C:\ProgramData\GamesBar\Azada16x16.gif
C:\ProgramData\GamesBar\buy.gif
C:\ProgramData\GamesBar\cards.gif
C:\ProgramData\GamesBar\caribbean_hideaway16x16.gif
C:\ProgramData\GamesBar\cradle_of_persia16x16.gif
C:\ProgramData\GamesBar\cradle_rome16x16.gif
C:\ProgramData\GamesBar\deals.gif
C:\ProgramData\GamesBar\death_nile16x16.gif
C:\ProgramData\GamesBar\deep_quest16x16.gif
C:\ProgramData\GamesBar\download.gif
C:\ProgramData\GamesBar\dr_daisy_pet_vet16x16.gif
C:\ProgramData\GamesBar\family_restaurant16x16.gif
C:\ProgramData\GamesBar\farm_frenzy16x16.gif
C:\ProgramData\GamesBar\fashion_craze16x16.gif
C:\ProgramData\GamesBar\feedback.gif
C:\ProgramData\GamesBar\help.gif
C:\ProgramData\GamesBar\highlight.gif
C:\ProgramData\GamesBar\jigsaw.gif
C:\ProgramData\GamesBar\kids.gif
C:\ProgramData\GamesBar\mahjong.gif
C:\ProgramData\GamesBar\multiplayer.gif
C:\ProgramData\GamesBar\mygames.gif
C:\ProgramData\GamesBar\newGames.gif
C:\ProgramData\GamesBar\oberonconfig.xm_
C:\ProgramData\GamesBar\partner.gif
C:\ProgramData\GamesBar\pirate_poker16x16.gif
C:\ProgramData\GamesBar\pirate_stories_kit_ellis16x16.gif
C:\ProgramData\GamesBar\popup_off.gif
C:\ProgramData\GamesBar\popup_on.gif
C:\ProgramData\GamesBar\puzzle.gif
C:\ProgramData\GamesBar\search.gif
C:\ProgramData\GamesBar\seasonmatch16x16.gif
C:\ProgramData\GamesBar\sendafriend.gif
C:\ProgramData\GamesBar\solitaire_cruise16x16.gif
C:\ProgramData\GamesBar\sports.gif
C:\ProgramData\GamesBar\supercow16x16.gif
C:\ProgramData\GamesBar\trial.gif
C:\ProgramData\GamesBar\Turbo_Subs16x16.gif
C:\ProgramData\GamesBar\uninstall.gif
C:\ProgramData\GamesBar\update.gif
C:\ProgramData\GamesBar\webgame.gif
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\GamesBar
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-French.ini
C:\Program Files\GamesBar\OBGet.exe
C:\Program Files\GamesBar\uninst.exe
C:\Windows\iun6002.exe

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://google.mini20.com"
"Default_Search_URL"="http://www.google.com/ie"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"


--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA]




1 - "C:\ToolBar SD\TB_1.txt" - 04/11/2008|23:07 - Option : [1]

-----------\\ Fin du rapport a 23:07:39,07

Bonsoir FanDANGELDARK, merci pour ton aise constante

Je n'ai pas encore fait de rapport Hijackthis (du moins il me semble !). Dois-je télécharger cet outil et faire réaliser un rapport ou les rapports précédents sont-ils considérés comme tel ?

Cordialement.
rv

Re,

Fais l'étape avec MBAM pour le moment

Re,

Il ne marche pas ?

Ok

Re,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

• Double clique sur HJTInstall.exe pour lancer l'installation.
• Clique sur Install.
• Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
• Accepte la licence en cliquant sur Yes.
• Clique sur Do a system scan and save a logfile.
• Poste ici le rapport généré.

Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

Aide : Comment utiliser HijackThis.

Re,

Tu as beaucoup trop de Toolbar, je te conseille fortement d'en désinstaller (myBabylon, FreeCorder..).

McAfee n'est pas terrible. Le paies-tu ?
Si non, on peut en changer pour un gratuit plus performant et moins lourd.

