Se connecter / S'enregistrer
Votre question

probleme avec virtumonde.dll sous vista

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
Anonyme
8 Juillet 2008 23:33:05

bonsoir a tous, j'ai lu les differents posts sur le forum a propos de virtumonde.dll et la façon de l'héradiquer, mais je suis sous vista et je voudrais savoir si la procédure est la même. Je poste un rapport Hijackthis en espérant susciter une bonne âme pour m'aider. Mon PC est tres ralenti les pages internet on du mal a s'ouvrir, merci de m'aider.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:46, on 08/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\tracert.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {795AF9C6-09E5-40AF-B4F0-082F9E0A46C3} - C:\Windows\system32\byXQHASJ.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {818798A0-FA63-47EB-9D62-4691C5C0B1E1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D554A583-D4CF-4A6F-B07A-CB25F60FA743} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BMbbf3b551] Rundll32.exe "C:\Windows\system32\xwqfixsm.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8377] command /c del "C:\Windows\System32\byXQHASJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1933] cmd /c del "C:\Windows\System32\byXQHASJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7124] command /c del "C:\Windows\System32\byXQHASJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2432] cmd /c del "C:\Windows\System32\byXQHASJ.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON Stylus DX9400F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\Users\bruno\AppData\Local\Temp\E_S953E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe wincji32.rom,RkzRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
O16 - DPF: CANALPLAY Installer - http://www.canalplay.com/cabs/CanalInstaller.CAB
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpld...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://epson.synovate.com/epson-france/setup.ocx
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/Fnacm...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10_fr.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/b...
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13758 bytes

Autres pages sur : probleme virtumonde dll vista

8 Juillet 2008 23:57:55

Bonsoir,

Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    Anonyme
    9 Juillet 2008 10:28:21

    merci de m'aider, j'ai désactiver mon antivirus (Avast), pour l'antispyware, je suis moins sur, car il n'apparait plus dans la barre des taches en résident. Je te joint le rapport combofix en souhaitant que tu puisse m'aider, merci encore.

    ComboFix 08-07-07.3 - bruno 2008-07-09 10:07:31.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2285 [GMT 2:00]
    Endroit: C:\Users\bruno\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\bruno\AppData\Roaming\inst.exe
    C:\Windows\Downloaded Program Files\setup.inf
    C:\Windows\system32\drivers\downld
    C:\Windows\system32\irhndhxr.dll
    C:\Windows\system32\JSAHQXyb.ini
    C:\Windows\System32\JSAHQXyb.ini2
    C:\Windows\System32\nXGMlkkj.ini
    C:\Windows\System32\nXGMlkkj.ini2
    C:\Windows\system32\xwqfixsm.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-08 23:23 . 2008-07-08 23:23 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-08 22:33 . 2008-07-08 22:48 153 --a------ C:\Windows\wininit.ini
    2008-07-08 12:04 . 2006-03-17 11:45 1,757,184 --a------ C:\Windows\System32\imagX7.dll
    2008-07-08 12:04 . 2006-03-17 11:45 802,816 --a------ C:\Windows\System32\imagXRA7.dll
    2008-07-08 12:04 . 2006-03-17 11:45 497,296 --a------ C:\Windows\System32\imagXpr7.dll
    2008-07-08 12:04 . 2006-03-17 14:49 368,640 --a------ C:\Windows\System32\TwnLib4.dll
    2008-07-08 12:04 . 2006-03-17 11:45 258,048 --a------ C:\Windows\System32\imagXR7.dll
    2008-07-07 21:22 . 2008-07-07 21:22 <REP> d-------- C:\Windows\LastGood.Tmp
    2008-07-03 17:28 . 2008-07-07 21:33 54,156 --ah----- C:\Windows\QTFont.qfn
    2008-07-03 17:28 . 2008-07-03 17:28 1,409 --a------ C:\Windows\QTFont.for
    2008-07-03 14:51 . 2008-07-03 14:51 <REP> d-------- C:\VundoFix Backups
    2008-07-02 18:06 . 2008-07-02 18:06 <REP> d-------- C:\Program Files\Eidos Interactive
    2008-07-01 11:23 . 2008-07-01 11:23 <REP> d-------- C:\Program Files\MagicISO
    2008-06-27 11:09 . 2008-06-28 09:05 <REP> d-------- C:\Program Files\GUILD WARS
    2008-06-24 00:57 . 2008-06-24 00:57 0 --a------ C:\Windows\tosOBEX.INI
    2008-06-23 22:32 . 2008-07-05 13:39 99 --a------ C:\Windows\WirelessFTP.INI
    2008-06-23 19:32 . 2008-06-23 19:32 <REP> d-------- C:\Users\bruno\AppData\Roaming\DivX
    2008-06-23 19:32 . 2008-06-28 13:39 69 --a------ C:\Windows\NeroDigital.ini
    2008-06-23 15:14 . 2008-06-23 15:14 <REP> d-------- C:\Program Files\pspvideo9
    2008-06-23 15:10 . 2008-06-23 15:10 <REP> d-------- C:\Program Files\DVD Decrypter
    2008-06-22 22:54 . 2008-06-26 22:19 <REP> d-------- C:\divx
    2008-06-22 22:52 . 2008-06-22 22:52 <REP> d-------- C:\Program Files\DivX
    2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\Users\All Users\Recisio
    2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\ProgramData\Recisio
    2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\Program Files\KaraFun
    2008-06-21 23:59 . 2008-06-21 23:59 <REP> d-------- C:\Program Files\Common Files\Autodata Limited Shared
    2008-06-20 12:51 . 2006-06-21 18:38 2,507,776 --a------ C:\Windows\MediaDico38Dll.dll
    2008-06-20 12:51 . 2006-05-08 16:02 208,992 --a------ C:\Windows\RACHook38.dll
    2008-06-20 12:51 . 2006-05-24 15:59 199,680 --a------ C:\Windows\MediaR38.dll
    2008-06-20 12:51 . 2008-06-20 12:54 1,976 --a------ C:\Windows\MediaR38.ini
    2008-06-20 07:33 . 2008-06-23 07:59 <REP> d-------- C:\Program Files\Cheatbook Database 2008
    2008-06-17 10:30 . 2008-06-17 10:30 <REP> d-------- C:\Users\bruno\TaoUSign
    2008-06-15 08:28 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
    2008-06-15 08:27 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
    2008-06-15 08:27 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
    2008-06-15 08:27 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
    2008-06-13 21:08 . 2008-06-27 11:09 <REP> d-------- C:\Users\All Users\Media Center Programs
    2008-06-13 21:08 . 2008-06-27 11:09 <REP> d-------- C:\ProgramData\Media Center Programs
    2008-06-13 21:08 . 2008-06-13 21:08 <REP> d-------- C:\Program Files\Common Files\BioWare
    2008-06-13 20:54 . 2008-06-13 21:28 <REP> d-------- C:\Program Files\Mass Effect
    2008-06-12 09:46 . 2008-06-12 09:46 <REP> d-------- C:\Program Files\Happyneuron
    2008-06-11 16:39 . 2008-06-11 16:39 <REP> d-------- C:\Program Files\Real
    2008-06-11 16:39 . 2008-06-11 16:39 <REP> d-------- C:\Program Files\Common Files\xing shared
    2008-06-11 16:39 . 2008-06-11 16:39 <REP> d-------- C:\Program Files\Common Files\Real
    2008-06-11 10:59 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-06-11 10:59 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
    2008-06-11 10:59 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
    2008-06-11 10:59 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
    2008-06-09 10:04 . 2008-06-09 10:04 0 --a------ C:\Windows\nsreg.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-09 08:12 17,204 ----a-w C:\Windows\system32\drivers\stwrte.log
    2008-07-08 23:42 --------- d-----w C:\Users\bruno\AppData\Roaming\Azureus
    2008-07-08 11:05 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-07-08 10:30 --------- d-----w C:\Users\bruno\AppData\Roaming\Ahead
    2008-07-08 10:04 --------- d-----w C:\Program Files\Nero
    2008-07-08 10:04 --------- d-----w C:\Program Files\Common Files\Nero
    2008-07-08 09:52 --------- d-----w C:\ProgramData\Nero
    2008-07-02 08:31 --------- d-----w C:\Program Files\Azureus
    2008-06-30 08:57 --------- d-----w C:\Program Files\Pvm
    2008-06-25 13:10 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-06-23 13:14 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-06-22 21:52 --------- d-----w C:\Program Files\Common Files\LightScribe
    2008-06-22 21:40 --------- d-----w C:\Program Files\Bit Che
    2008-06-21 17:50 --------- d-----w C:\Program Files\Dofus
    2008-06-20 10:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-20 10:51 --------- d-----w C:\Program Files\Micro Application
    2008-06-14 10:15 --------- d-----w C:\ProgramData\eMule
    2008-06-11 10:47 --------- d-----w C:\Program Files\Common Files\BinarySense
    2008-06-11 10:46 --------- d---a-w C:\ProgramData\TEMP
    2008-06-11 10:46 --------- d-----w C:\Program Files\Windows Mail
    2008-05-28 14:11 --------- d-----w C:\Users\bruno\AppData\Roaming\BinarySense
    2008-05-22 20:55 --------- d-----w C:\ProgramData\GamesBar
    2008-05-22 20:55 --------- d-----w C:\Program Files\GamesBar
    2008-05-22 20:55 --------- d-----w C:\Program Files\Gamenext
    2008-05-22 16:26 --------- d-----w C:\Program Files\Common Files\Oberon Media
    2008-05-20 22:04 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-05-16 22:02 --------- d-----w C:\Program Files\EPSON
    2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-05-15 08:22 --------- d-----w C:\ProgramData\Microsoft Help
    2008-05-09 08:02 --------- d-----w C:\ProgramData\FLEXnet
    2008-04-02 16:15 47,360 ----a-w C:\Users\bruno\AppData\Roaming\pcouffin.sys
    2008-03-19 17:11 174 --sha-w C:\Program Files\desktop.ini
    2008-02-26 23:29 2,954 ----a-w C:\Users\bruno\AppData\Roaming\SAS7_000.DAT
    2007-12-15 09:38 22,328 ----a-w C:\Users\bruno\AppData\Roaming\PnkBstrK.sys
    2008-03-26 12:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-26 12:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-26 12:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-11 16:39 185896]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 13:11 4489216 C:\Windows\RtHDVCpl.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    C:\Users\bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 21:38:14 2756608]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.i420"= i420vfw.dll
    "msacm.l3acm"= l3codecp.acm

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PacketiX VPN Client ????????.lnk]
    backup=C:\Windows\pss\PacketiX VPN Client ????????.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
    backup=C:\Windows\pss\PDFCreator.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^bruno^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Users\bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
    backupExtension=.Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanalPlayerHelper
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPN Client UI Helper

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
    --a------ 2007-03-19 09:20 259624 C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2007-09-21 08:34 220160 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    --a------ 2007-05-17 14:45 279912 C:\Program Files\Microsoft LifeCam\LifeExp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO38]
    --a------ 2006-05-08 14:43 252416 C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
    --a------ 2007-04-27 20:22 312848 C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
    --a------ 2005-10-30 02:56 606208 C:\Program Files\pspvideo9\pspVideo9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    --a------ 2006-10-25 09:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-06-11 16:39 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
    --a------ 2007-02-09 15:54 16896 C:\Program Files\GoogleEULA\EULALauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
    --a------ 2007-04-10 14:46 709992 C:\Windows\vVX3000.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1206471103-55471458-3596929434-1000]
    "EnableNotificationsRef"=dword:00000002

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{C2C3AC0E-FDC0-4CD2-879A-AC2BADB8F0C4}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "UDP Query User{1F337562-1731-4E0C-8B97-623D746E2960}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "{4E4374AC-8315-4AF3-9907-908CFCF09537}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{3A1B9E8D-8768-40AA-A670-6ADAFAEEEED2}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
    "{C5B5E5FA-CDFE-4B06-9AF5-931E9A5C7837}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
    "{F04A2E32-91A3-42AE-8A8C-CB00FCFBD9E7}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
    "{30FC7D39-1166-415D-A879-F22995AB0EF4}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
    "TCP Query User{323C0E31-67FB-4423-A6B3-5516E2BE80D1}C:\\windows\\temp\\navbrowser.exe"= UDP:C:\windows\temp\navbrowser.exe:navbrowser.exe
    "UDP Query User{12B96D57-117D-482B-A106-4B2788E68353}C:\\windows\\temp\\navbrowser.exe"= TCP:C:\windows\temp\navbrowser.exe:navbrowser.exe
    "TCP Query User{92B1AB1B-EB5E-442E-A11B-932CA4D49183}C:\\users\\bruno\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bruno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
    "UDP Query User{2C3F3168-6DE4-48A2-8224-BD79406AFF36}C:\\users\\bruno\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bruno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
    "{EE414A65-1CEB-422E-9142-F67F69E6188F}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
    "{11791F3F-2081-47D7-9783-9752CE9FCAE7}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
    "{DAB94320-B934-4917-85E8-2CFA6FE1D626}"= UDP:C:\Program Files\eMule\emule.exe:eMule
    "{5AD9059C-0DAA-4F92-9740-8BA9FEE33879}"= TCP:C:\Program Files\eMule\emule.exe:eMule
    "{85E48CBD-06BC-49C1-928F-B8D467317EA2}"= UDP:43088:Emule TCP
    "{74D9D9DB-63A6-40F1-A034-5029F26D3D4F}"= UDP:36631:Emule UDP
    "TCP Query User{8B3CE20C-9BA6-4F89-BD5F-AE9512B2AA09}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{B0C14533-58E6-453B-93EB-E96677B9354F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{E762558F-E9E2-4CE4-BA0A-DDD15BDC05FF}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{7F035CAD-9CCD-4007-9209-B6BF43DB5C75}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "{A3906C17-E10C-47FF-8BA7-3617DF30C400}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{0C4AEE0D-45F9-40DE-91C5-86A1643726D5}"= UDP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{EF5337DA-9CE5-4562-A03D-608D16B8A4D5}"= TCP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{C925970A-B478-4DF3-86EF-9020DB4A8A7F}"= UDP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{BA84B418-54CA-44D4-A99D-2AC7D08AD8DD}"= TCP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{E3354868-7443-48B4-B9D8-71B14D3B20E2}"= UDP:990:LocalSubnet:LocalSubnet|IF={6DD97007-C586-4AE3-A652-A902BE57C65D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
    "TCP Query User{853C5CB4-A862-41D7-8B9D-338923C01BF9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{096A212C-7072-47F1-B77E-D6DF9C6ED959}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{A40DFF96-C42B-4186-810C-DD9F4C1DCB78}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
    "{090E5C6A-62B9-469C-BC4C-140F7EB02C91}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
    "{C69A9603-C74B-4ED6-A289-AD5A70B1494F}"= UDP:C:\Program Files\PacketiX VPN Client\vpnclient.exe:p acketiX VPN Client 2.0
    "{D5A7713C-B9A7-43D8-8548-06E6CE724753}"= TCP:C:\Program Files\PacketiX VPN Client\vpnclient.exe:p acketiX VPN Client 2.0
    "{4F64EB8B-7BBF-4980-A6D4-15BE94FD4A54}"= UDP:C:\Program Files\PacketiX VPN Client\vpncmgr.exe:p acketiX VPN Client Connection Manager 2.0
    "{41DFE712-FAFE-4E59-A125-180996A0AFAF}"= TCP:C:\Program Files\PacketiX VPN Client\vpncmgr.exe:p acketiX VPN Client Connection Manager 2.0
    "{B77408A1-D220-48D2-AE71-0AB7785BC708}"= UDP:C:\Program Files\PacketiX VPN Client\vpncmd.exe:p acketiX VPN Command-Line Admin Tool 2.0
    "{CE05D155-27C6-4E44-9221-0CFFEFA7002A}"= TCP:C:\Program Files\PacketiX VPN Client\vpncmd.exe:p acketiX VPN Command-Line Admin Tool 2.0
    "{1D462E2D-E27E-4D38-B270-1BE7A729B472}"= UDP:C:\Program Files\PacketiX VPN Client\vpnclient.exe:p acketiX VPN Client 2.0
    "{9292460C-7F0B-4979-9371-5A2A24929049}"= TCP:C:\Program Files\PacketiX VPN Client\vpnclient.exe:p acketiX VPN Client 2.0
    "{CF0E575F-AECD-4F88-8881-854AB18D7EB3}"= UDP:C:\Program Files\PacketiX VPN Client\vpncmgr.exe:p acketiX VPN Client Connection Manager 2.0
    "{E2FA8E18-7C52-498F-944E-07BF0B01678E}"= TCP:C:\Program Files\PacketiX VPN Client\vpncmgr.exe:p acketiX VPN Client Connection Manager 2.0
    "{ECA26690-E4C7-4161-B6B1-3E6870670AF1}"= UDP:C:\Program Files\PacketiX VPN Client\vpncmd.exe:p acketiX VPN Command-Line Admin Tool 2.0
    "{8FA445E6-6E21-4416-8667-3EE206899F08}"= TCP:C:\Program Files\PacketiX VPN Client\vpncmd.exe:p acketiX VPN Command-Line Admin Tool 2.0
    "{87A11D79-6AE3-4D47-BADE-8BBFF3BFA838}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{8DE39791-46C5-44E6-8B33-6B5D48A77BF5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{EEDF5954-8D56-4F05-ADC2-B4032FA7C27C}"= UDP:990:LocalSubnet:LocalSubnet|IF={6DD97007-C586-4AE3-A652-A902BE57C65D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
    "{3D76E9E1-2CE5-4E59-B43F-1719BC0F423A}"= UDP:990:LocalSubnet:LocalSubnet|IF={6DD97007-C586-4AE3-A652-A902BE57C65D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
    "{CE6ADCFC-924D-4883-A326-9F52043100CE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{CB05F04C-50B7-4FF2-9014-F0EC8B4A46C9}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{E2E347E9-C34F-4091-A2B6-4B11B9C375AE}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "{B0AEECDB-6AAD-4B6C-AC45-C3721DD0CC57}"= UDP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
    "{ECFFA305-82D8-4CFB-8248-AA9C69C95213}"= TCP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
    "{A915D24B-3D55-4FBD-B619-2ABBED0742D5}"= UDP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
    "{A9EDF80C-27BE-437B-8344-30BD508571A4}"= TCP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher

    R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2007-05-11 17:06]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
    R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 14:45]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
    R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 09:33]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-13 22:07]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 10:43]
    R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 10:31]
    S3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 18:43]
    S3 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-02-23 18:57]
    S3 Neo_vpn;VPN Client Device Driver - vpn;C:\Windows\system32\DRIVERS\Neo_0124.sys [2008-01-04 09:03]
    S3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2007-07-16 17:15]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2007-12-23 02:35]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07f17f68-766d-11dc-aa19-001d920da28b}]
    \shell\AutoRun\command - F:\Eautorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6f1a56-b9dc-11dc-915e-001060d0928e}]
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ec9b728-7cbb-11dc-8997-001d920da28b}]
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c923b5da-f234-11dc-bdb7-001060d0928e}]
    \shell\AutoRun\command - N:\setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-07-04 15:17:01 C:\Windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    "2008-07-09 08:05:38 C:\Windows\Tasks\User_Feed_Synchronization-{C5F77192-7FA0-4F87-901F-3555954CE41E}.job"
    - C:\Windows\system32\msfeedssync.exe
    "2008-07-08 22:47:03 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    Contenus similaires
    9 Juillet 2008 11:56:29

    Re,

    Tu veux garder Boonty ? Si oui ne fais pas le script suivant et dis-le moi.

    Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
    Ne tiens pas compte de l'avertissement
    En bas à gauche , clique sur Outils
    Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
    Et décoche l'option Resident "TeaTimer" (Tu pourras la recocher lorsque nous aurons terminé)

    *******

    Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

  • Connecte tous les périphériques externes. ( DD , USB , ..... )
  • Double clique sur Flash Disinfector et laisse toi guider.