Re,

Désinstalle via Ajout/Suppression de Programmes (si présents) :

• Freecorder Toolbar
• myBabylon Toolbar
• McAfee Toolbar

Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
- coche Afficher les fichiers et dossiers cachés
- decoche Masquer les extensions des fichiers dont le type est connu
- decoche Masquer les fichiers protégés du système d'exploitation (recommandé)
clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Puis supprime les dossiers correspondants (si existants) :

• Dans Programfiles
• Dans Programfiles\Fichiers communs
• Dans %userprofile%\application data

( XP -> C:\Documents and Settings\%username%\Application Data,
Vista -> C:\Users\ton nom\appdata\roaming) **** Fais ceci pour toutes les sessions ***

• Etc ... (Tu peux rechercher les dossiers à supprimer par une recherche Windows [Démarrer\rechercher])

Télécharge Ccleaner sur ton Bureau.

• Clique sur "download the latest version"
• Installe-le en laissant seulement les options suivantes cochées :

- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner

• Lance le Nettoyage
• Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

Aide : Comment utiliser CCleaner.

--------------

Télécharge AntiVir sur ton Bureau.

• Double clique sur l'exécutable téléchargé pour lancer l'installation.
• A la fin de l'installation, clique sur Finish.
• Ouvre Antivir, assure-toi qu’il soit bien à jour !
• Dans l'onglet Local Protection, choisis Scanner.
• Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
• Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
• Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

Pourquoi changer ? Avast vs Antivir.

Aide : Comment installer et utiliser AntiVir.

Bonjour FanDANGELDARK,

j'ai bien maintenant Antivir comme outil de protection par défaut par contre j'ai toujours le souci que je signalais dans mon premier message :

En effet, depuis le début de nos échanges j'utilise une autre machine.

Y-a-t-il d'autres étapes à suivre dans le processus que tu m'as expliquer jusqu'ici ou sommes-nous à son terme , Et dans ce cas quelle piste de recherche faut-il mettre en oeuvre.

Cordialement.
rv

Bonsoir FanDANGELDARK,

merci pour ton aide régulière.

Voici le rapport :

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ndisuio]
"Type"=dword:00000001
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"Tag"=dword:0000000d
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,6e,00,64,00,69,00,73,00,75,00,69,\
00,6f,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="NDIS mode utilisateur E/S Protocole"
"Group"="NDIS"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ndisuio\Linkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,30,00,37,\
00,36,00,42,00,43,00,32,00,43,00,39,00,2d,00,37,00,35,00,31,00,32,00,2d,00,\
34,00,43,00,38,00,39,00,2d,00,41,00,32,00,32,00,35,00,2d,00,35,00,38,00,31,\
00,39,00,45,00,44,00,45,00,36,00,35,00,38,00,37,00,44,00,7d,00,00,00,5c,00,\
44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,33,00,39,00,43,00,34,00,36,\
00,41,00,39,00,30,00,2d,00,43,00,32,00,33,00,36,00,2d,00,34,00,45,00,30,00,\
42,00,2d,00,39,00,38,00,45,00,34,00,2d,00,39,00,42,00,39,00,35,00,32,00,37,\
00,30,00,34,00,42,00,33,00,44,00,38,00,7d,00,00,00,00,00
"Route"=hex(7):22,00,7b,00,30,00,37,00,36,00,42,00,43,00,32,00,43,00,39,00,2d,\
00,37,00,35,00,31,00,32,00,2d,00,34,00,43,00,38,00,39,00,2d,00,41,00,32,00,\
32,00,35,00,2d,00,35,00,38,00,31,00,39,00,45,00,44,00,45,00,36,00,35,00,38,\
00,37,00,44,00,7d,00,22,00,00,00,22,00,7b,00,33,00,39,00,43,00,34,00,36,00,\
41,00,39,00,30,00,2d,00,43,00,32,00,33,00,36,00,2d,00,34,00,45,00,30,00,42,\
00,2d,00,39,00,38,00,45,00,34,00,2d,00,39,00,42,00,39,00,35,00,32,00,37,00,\
30,00,34,00,42,00,33,00,44,00,38,00,7d,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,64,00,69,\
00,73,00,75,00,69,00,6f,00,5f,00,7b,00,30,00,37,00,36,00,42,00,43,00,32,00,\
43,00,39,00,2d,00,37,00,35,00,31,00,32,00,2d,00,34,00,43,00,38,00,39,00,2d,\
00,41,00,32,00,32,00,35,00,2d,00,35,00,38,00,31,00,39,00,45,00,44,00,45,00,\
36,00,35,00,38,00,37,00,44,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,\
00,65,00,5c,00,4e,00,64,00,69,00,73,00,75,00,69,00,6f,00,5f,00,7b,00,33,00,\
39,00,43,00,34,00,36,00,41,00,39,00,30,00,2d,00,43,00,32,00,33,00,36,00,2d,\
00,34,00,45,00,30,00,42,00,2d,00,39,00,38,00,45,00,34,00,2d,00,39,00,42,00,\
39,00,35,00,32,00,37,00,30,00,34,00,42,00,33,00,44,00,38,00,7d,00,00,00,00,\
00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ndisuio\Enum]
"0"="Root\\LEGACY_NDISUIO\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Cordialement.
rv