    ********

    Sélectionne l'intégralité du cadre ci-dessous :

    Suspect::
    C:\Windows\MediaDico38Dll.dll
    C:\Windows\RACHook38.dll
    C:\Windows\MediaR38.dll
    C:\Windows\MediaR38.ini
    C:\Windows\tosOBEX.INI
    C:\Windows\WirelessFTP.INI

    Driver::
    Boonty Games

    Folder::
    C:\VundoFix Backups
    C:\Program Files\Common Files\BOONTY Shared
    C:\Program Files\BOONTY
    C:\Program Files\BOONTYGames
    C:\Program Files\GamesBar
    C:\ProgramData\GamesBar
    C:\Program Files\Gamenext

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSScheduler"=-
    "TkBellExe"=-
    "RtHDVCpl"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07f17f68-766d-11dc-aa19-001d920da28b}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6f1a56-b9dc-11dc-915e-001060d0928e}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ec9b728-7cbb-11dc-8997-001d920da28b}]


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • ComboFix créera ces fichiers sur ton Bureau :
    - Un fichier zippé nommé Submit [Date Time].zip
    - Un second fichier nommé - CF-Submit.htm
  • ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
  • Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
  • Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
  • Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
    - Clique sur le bouton "Browse"("Parcourir") et navigue vers le fichier
    Submit [Date Time].zip qui est sur ton Bureau.
    - Clique sur le fichier afin de le sélectionner.
  • Soumets le fichier en cliquant "OK"
  • Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    **********

    - Poste de travail/outils/option des dossiers/affichage/cocher afficher les fichiers et dossiers cachés/Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d%u2019exploitation./Appliquer - - > OK
    - Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu/Appliquer - - > OK

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Fais analyser ce(s) fichier(s) sur ce site >> Virustotal <<

  • Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\Windows\tosOBEX.INI
  • Clique maintenant sur Envoyer le fichier.
  • Poste le rapport (De Fichier *** reçu le *** jusqu'à SHA1 : ***)
  • Fais la même chose avec ces fichiers : C:\Windows\WirelessFTP.INI, C:\Windows\MediaR38.dll
    Anonyme
    9 Juillet 2008 22:57:02

    je t'envoi comme convenu le rapport combofix apres avoir effectué toutes les manips. Merci de m'aider. Le test sur virustotal est en cours je te tiens au courant quand se sera terminé. Encore merci pour tout.

    ComboFix 08-07-07.3 - bruno 2008-07-09 22:47:56.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2186 [GMT 2:00]
    Endroit: C:\Users\bruno\Desktop\ComboFix.exe
    Command switches used :: C:\Users\bruno\Desktop\CFScript.txt
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Program Files\BOONTYGames
    C:\Program Files\BOONTYGames\Components\bureau.url
    C:\Program Files\BOONTYGames\Components\Joystick.ico
    C:\Program Files\BOONTYGames\Components\start.url
    C:\Program Files\Common Files\BOONTY Shared
    C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    C:\Program Files\Gamenext
    C:\Program Files\GamesBar
    C:\ProgramData\GamesBar
    C:\Users\bruno\AppData\Roaming\inst.exe
    C:\VundoFix Backups
    C:\Windows\Downloaded Program Files\setup.inf
    C:\Windows\system32\drivers\downld
    C:\Windows\system32\irhndhxr.dll
    C:\Windows\system32\JSAHQXyb.ini
    C:\Windows\System32\JSAHQXyb.ini2
    C:\Windows\System32\nXGMlkkj.ini
    C:\Windows\System32\nXGMlkkj.ini2
    C:\Windows\system32\xwqfixsm.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_Boonty Games


    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-08 23:23 . 2008-07-08 23:23 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-08 22:33 . 2008-07-08 22:48 153 --a------ C:\Windows\wininit.ini
    2008-07-08 12:04 . 2006-03-17 11:45 1,757,184 --a------ C:\Windows\System32\imagX7.dll
    2008-07-08 12:04 . 2006-03-17 11:45 802,816 --a------ C:\Windows\System32\imagXRA7.dll
    2008-07-08 12:04 . 2006-03-17 11:45 497,296 --a------ C:\Windows\System32\imagXpr7.dll
    2008-07-08 12:04 . 2006-03-17 14:49 368,640 --a------ C:\Windows\System32\TwnLib4.dll
    2008-07-08 12:04 . 2006-03-17 11:45 258,048 --a------ C:\Windows\System32\imagXR7.dll
    2008-07-03 17:28 . 2008-07-07 21:33 54,156 --ah----- C:\Windows\QTFont.qfn
    2008-07-03 17:28 . 2008-07-03 17:28 1,409 --a------ C:\Windows\QTFont.for
    2008-07-02 18:06 . 2008-07-02 18:06 <REP> d-------- C:\Program Files\Eidos Interactive
    2008-07-01 11:23 . 2008-07-01 11:23 <REP> d-------- C:\Program Files\MagicISO
    2008-06-27 11:09 . 2008-06-28 09:05 <REP> d-------- C:\Program Files\GUILD WARS
    2008-06-24 00:57 . 2008-06-24 00:57 0 --a------ C:\Windows\tosOBEX.INI
    2008-06-23 22:32 . 2008-07-05 13:39 99 --a------ C:\Windows\WirelessFTP.INI
    2008-06-23 19:32 . 2008-06-23 19:32 <REP> d-------- C:\Users\bruno\AppData\Roaming\DivX
    2008-06-23 19:32 . 2008-06-28 13:39 69 --a------ C:\Windows\NeroDigital.ini
    2008-06-23 15:14 . 2008-06-23 15:14 <REP> d-------- C:\Program Files\pspvideo9
    2008-06-23 15:10 . 2008-06-23 15:10 <REP> d-------- C:\Program Files\DVD Decrypter
    2008-06-22 22:54 . 2008-06-26 22:19 <REP> d-------- C:\divx
    2008-06-22 22:52 . 2008-06-22 22:52 <REP> d-------- C:\Program Files\DivX
    2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\Users\All Users\Recisio
    2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\ProgramData\Recisio
    2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\Program Files\KaraFun
    2008-06-21 23:59 . 2008-06-21 23:59 <REP> d-------- C:\Program Files\Common Files\Autodata Limited Shared
    2008-06-20 12:51 . 2006-06-21 18:38 2,507,776 --a------ C:\Windows\MediaDico38Dll.dll
    2008-06-20 12:51 . 2006-05-08 16:02 208,992 --a------ C:\Windows\RACHook38.dll
    2008-06-20 12:51 . 2006-05-24 15:59 199,680 --a------ C:\Windows\MediaR38.dll
    2008-06-20 12:51 . 2008-06-20 12:54 1,976 --a------ C:\Windows\MediaR38.ini
    2008-06-20 07:33 . 2008-06-23 07:59 <REP> d-------- C:\Program Files\Cheatbook Database 2008