Bonjour FanDANGELDARK,

malheureusement cette manipulation reste sans effets ????

merci pour ton aide

Bonsoir FanDANGELDARK et merci pour ta fidélité,

voici le rapport :

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ndisuio]
"Type"=dword:00000001
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"Tag"=dword:0000000d
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\
52,00,49,00,56,00,45,00,52,00,53,00,5c,00,6e,00,64,00,69,00,73,00,75,00,69,\
00,6f,00,2e,00,73,00,79,00,73,00,00,00
"DisplayName"="NDIS mode utilisateur E/S Protocole"
"Group"="NDIS"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ndisuio\Linkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,30,00,37,\
00,36,00,42,00,43,00,32,00,43,00,39,00,2d,00,37,00,35,00,31,00,32,00,2d,00,\
34,00,43,00,38,00,39,00,2d,00,41,00,32,00,32,00,35,00,2d,00,35,00,38,00,31,\
00,39,00,45,00,44,00,45,00,36,00,35,00,38,00,37,00,44,00,7d,00,00,00,5c,00,\
44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,33,00,39,00,43,00,34,00,36,\
00,41,00,39,00,30,00,2d,00,43,00,32,00,33,00,36,00,2d,00,34,00,45,00,30,00,\
42,00,2d,00,39,00,38,00,45,00,34,00,2d,00,39,00,42,00,39,00,35,00,32,00,37,\
00,30,00,34,00,42,00,33,00,44,00,38,00,7d,00,00,00,00,00
"Route"=hex(7):22,00,7b,00,30,00,37,00,36,00,42,00,43,00,32,00,43,00,39,00,2d,\
00,37,00,35,00,31,00,32,00,2d,00,34,00,43,00,38,00,39,00,2d,00,41,00,32,00,\
32,00,35,00,2d,00,35,00,38,00,31,00,39,00,45,00,44,00,45,00,36,00,35,00,38,\
00,37,00,44,00,7d,00,22,00,00,00,22,00,7b,00,33,00,39,00,43,00,34,00,36,00,\
41,00,39,00,30,00,2d,00,43,00,32,00,33,00,36,00,2d,00,34,00,45,00,30,00,42,\
00,2d,00,39,00,38,00,45,00,34,00,2d,00,39,00,42,00,39,00,35,00,32,00,37,00,\
30,00,34,00,42,00,33,00,44,00,38,00,7d,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,64,00,69,\
00,73,00,75,00,69,00,6f,00,5f,00,7b,00,30,00,37,00,36,00,42,00,43,00,32,00,\
43,00,39,00,2d,00,37,00,35,00,31,00,32,00,2d,00,34,00,43,00,38,00,39,00,2d,\
00,41,00,32,00,32,00,35,00,2d,00,35,00,38,00,31,00,39,00,45,00,44,00,45,00,\
36,00,35,00,38,00,37,00,44,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,\
00,65,00,5c,00,4e,00,64,00,69,00,73,00,75,00,69,00,6f,00,5f,00,7b,00,33,00,\
39,00,43,00,34,00,36,00,41,00,39,00,30,00,2d,00,43,00,32,00,33,00,36,00,2d,\
00,34,00,45,00,30,00,42,00,2d,00,39,00,38,00,45,00,34,00,2d,00,39,00,42,00,\
39,00,35,00,32,00,37,00,30,00,34,00,42,00,33,00,44,00,38,00,7d,00,00,00,00,\
00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Ndisuio\Enum]
"0"="Root\\LEGACY_NDISUIO\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

Re,

ci-après le rapport réalisé avec ComboFix :

ComboFix 08-11-12.01 - siana 2008-11-13 22:05:19.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1199 [GMT 1:00]
Lancé depuis: C:\Combo-Fix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-13 au 2008-11-13 ))))))))))))))))))))))))))))))))))))
.