    2008-06-17 10:30 . 2008-06-17 10:30 <REP> d-------- C:\Users\bruno\TaoUSign
    2008-06-15 08:28 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
    2008-06-15 08:27 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
    2008-06-15 08:27 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
    2008-06-15 08:27 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
    2008-06-13 21:08 . 2008-06-27 11:09 <REP> d-------- C:\Users\All Users\Media Center Programs
    2008-06-13 21:08 . 2008-06-27 11:09 <REP> d-------- C:\ProgramData\Media Center Programs
    2008-06-13 21:08 . 2008-06-13 21:08 <REP> d-------- C:\Program Files\Common Files\BioWare
    2008-06-13 20:54 . 2008-06-13 21:28 <REP> d-------- C:\Program Files\Mass Effect
    2008-06-12 09:46 . 2008-06-12 09:46 <REP> d-------- C:\Program Files\Happyneuron
    2008-06-11 16:39 . 2008-06-11 16:39 <REP> d-------- C:\Program Files\Real
    2008-06-11 16:39 . 2008-06-11 16:39 <REP> d-------- C:\Program Files\Common Files\xing shared
    2008-06-11 16:39 . 2008-06-11 16:39 <REP> d-------- C:\Program Files\Common Files\Real
    2008-06-11 10:59 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-06-11 10:59 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
    2008-06-11 10:59 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
    2008-06-11 10:59 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
    2008-06-09 10:04 . 2008-06-09 10:04 0 --a------ C:\Windows\nsreg.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-09 20:33 17,952 ----a-w C:\Windows\system32\drivers\stwrte.log
    2008-07-09 20:32 --------- d-----w C:\Users\bruno\AppData\Roaming\Azureus
    2008-07-09 09:16 --------- d-----w C:\ProgramData\Microsoft Help
    2008-07-09 09:15 --------- d-----w C:\Program Files\Windows Mail
    2008-07-08 11:05 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-07-08 10:30 --------- d-----w C:\Users\bruno\AppData\Roaming\Ahead
    2008-07-08 10:04 --------- d-----w C:\Program Files\Nero
    2008-07-08 10:04 --------- d-----w C:\Program Files\Common Files\Nero
    2008-07-08 09:52 --------- d-----w C:\ProgramData\Nero
    2008-07-02 08:31 --------- d-----w C:\Program Files\Azureus
    2008-06-30 08:57 --------- d-----w C:\Program Files\Pvm
    2008-06-25 13:10 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-06-23 13:14 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-06-22 21:52 --------- d-----w C:\Program Files\Common Files\LightScribe
    2008-06-22 21:40 --------- d-----w C:\Program Files\Bit Che
    2008-06-21 17:50 --------- d-----w C:\Program Files\Dofus
    2008-06-20 10:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-20 10:51 --------- d-----w C:\Program Files\Micro Application
    2008-06-14 10:15 --------- d-----w C:\ProgramData\eMule
    2008-06-11 10:47 --------- d-----w C:\Program Files\Common Files\BinarySense
    2008-06-11 10:46 --------- d---a-w C:\ProgramData\TEMP
    2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
    2008-05-28 14:11 --------- d-----w C:\Users\bruno\AppData\Roaming\BinarySense
    2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
    2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
    2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
    2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
    2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
    2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
    2008-05-22 16:26 --------- d-----w C:\Program Files\Common Files\Oberon Media
    2008-05-20 22:04 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-05-16 22:02 --------- d-----w C:\Program Files\EPSON
    2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
    2008-05-09 08:02 --------- d-----w C:\ProgramData\FLEXnet
    2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
    2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
    2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
    2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
    2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
    2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
    2008-05-06 07:41 676,224 ----a-w C:\Windows\System32\OGACheckControl.dll
    2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-04-12 03:32 784,896 ----a-w C:\Windows\System32\rpcrt4.dll
    2008-04-02 16:15 47,360 ----a-w C:\Users\bruno\AppData\Roaming\pcouffin.sys
    2008-03-19 17:11 174 --sha-w C:\Program Files\desktop.ini
    2008-02-26 23:29 2,954 ----a-w C:\Users\bruno\AppData\Roaming\SAS7_000.DAT
    2007-12-15 09:38 22,328 ----a-w C:\Users\bruno\AppData\Roaming\PnkBstrK.sys
    2008-03-26 12:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2008-03-26 12:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2008-03-26 12:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot_2008-07-09_22.39.47.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-07-09 20:33:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-07-09 20:34:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-07-09 20:41:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-07-09 20:34:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-07-09 20:41:16 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-07-09 20:34:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-07-09 20:41:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-07-09 09:46:11 10,874 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1206471103-55471458-3596929434-1000_UserData.bin
    + 2008-07-09 20:35:41 11,066 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1206471103-55471458-3596929434-1000_UserData.bin
    - 2008-07-09 09:46:11 117,336 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-07-09 20:35:41 117,422 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{795AF9C6-09E5-40AF-B4F0-082F9E0A46C3}]
    C:\Windows\system32\byXQHASJ.dll [BU]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
    "MSSMSGS"="wincji32.rom" [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [BU]
    "MSServer"="C:\Windows\system32\jkKEtqOE.dll" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

    C:\Users\bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 21:38:14 2756608]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.i420"= i420vfw.dll
    "msacm.l3acm"= l3codecp.acm

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PacketiX VPN Client ????????.lnk]
    backup=C:\Windows\pss\PacketiX VPN Client ????????.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
    backup=C:\Windows\pss\PDFCreator.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^bruno^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Users\bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
    backupExtension=.Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanalPlayerHelper
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPN Client UI Helper

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
    --a------ 2007-03-19 09:20 259624 C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    --a------ 2007-09-21 08:34 220160 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
    --a------ 2007-05-17 14:45 279912 C:\Program Files\Microsoft LifeCam\LifeExp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO38]
    --a------ 2006-05-08 14:43 252416 C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
    --a------ 2007-04-27 20:22 312848 C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
    --a------ 2005-10-30 02:56 606208 C:\Program Files\pspvideo9\pspVideo9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    --a------ 2006-10-25 09:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-06-11 16:39 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
    --a------ 2007-02-09 15:54 16896 C:\Program Files\GoogleEULA\EULALauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
    --a------ 2007-04-10 14:46 709992 C:\Windows\vVX3000.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]
    C:\Program Files\WebcamMax\wcmmon.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1206471103-55471458-3596929434-1000]
    "EnableNotificationsRef"=dword:00000002