2008-11-12 19:21 . 2008-11-12 19:14 127 --a------ C:\Correction.bat
2008-11-11 16:10 . 2008-11-11 16:10 <REP> d-------- c:\users\All Users\Avira
2008-11-11 16:10 . 2008-11-11 16:10 <REP> d-------- c:\program files\Avira
2008-11-11 16:10 . 2008-11-11 16:10 <REP> d-------- c:\progra~2\Avira
2008-11-11 15:57 . 2008-11-11 15:57 <REP> d-------- c:\program files\CCleaner
2008-11-08 13:31 . 2008-11-08 13:31 <REP> d-------- c:\program files\Trend Micro
2008-11-08 13:30 . 2008-11-08 13:27 812,344 --a------ C:\HJTInstall.exe
2008-11-07 17:34 . 2008-11-07 17:34 <REP> dr------- c:\windows\System32\config\systemprofile\Music
2008-11-06 21:57 . 2008-11-06 21:57 <REP> dr------- c:\windows\System32\config\systemprofile\Documents
2008-11-06 19:42 . 2008-11-06 19:42 <REP> d-------- c:\users\siana\AppData\Roaming\Malwarebytes
2008-11-06 19:42 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-06 19:41 . 2008-11-06 19:41 <REP> d-------- c:\users\All Users\Malwarebytes
2008-11-06 19:41 . 2008-11-06 19:42 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-06 19:41 . 2008-11-06 19:41 <REP> d-------- c:\progra~2\Malwarebytes
2008-11-06 19:41 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-04 18:57 . 2008-11-04 17:04 369,277 --a------ C:\ToolBarSD.exe
2008-11-04 18:33 . 2008-11-05 21:20 <REP> d-------- C:\ToolBar SD
2008-11-04 17:09 . 2008-11-07 07:32 <REP> d-------- c:\program files\Navilog1
2008-11-04 17:08 . 2008-11-04 17:03 572,063 --a------ C:\Navilog1.exe
2008-11-04 14:26 . 2008-11-13 21:49 3,045,115 -ra------ C:\Combo-Fix.exe
2008-11-04 10:05 . 2008-11-03 15:45 57,867 --a------ C:\ELIBAGLA.ØIAABØØH.EXE
2008-10-31 11:46 . 2008-10-31 11:46 <REP> d-------- c:\program files\Alwil Software
2008-10-31 11:46 . 2008-07-19 16:36 51,280 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-10-30 09:43 . 2008-10-30 09:43 <REP> d-------- c:\users\siana\AppData\Roaming\PeerNetworking
2008-10-30 08:10 . 2008-10-30 08:13 62,976 --a------ c:\windows\PegtopUI.exe
2008-10-30 07:27 . 2008-10-30 11:08 <REP> d-------- c:\users\All Users\eMule
2008-10-30 07:27 . 2008-10-30 11:08 <REP> d-------- c:\progra~2\eMule
2008-10-29 18:44 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 18:44 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 18:44 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-27 14:03 . 2008-10-27 14:03 <REP> d-------- c:\program files\Pegtop
2008-10-23 21:55 . 2008-10-23 21:55 <REP> d-------- c:\program files\BinaryMark
2008-10-21 17:31 . 2008-10-21 17:32 <REP> d-------- c:\program files\Common Files\Adobe
2008-10-21 17:19 . 2008-10-21 17:23 <REP> d-------- c:\users\All Users\NOS
2008-10-21 17:19 . 2008-10-21 17:19 <REP> d-------- c:\program files\NOS
2008-10-21 17:19 . 2008-10-21 17:23 <REP> d-------- c:\progra~2\NOS
2008-10-20 07:46 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-20 07:46 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-20 07:46 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-20 07:45 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-20 07:45 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-19 05:34 . 2008-10-29 05:55 <REP> d-------- c:\users\All Users\BVRP Software
2008-10-19 05:34 . 2008-10-29 05:55 <REP> d-------- c:\progra~2\BVRP Software
2008-10-16 17:37 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2008-10-16 17:37 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2008-10-16 17:37 . 2008-09-18 03:16 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-10-16 17:37 . 2008-09-03 04:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-10-16 17:37 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys
2008-10-16 17:37 . 2008-09-03 04:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-10-16 17:36 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2008-10-16 17:36 . 2008-10-02 04:49 827,392 --a------ c:\windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 20:19 --------- d-----w c:\users\siana\AppData\Roaming\OpenOffice.org2
2008-11-11 15:00 --------- d-----w c:\progra~2\Spybot - Search & Destroy
2008-11-01 08:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-01 08:05 --------- d-----w c:\users\siana\AppData\Roaming\Vso
2008-11-01 08:05 --------- d-----w c:\users\siana\AppData\Roaming\Notepad++
2008-11-01 08:05 --------- d-----w c:\users\siana\AppData\Roaming\Azureus
2008-11-01 08:05 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-01 08:05 --------- d-----w c:\program files\PhotoFiltre
2008-10-30 17:28 --------- d-----w c:\program files\Windows Mail
2008-10-30 17:28 --------- d-----w c:\program files\Songbeat
2008-10-30 08:04 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-30 08:03 --------- d-----w c:\program files\Norton Security Scan
2008-10-30 04:54 --------- d-----w c:\users\siana\AppData\Roaming\gtk-2.0
2008-10-29 14:15 --------- d-----w c:\users\siana\AppData\Roaming\FileZilla
2008-10-28 08:56 --------- d-----w c:\program files\McAfee
2008-10-12 22:39 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-11 08:48 --------- d-----w c:\program files\Lexmark 1200 Series
2008-10-05 08:22 --------- d-----w c:\program files\Common Files\France Telecom
2008-10-05 08:19 --------- d-----w c:\program files\SAGEM
2008-10-05 08:18 --------- d-----w c:\users\siana\AppData\Roaming\InstallShield
2008-10-04 20:23 --------- d-----w c:\program files\IncrediMail
2008-09-29 03:56 --------- d-----w c:\progra~2\RFA_Backups
2008-09-21 08:54 --------- d-----w c:\program files\iTunes
2008-09-21 08:54 --------- d-----w c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-21 08:53 --------- d-----w c:\program files\iPod
2008-09-21 08:53 --------- d-----w c:\progra~2\Apple Computer
2008-09-21 08:47 --------- d-----w c:\program files\Common Files\Apple
2008-09-21 08:36 --------- d-----w c:\program files\Bonjour
2008-09-20 11:37 --------- d-----w c:\progra~2\IM
2008-09-20 11:34 --------- d-----w c:\progra~2\IncrediMail
2008-09-15 10:09 --------- d-----w c:\program files\Free GIF2SWF Converter
2008-09-15 09:17 --------- d-----w c:\program files\EasyPicture2Icon
2008-09-14 16:55 --------- d-----w c:\program files\Java
2008-09-14 05:35 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-14 05:24 174 --sha-w c:\program files\desktop.ini
2008-09-14 05:07 --------- d-----w c:\program files\Windows Sidebar
2008-09-14 05:07 --------- d-----w c:\program files\Windows Photo Gallery
2008-09-14 05:07 --------- d-----w c:\program files\Windows Journal
2008-09-14 05:07 --------- d-----w c:\program files\Windows Defender
2008-09-14 05:07 --------- d-----w c:\program files\Windows Collaboration
2008-09-14 05:07 --------- d-----w c:\program files\Windows Calendar
2008-09-13 14:28 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-13 14:28 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-08-29 08:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-03-23 09:44 25,839,688 ----a-w c:\users\siana\wmp11-windowsxp-x86-FR-FR.exe
2007-08-01 07:35 0 ----a-w c:\users\siana\AppData\Roaming\wklnhst.dat
2007-12-04 18:56 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-04 18:56 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-04 18:56 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-11 171448]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-09-08 243072]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-18 815104]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" [2008-09-06 413696]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DelayShred"="c:\progra~1\mcafee\mshr\ShrCL.EXE" [2007-12-04 111904]

c:\users\siana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Assistant de traduction IdiomaX.lnk - c:\program files\IdiomaX\Translation Assistant 4.0\TrasWord.exe [2007-01-18 410160]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-06-21 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-06-21 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-11-03 15:47 78008 c:\progra~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2008-11-03 16:07 582992 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 10:43 2097488 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Windows Mail"=c:\program files\Windows Mail\WinMail.exe
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"="c:\windows\system32\msconfig.exe" /auto
"TkBellExe"="c:\program files\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1812897707-2736394745-370955149-1000]
"EnableNotificationsRef"=dword:00000009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4ADA0DCE-6E95-43C0-B91F-BEE081588F1D}"= TCP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{9399CAF2-9FCD-4D9F-B3B0-DB6F8E58D8FF}"= UDP:c:\program files\FrostWire\FrostWire.exe:LimeWire
"{482E6E63-B2D5-421E-B3DA-A89D2C99BC0D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4D23999E-6C67-4818-9BBF-ADB8B6B2B28D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{4E16E28F-9358-483E-9592-24194815C908}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{16E0A8FA-5F5A-48BA-B36A-095023810FA2}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{51D80935-F7E1-4659-9775-611F1A9932EA}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{79EC515E-9C58-48D9-A73E-946F6A2C355A}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{DB8852A4-46E7-4CC0-B8B3-40B1AFE85434}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{6BCA26E8-38B8-431C-A810-EAE381729C91}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{1C7ACAC6-2991-4E3B-8501-C9A0CB46BE5D}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{0DDF666F-52D4-44F0-BDAF-8217EDDBF00D}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{7CF7CDC5-8B41-47E0-A57C-4676DA79D446}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"TCP Query User{ACA49A4D-42F8-45E0-86C4-B312D3E4D820}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{F4A6772F-8A19-41BE-B086-1BF956B7C50D}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"{324E39F1-D8C0-490E-81E1-B903A437E6F3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{14CCAEFB-FE4C-4DAD-BB6C-8A2A99D0BB94}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C3B0F657-F049-4FD0-9CC1-A78106232417}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{CA70610C-35B5-4D1F-AD17-D77EAF02C125}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{5F94A40D-C760-415F-9F37-0D4828CE8354}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{67CBE0E1-9055-4822-A66E-D40F0B5F4C97}f:\\miniguppy\\zazouminiwebserver.exe"= UDP:f:\miniguppy\zazouminiwebserver.exe:ZazouMiniWebServer
"UDP Query User{7D8405A6-19DF-465D-AE38-753798E860A4}f:\\miniguppy\\zazouminiwebserver.exe"= TCP:f:\miniguppy\zazouminiwebserver.exe:ZazouMiniWebServer
"{BDA5B31A-D769-4199-87BF-68615BA4301A}"= Disabled:UDP:c:\users\siana\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:IncrediMail Installer
"{88E16A2A-C785-452E-BC50-B8CB38D98304}"= Disabled:TCP:c:\users\siana\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:IncrediMail Installer
"{426D70CC-6A22-46CB-97EC-51F2BA857009}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncrediMail_Install.exe:IncrediMail Installer
"{5DCBC8CA-D27B-4F73-9858-0B3848A66FD0}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncrediMail_Install.exe:IncrediMail Installer
"{EC4FE7F8-02C1-4D40-AE54-7BB64F4FCF20}"= Disabled:UDP:c:\users\siana\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:IncrediMail Installer
"{07BAC796-DBEA-4063-90F4-AB254EE482E3}"= Disabled:TCP:c:\users\siana\AppData\Local\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:IncrediMail Installer
"{EAD33909-61B4-4DEF-B244-FD366AF331D8}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{B43B8C72-DA7F-492C-93C8-D5240480531C}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{281D48CD-748C-46A4-BBD8-C7EF69BD9836}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{438B9FF0-988A-4A10-8659-C067E541A0DA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0B19CDB2-5FC4-4ECB-B3CF-CBC8514F3E7E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{08FBC23E-CEC7-41F0-9D01-49F09527F708}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C3CC6E57-D9EB-4AB4-87DE-AAAA27039265}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{12275A88-0375-4AAF-A4CB-69D55099464B}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{26B0725F-AB46-48D5-AE28-927A658B2504}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{2E399440-21E6-43C4-944D-01953B5D2AC2}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{021AC605-08B3-4E99-9D9D-D6B71F2BB960}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{2875BB09-42C8-4F43-975B-C67E2B47BA44}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{9AB4669A-4C57-4C68-AB22-8F8FAFF2D229}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{BC291E46-21EE-43B7-A22B-2A251923A5ED}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"TCP Query User{BB4BA98D-D000-4C47-A04C-CF1CDD0EAAFD}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{C029527A-2E93-4E34-9DD2-6BBC707212C0}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
S2 UxTuneUp;TuneUp Extension de thème;c:\windows\System32\svchost.exe [2008-01-19 21504]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2006-11-28 27072]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{357d5b62-3908-11dd-a840-0019b9799e6b}]
\shell\AutoRun\command - G:\start.exe
\shell\iledefrance\command - G:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9208da-991a-11dc-bdf4-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9208e4-991a-11dc-bdf4-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9208ec-991a-11dc-bdf4-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9208f4-991a-11dc-bdf4-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d9208fc-991a-11dc-bdf4-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d920904-991a-11dc-bdf4-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccd41edb-b456-11dc-b646-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e930a4f5-7a86-11dc-8212-0019b9799e6b}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\siana\AppData\Roaming\Mozilla\Firefox\Profiles\afh5ywne.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://sartrouville.gwalarn.org/index.php?lng=fr|http://sartrouville.gwalarn.org/plugins/coinbar/main.php?lng=fr|http://www.meric-graphisme.info/index.php?lng=fr|http://autourdeguppy.nuxit.net/accueil-fr.html|http://www.freeguppy.org/index.php?lng=fr|http://www.usvermelles.net/football/index.php?lng=fr|http://www.papinou.info/index.php?lng=fr&selskin=skin_papinou466a|http://www.monptitnet.net/index.php?lng=fr|http://hcheli.club.fr/index.php|http://guppy-skins.nuxit.net/|http://www.parisbreton.org/pbr/tinymsg.php?action=3|http://www.les-rosiers.info/|http://marco17.phpnet.org/index.php?lng=fr|http://www.guppytrucs.fr/|http://charli77.le77.info/index.php?lng=fr|http://www.keltiad.com/|http://www.papinou.info/index.php?lng=fr|http://phil-photosblog.net/|http://asso.freeguppy.org/index.php?lng=fr|http://stockastuces.org/index.php?lng=fr|http://fr.mg40.mail.yahoo.com/dc/launch?.rand=9078lvq5hprov|http://www.katrynou.fr/tinymsg.php?action=3|http://rvknobzh.lescigales.org/index.php?lng=fr
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 22:08:52
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-13 22:11:58
ComboFix-quarantined-files.txt 2008-11-13 21:11:50
ComboFix2.txt 2008-11-04 13:59:05