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{C2C3AC0E-FDC0-4CD2-879A-AC2BADB8F0C4}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "UDP Query User{1F337562-1731-4E0C-8B97-623D746E2960}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "{4E4374AC-8315-4AF3-9907-908CFCF09537}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{3A1B9E8D-8768-40AA-A670-6ADAFAEEEED2}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
    "{C5B5E5FA-CDFE-4B06-9AF5-931E9A5C7837}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
    "{F04A2E32-91A3-42AE-8A8C-CB00FCFBD9E7}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
    "{30FC7D39-1166-415D-A879-F22995AB0EF4}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
    "TCP Query User{323C0E31-67FB-4423-A6B3-5516E2BE80D1}C:\\windows\\temp\\navbrowser.exe"= UDP:C:\windows\temp\navbrowser.exe:navbrowser.exe
    "UDP Query User{12B96D57-117D-482B-A106-4B2788E68353}C:\\windows\\temp\\navbrowser.exe"= TCP:C:\windows\temp\navbrowser.exe:navbrowser.exe
    "TCP Query User{92B1AB1B-EB5E-442E-A11B-932CA4D49183}C:\\users\\bruno\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bruno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
    "UDP Query User{2C3F3168-6DE4-48A2-8224-BD79406AFF36}C:\\users\\bruno\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bruno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
    "{EE414A65-1CEB-422E-9142-F67F69E6188F}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
    "{11791F3F-2081-47D7-9783-9752CE9FCAE7}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
    "{DAB94320-B934-4917-85E8-2CFA6FE1D626}"= UDP:C:\Program Files\eMule\emule.exe:eMule
    "{5AD9059C-0DAA-4F92-9740-8BA9FEE33879}"= TCP:C:\Program Files\eMule\emule.exe:eMule
    "{85E48CBD-06BC-49C1-928F-B8D467317EA2}"= UDP:43088:Emule TCP
    "{74D9D9DB-63A6-40F1-A034-5029F26D3D4F}"= UDP:36631:Emule UDP
    "TCP Query User{8B3CE20C-9BA6-4F89-BD5F-AE9512B2AA09}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{B0C14533-58E6-453B-93EB-E96677B9354F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "TCP Query User{E762558F-E9E2-4CE4-BA0A-DDD15BDC05FF}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
    "UDP Query User{7F035CAD-9CCD-4007-9209-B6BF43DB5C75}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
    "{A3906C17-E10C-47FF-8BA7-3617DF30C400}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{0C4AEE0D-45F9-40DE-91C5-86A1643726D5}"= UDP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{EF5337DA-9CE5-4562-A03D-608D16B8A4D5}"= TCP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
    "{C925970A-B478-4DF3-86EF-9020DB4A8A7F}"= UDP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{BA84B418-54CA-44D4-A99D-2AC7D08AD8DD}"= TCP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
    "{E3354868-7443-48B4-B9D8-71B14D3B20E2}"= UDP:990:LocalSubnet:LocalSubnet|IF={6DD97007-C586-4AE3-A652-A902BE57C65D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
    "TCP Query User{853C5CB4-A862-41D7-8B9D-338923C01BF9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{096A212C-7072-47F1-B77E-D6DF9C6ED959}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{A40DFF96-C42B-4186-810C-DD9F4C1DCB78}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
    "{090E5C6A-62B9-469C-BC4C-140F7EB02C91}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
    "{C69A9603-C74B-4ED6-A289-AD5A70B1494F}"= UDP:C:\Program Files\PacketiX VPN Client\vpnclient.exe:p acketiX VPN Client 2.0
    "{D5A7713C-B9A7-43D8-8548-06E6CE724753}"= TCP:C:\Program Files\PacketiX VPN Client\vpnclient.exe:p acketiX VPN Client 2.0
    "{4F64EB8B-7BBF-4980-A6D4-15BE94FD4A54}"= UDP:C:\Program Files\PacketiX VPN Client\vpncmgr.exe:p acketiX VPN Client Connection Manager 2.0
    "{41DFE712-FAFE-4E59-A125-180996A0AFAF}"= TCP:C:\Program Files\PacketiX VPN Client\vpncmgr.exe:p acketiX VPN Client Connection Manager 2.0
    "{B77408A1-D220-48D2-AE71-0AB7785BC708}"= UDP:C:\Program Files\PacketiX VPN Client\vpncmd.exe:p acketiX VPN Command-Line Admin Tool 2.0
    "{CE05D155-27C6-4E44-9221-0CFFEFA7002A}"= TCP:C:\Program Files\PacketiX VPN Client\vpncmd.exe:p acketiX VPN Command-Line Admin Tool 2.0
    "{1D462E2D-E27E-4D38-B270-1BE7A729B472}"= UDP:C:\Program Files\PacketiX VPN Client\vpnclient.exe:p acketiX VPN Client 2.0
    "{9292460C-7F0B-4979-9371-5A2A24929049}"= TCP:C:\Program Files\PacketiX VPN Client\vpnclient.exe:p acketiX VPN Client 2.0
    "{CF0E575F-AECD-4F88-8881-854AB18D7EB3}"= UDP:C:\Program Files\PacketiX VPN Client\vpncmgr.exe:p acketiX VPN Client Connection Manager 2.0
    "{E2FA8E18-7C52-498F-944E-07BF0B01678E}"= TCP:C:\Program Files\PacketiX VPN Client\vpncmgr.exe:p acketiX VPN Client Connection Manager 2.0
    "{ECA26690-E4C7-4161-B6B1-3E6870670AF1}"= UDP:C:\Program Files\PacketiX VPN Client\vpncmd.exe:p acketiX VPN Command-Line Admin Tool 2.0
    "{8FA445E6-6E21-4416-8667-3EE206899F08}"= TCP:C:\Program Files\PacketiX VPN Client\vpncmd.exe:p acketiX VPN Command-Line Admin Tool 2.0
    "{87A11D79-6AE3-4D47-BADE-8BBFF3BFA838}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{8DE39791-46C5-44E6-8B33-6B5D48A77BF5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{EEDF5954-8D56-4F05-ADC2-B4032FA7C27C}"= UDP:990:LocalSubnet:LocalSubnet|IF={6DD97007-C586-4AE3-A652-A902BE57C65D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
    "{3D76E9E1-2CE5-4E59-B43F-1719BC0F423A}"= UDP:990:LocalSubnet:LocalSubnet|IF={6DD97007-C586-4AE3-A652-A902BE57C65D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
    "{CE6ADCFC-924D-4883-A326-9F52043100CE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{CB05F04C-50B7-4FF2-9014-F0EC8B4A46C9}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{E2E347E9-C34F-4091-A2B6-4B11B9C375AE}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "{B0AEECDB-6AAD-4B6C-AC45-C3721DD0CC57}"= UDP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
    "{ECFFA305-82D8-4CFB-8248-AA9C69C95213}"= TCP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
    "{A915D24B-3D55-4FBD-B619-2ABBED0742D5}"= UDP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
    "{A9EDF80C-27BE-437B-8344-30BD508571A4}"= TCP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher

    R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2007-05-11 17:06]
    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
    R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 14:45]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
    R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 09:33]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-13 22:07]
    R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 10:43]
    R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 10:31]
    S3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 18:43]
    S3 Neo_vpn;VPN Client Device Driver - vpn;C:\Windows\system32\DRIVERS\Neo_0124.sys [2008-01-04 09:03]
    S3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2007-07-16 17:15]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2007-12-23 02:35]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q]
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c923b5da-f234-11dc-bdb7-001060d0928e}]
    \shell\AutoRun\command - N:\setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-07-04 15:17:01 C:\Windows\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    "2008-07-09 19:06:28 C:\Windows\Tasks\User_Feed_Synchronization-{C5F77192-7FA0-4F87-901F-3555954CE41E}.job"
    - C:\Windows\system32\msfeedssync.exe
    "2008-07-09 20:47:01 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{818798A0-FA63-47EB-9D62-4691C5C0B1E1} - (no file)
    WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-09 22:49:42
    Windows 6.0.6001 Service Pack 1 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-09 22:50:39
    ComboFix-quarantined-files.txt 2008-07-09 20:50:35

    Pre-Run: 218,298,142,720 octets libres
    Post-Run: 218,252,185,600 octets libres

    356 --- E O F --- 2008-07-09 09:16:30
    9 Juillet 2008 23:41:55

    Re,

    Laisse Spybot désactivé.

    Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

  • Connecte tous les périphériques externes. ( DD , USB , ..... )
  • Double clique sur Flash Disinfector et laisse toi guider.