Avant-CF: 96,091,574,272 octets libres
Après-CF: 95,732,404,224 octets libres

275 --- E O F --- 2008-10-30 04:51:32

Bonjour FanDANGELDARK,

voici le résultat de la manip:

[SC] OpenServices echec(s) 5 :
Accès refusé.

Cordialement
rv

Bonjour FanDANGELDARK,

voici le rapport généré par FinfyKill.

Cordialement.
rv

----------------- FindyKill V4.700 ------------------

* User : siana - SIANA87
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 13/11/08 par Chiquitine29
* Recherche effectuée à 6:22:16 le 15/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\LEXPPS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\IncrediMail\bin\ImApp.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\Windows


»»»» Presence des fichiers dans C:\Windows\Prefetch


»»»» Presence des fichiers dans C:\Windows\system32


»»»» Presence des fichiers dans C:\Windows\system32\drivers


»»»» Presence des fichiers dans C:\Users\siana\AppData\Roaming


»»»» Presence des fichiers dans C:\Users\siana\AppData\Local\Temp


»»»» Presence des fichiers dans C:\Users\siana\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registre / Startup ] ----------------


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
QuickTime Task REG_SZ "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
ISUSScheduler REG_SZ "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
IgfxTray REG_SZ C:\Windows\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\Windows\system32\hkcmd.exe
dscactivate REG_SZ "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
DellSupportCenter REG_SZ "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
Persistence REG_SZ C:\Windows\system32\igfxpers.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
IncrediMail REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe /c
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
DellSupport REG_SZ "C:\Program Files\DellSupport\DSAgnt.exe" /startup


--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-1812897707-2736394745-370955149-1000\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA

--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

/!\ WinDefend - Type de démarrage = 4



--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe
H: - Lecteur amovible

+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------

Re bonjour FanDANGELDARK

voici le rapport.