    *******

    Sélectionne l'intégralité du cadre ci-dessous :

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{795AF9C6-09E5-40AF-B4F0-082F9E0A46C3}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSSMSGS"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NBKeyScan"=-
    "MSServer"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q]


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    Anonyme
    10 Juillet 2008 00:07:33

    j'ai effectué le scan sur virustotal voila le premier post

    Fichier WirelessFTP.INI reçu le 2008.07.10 00:03:58 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


    Résultat: 0/33 (0%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: ___.
    L'heure estimée de démarrage est entre ___ et ___ .
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:


    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.7.10.0 2008.07.09 -
    AntiVir 7.8.0.64 2008.07.09 -
    Authentium 5.1.0.4 2008.07.08 -
    Avast 4.8.1195.0 2008.07.09 -
    AVG 7.5.0.516 2008.07.09 -
    BitDefender 7.2 2008.07.09 -
    CAT-QuickHeal 9.50 2008.07.09 -
    ClamAV 0.93.1 2008.07.09 -
    DrWeb 4.44.0.09170 2008.07.09 -
    eSafe 7.0.17.0 2008.07.09 -
    eTrust-Vet 31.6.5940 2008.07.09 -
    Ewido 4.0 2008.07.09 -
    F-Prot 4.4.4.56 2008.07.08 -
    F-Secure 7.60.13501.0 2008.07.08 -
    Fortinet 3.14.0.0 2008.07.09 -
    GData 2.0.7306.1023 2008.07.09 -
    Ikarus T3.1.1.26.0 2008.07.09 -
    Kaspersky 7.0.0.125 2008.07.09 -
    McAfee 5335 2008.07.09 -
    Microsoft 1.3704 2008.07.09 -
    NOD32v2 3255 2008.07.09 -
    Norman 5.80.02 2008.07.09 -
    Panda 9.0.0.4 2008.07.09 -
    Prevx1 V2 2008.07.10 -
    Rising 20.52.22.00 2008.07.09 -
    Sophos 4.31.0 2008.07.09 -
    Sunbelt 3.1.1509.1 2008.07.04 -
    Symantec 10 2008.07.09 -
    TheHacker 6.2.96.374 2008.07.07 -
    TrendMicro 8.700.0.1004 2008.07.09 -
    VBA32 3.12.6.8 2008.07.08 -
    VirusBuster 4.5.11.0 2008.07.09 -
    Webwasher-Gateway 6.6.2 2008.07.09 -
    Information additionnelle
    File size: 99 bytes
    MD5...: abc9bf9e9a29da1430f331d5449fecaf
    SHA1..: 29172ce7b074441ff32cfb7d247950339359aa95
    SHA256: 50349e3b3c0d2a7ea9b8827c0e4381266e539859c2b5cd8ca2672fdc7ab18950
    SHA512: d53c364ad20df5516a99478552d4e025723f52fc8dba61b21127d6412c293048
    740e8b27bb4911a14300bda5184268bab50c6405a93c4049f5742b18f8e9086e
    Anonyme
    10 Juillet 2008 00:14:26

    voila le post du troisieme fichier que tu m'as demandé de scanner, en ce qui concerne le premier, tosBSO.INI, j'ai un message sur virustotal qui me dit que cette archive ne peut etre scannée car elle fait 0 Mb.

    encore merci pour ton aide.

    Fichier MediaR38.dll reçu le 2008.07.10 00:10:28 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


    Résultat: 0/33 (0%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: ___.
    L'heure estimée de démarrage est entre ___ et ___ .
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:


    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.7.10.0 2008.07.09 -
    AntiVir 7.8.0.64 2008.07.09 -
    Authentium 5.1.0.4 2008.07.08 -
    Avast 4.8.1195.0 2008.07.09 -
    AVG 7.5.0.516 2008.07.09 -
    BitDefender 7.2 2008.07.09 -
    CAT-QuickHeal 9.50 2008.07.09 -
    ClamAV 0.93.1 2008.07.09 -
    DrWeb 4.44.0.09170 2008.07.09 -
    eSafe 7.0.17.0 2008.07.09 -
    eTrust-Vet 31.6.5939 2008.07.09 -
    Ewido 4.0 2008.07.09 -
    F-Prot 4.4.4.56 2008.07.08 -
    F-Secure 7.60.13501.0 2008.07.08 -
    Fortinet 3.14.0.0 2008.07.09 -
    GData 2.0.7306.1023 2008.07.09 -
    Ikarus T3.1.1.26.0 2008.07.09 -
    Kaspersky 7.0.0.125 2008.07.09 -
    McAfee 5335 2008.07.09 -
    Microsoft 1.3704 2008.07.09 -
    NOD32v2 3255 2008.07.09 -
    Norman 5.80.02 2008.07.09 -
    Panda 9.0.0.4 2008.07.09 -
    Prevx1 V2 2008.07.10 -
    Rising 20.52.22.00 2008.07.09 -
    Sophos 4.31.0 2008.07.09 -
    Sunbelt 3.1.1509.1 2008.07.04 -
    Symantec 10 2008.07.09 -
    TheHacker 6.2.96.374 2008.07.07 -
    TrendMicro 8.700.0.1004 2008.07.09 -
    VBA32 3.12.6.8 2008.07.08 -
    VirusBuster 4.5.11.0 2008.07.09 -
    Webwasher-Gateway 6.6.2 2008.07.09 -
    Information additionnelle
    File size: 199680 bytes
    MD5...: 2fe13d6f0fcb01f3fc35a467a5c9fd3a
    SHA1..: 72c9e7ffe08779894e18a5956bd1ae32b0b030a0
    10 Juillet 2008 00:14:36

    Continue ;) 
    Anonyme
    10 Juillet 2008 10:39:36

    Salut, j'ai fait l'ensemble des analyses que tu avais préconisé, j'ai de nouveau fait une recherche avec spybot, il ne découvre plus Virtumonde.dll, mon pc a retrouvé toute sa rapidité, mais au démarrage, j'ai une fenetre Rundll qui s'affiche et qui me dit "Erreur de chargement de wincji32.rom le module spécifié est introuvable" peut être sais tu a quoi correspond cette dll manquante et comment la remettre pour ne plus avoir ce message au démarrage de vista.Si tu as des propositions je suis toute ouie, et je te remercie du temps que tu m'as consacré, heureusement qu'il y a des personnes qui n'hésitent pas à donner de leur temps pour nous aider nous autres pauvres etres, merci pour tout.
    10 Juillet 2008 12:08:50

    De rien, poste un nouveau rapport HijackThis.