Cordialement.
rv


----------------- FindyKill V4.700 ------------------

* User : siana - SIANA87
* executed from : C:\Program Files\FindyKill
* Update on 13/11/08 par Chiquitine29
* Start at 10:57:17 the 15/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\Windows


»»»» Supression files in C:\Windows\Prefetch


»»»» Supression files in C:\Windows\system32


»»»» Supression files in C:\Windows\system32\drivers


»»»» Supression files in C:\Users\siana\AppData\Roaming


»»»» Supression files in C:\Users\siana\AppData\Local\Temp


»»»» Supression files in C:\Users\siana\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Deleted ! - HKEY_USERS\S-1-5-21-1812897707-2736394745-370955149-1000\Software\Local AppWizard-Generated Applications\winfilse
Deleted ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winfilse

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- deleting files :


--------------- [ Registry / Moutpoint2 ] ----------------


-> Not found !


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Users\siana\AppData\Local\IM\Runtime\EmoticonCenter\cracker.gif
C:\Users\siana\AppData\Roaming\OpenOffice.org2\user\gallery\Tchaikovski - Nut Cracker.wav
C:\ProgramData\IncrediMail\Data\Sound\tchaikovsky_the_nutcracker.imw


---------------- ! End of report ! ------------------

Bonjour FanDANGELDARK et merci d'officier aussi le dimanche

OUI, ça y est j'ai la connexion Internet MERCI BEAUCOUP POUR TON AIDE HYPER PRÉCIEUSE; Sans toi je ne m'en serais jamais sorti.


Je t'ai posté ci-après le rapport HijackThis.

Très cordialement.

et bon dimanche.

rv

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:04, on 16/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\IncrediMail\bin\ImApp.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\siana\appdata\local\temp\MFPL7014.SH! c:\users\siana\appdata\local\temp\HSPERF~1.SH! c:\users\siana\appdata\local\temp\KIT752F.tmp\INSTAL~1\Core\Skin\Default\main.SH! c:\users\siana\appdata\local\temp\KIT752F.tmp\INSTAL~1\Core\Skin\Default.SH! c:\users\siana\appdata\local\temp\KIT752F.tmp\INSTAL~1\Core\Skin.SH! c:\users\siana\appdata\local\temp\KIT752F.tmp\INSTAL~1\Core.SH! c:\users\siana\appdata\local\temp\KIT752F.tmp\INSTAL~1.SH! c:\users\siana\appdata\local\temp\KIT752F.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\siana\appdata\local\temp\MFPL7014.SH! c:\users\siana\appdata\local\temp\HSPERF~1.SH! c:\users\siana\appdata\local\temp\KIT752F.tmp\INSTAL~1\Core\Skin\Default\main.SH! c:\users\siana\appdata\local\temp\KIT752F.tmp\INSTAL~1\Core\Skin\Default.SH! c:\users\siana\appdata\local\temp\KIT752F.tmp\INSTAL~1\Core\Skin.SH! c:\users\siana\appdata\local\temp\KIT752F.tmp\INSTAL~1\Core.SH! c:\users\siana\appdata\local\temp\KIT752F.tmp\INSTAL~1.SH! c:\users\siana\appdata\local\temp\KIT752F.SH! (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Assistant de traduction IdiomaX.lnk = C:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - http://jeuxmultijoueurs.orange.fr/ [...] meHost.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10164 bytes

Bonjour FanDANGELDARK,

avant de lancer HijackThis, tu me demandes de désinstaller McAffe c'est cela ???

Cordialement.
rv

Bonjour FanDANGELDARK,

désolé de ne reprendre contact qu'aujourd'hui mais j'avais une semaine très chargée.

Merci encore pour ton aide.

J'ai désinstaller McAfee et suivi tes conseils avec HijackThis dont voici le nouveau rapport.

Cordialement.
rv

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:51:47, on 22/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Assistant de traduction IdiomaX.lnk = C:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - http://jeuxmultijoueurs.orange.fr/ [...] meHost.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan\McShield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7844 bytes

Bonsoir FanDANGELDARK,

désolé mais en ce moment j'ai des journées de 25 heures.

J'ai passéle désinstalleur de McAfee et je te poste le nouveau rapport HijackThis.

Merci encore pour ton aide et ta perspicacité.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:26, on 03/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Assistant de traduction IdiomaX.lnk = C:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - http://jeuxmultijoueurs.orange.fr/ [...] meHost.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7574 bytes

bonsoir FanDANGELDARK,

pas eu le temps de mettre tes recommandations en application car j'ai eu une semaine très chargée.

Je vais être hospitalisé pour une intervention qui va consister à retirer une hernie discale donc pas de pc pendant une bonne semaine.

J'essaierai de m'y mettre à mon retour.

Amicalement.
rv