    Puis :

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.
    Anonyme
    10 Juillet 2008 12:27:26

    voila le rapport hijackthis que tu m'as demandé, pour le reste c'est en cours je te tiens au courant des résultats.merci

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:24:46, on 08/07/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Windows Media Player\wmprph.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\tracert.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {795AF9C6-09E5-40AF-B4F0-082F9E0A46C3} - C:\Windows\system32\byXQHASJ.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {818798A0-FA63-47EB-9D62-4691C5C0B1E1} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {D554A583-D4CF-4A6F-B07A-CB25F60FA743} - (no file)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BMbbf3b551] Rundll32.exe "C:\Windows\system32\xwqfixsm.dll",s
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8377] command /c del "C:\Windows\System32\byXQHASJ.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1933] cmd /c del "C:\Windows\System32\byXQHASJ.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7124] command /c del "C:\Windows\System32\byXQHASJ.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2432] cmd /c del "C:\Windows\System32\byXQHASJ.dll_old"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX9400F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\Users\bruno\AppData\Local\Temp\E_S953E.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe wincji32.rom,RkzRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.canalplay.com
    O15 - Trusted Zone: *.canalplusactive.com
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
    O16 - DPF: CANALPLAY Installer - http://www.canalplay.com/cabs/CanalInstaller.CAB
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpld...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
    O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://epson.synovate.com/epson-france/setup.ocx
    O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/Fnacm...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10_fr.cab
    O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/b...
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 13758 bytes
    Anonyme
    10 Juillet 2008 14:30:04

    le scan avec malwarebyte's vient de se terminer, je t'envois le rapport comme tu me l'as demandé,( Il a trouvé 11 fichiers suspect que j'ai effacer comme tu me l'avait dit).merci pout tout.

    Malwarebytes' Anti-Malware 1.20
    Version de la base de données: 935
    Windows 6.0.6001 Service Pack 1

    14:14:10 10/07/2008
    mbam-log-7-10-2008 (14-14-10).txt

    Type de recherche: Examen complet (C:\|D:\|K:\|Q:\|R:\|)
    Eléments examinés: 349007
    Temps écoulé: 1 hour(s), 0 minute(s), 10 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d554a583-d4cf-4a6f-b07a-cb25f60fa743} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
    Q:\Mes documents 2\Logiciels\Gravure\Nero Lite 8.3.2.1 Europe\Nero Lite 8.3.2.1 Europe\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    10 Juillet 2008 15:22:32

    Re,

    Pourquoi ne laisses-tu pas Spybot désactivé ? Il restaure les lignes fixées (dans le registre). Donc désactive-le jusqu'à la fin de la désinfection ;) 

    Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Avast!

    Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur download the latest version.
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau.
    - Contrôler automatiquement les mises à jour de CCleaner.
  • Lance le Nettoyage.
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    ***************

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu’il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

    Pourquoi changer ? Avast vs Antivir.

    Aide : Comment installer et utiliser AntiVir.
    Anonyme
    10 Juillet 2008 20:26:39

    j'ai effectué toutes les opérations demandée, j'ai instalé antivir et fait un scan et je te joint le rapport, en ce qui concerne spybot je pensais que je pouvais le réactiver, je n'ai pas percuté que que cela réactiverai les lignes fixées, désolé.merci pour ton aide

    Avira AntiVir Personal
    Report file date: jeudi 10 juillet 2008 19:38

    Scanning for 1411247 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (Service Pack 1) [6.0.6001]
    Boot mode: Save mode
    Username: bruno
    Computer name: PC-DE-BRUNO

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 17:32:36
    ANTIVIR2.VDF : 7.0.5.86 547840 Bytes 09/07/2008 17:32:37
    ANTIVIR3.VDF : 7.0.5.95 147968 Bytes 10/07/2008 17:32:37
    Engineversion : 8.1.0.64
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.46 283002 Bytes 10/07/2008 17:32:43
    AESCN.DLL : 8.1.0.22 119157 Bytes 10/07/2008 17:32:43
    AERDL.DLL : 8.1.0.20 418165 Bytes 10/07/2008 17:32:42
    AEPACK.DLL : 8.1.1.6 364918 Bytes 10/07/2008 17:32:42
    AEOFFICE.DLL : 8.1.0.20 192891 Bytes 10/07/2008 17:32:41
    AEHEUR.DLL : 8.1.0.35 1298806 Bytes 10/07/2008 17:32:41
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 17:32:40
    AEGEN.DLL : 8.1.0.29 307573 Bytes 10/07/2008 17:32:39
    AEEMU.DLL : 8.1.0.6 430451 Bytes 10/07/2008 17:32:38
    AECORE.DLL : 8.1.0.32 168311 Bytes 10/07/2008 17:32:38
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Windows System Directory
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysdir.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 10 juillet 2008 19:38

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    19 processes with 19 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '17' files ).


    Starting the file scan:

    Begin scan in 'C:\Windows\system32'
    C:\Windows\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: jeudi 10 juillet 2008 19:41
    Used time: 02:57 min

    The scan has been done completely.

    1358 Scanning directories
    24378 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    24378 Files not concerned
    67 Archives were scanned
    5 Warnings
    0 Notes

    11 Juillet 2008 00:15:39

    Euh, tu n'as pas du tout scanné ? 2 min 57 :D 

    Pas grave pour Spybot :=)
    11 Juillet 2008 10:00:45

    J'ai refait un scan avec antivir, en choississant manuellement ce qu'il devait scanner, effectivement ca a duré 1H16je te le joint en espérant que ce soit bon, merci pout tout.



    Avira AntiVir Personal
    Report file date: vendredi 11 juillet 2008 00:32

    Scanning for 1411247 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (Service Pack 1) [6.0.6001]
    Boot mode: Normally booted
    Username: bruno
    Computer name: PC-DE-BRUNO

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 17:32:36
    ANTIVIR2.VDF : 7.0.5.86 547840 Bytes 09/07/2008 17:32:37
    ANTIVIR3.VDF : 7.0.5.95 147968 Bytes 10/07/2008 17:32:37
    Engineversion : 8.1.0.64
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.46 283002 Bytes 10/07/2008 17:32:43
    AESCN.DLL : 8.1.0.22 119157 Bytes 10/07/2008 17:32:43
    AERDL.DLL : 8.1.0.20 418165 Bytes 10/07/2008 17:32:42
    AEPACK.DLL : 8.1.1.6 364918 Bytes 10/07/2008 17:32:42
    AEOFFICE.DLL : 8.1.0.20 192891 Bytes 10/07/2008 17:32:41
    AEHEUR.DLL : 8.1.0.35 1298806 Bytes 10/07/2008 17:32:41
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 17:32:40
    AEGEN.DLL : 8.1.0.29 307573 Bytes 10/07/2008 17:32:39
    AEEMU.DLL : 8.1.0.6 430451 Bytes 10/07/2008 17:32:38
    AECORE.DLL : 8.1.0.32 168311 Bytes 10/07/2008 17:32:38
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, E:, F:, G:, H:, I:, J:, K:, L:, M:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 11 juillet 2008 00:32

    The scan of running processes will be started
    Scan process 'PING.EXE' - '1' Module(s) have been scanned
    Scan process 'PING.EXE' - '1' Module(s) have been scanned
    Scan process 'PING.EXE' - '1' Module(s) have been scanned
    Scan process 'PING.EXE' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'dllhost.exe' - '1' Module(s) have been scanned
    Scan process 'dllhost.exe' - '1' Module(s) have been scanned
    Scan process 'PING.EXE' - '1' Module(s) have been scanned
    Scan process 'PING.EXE' - '1' Module(s) have been scanned
    Scan process 'TRACERT.EXE' - '1' Module(s) have been scanned
    Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'Azureus.exe' - '1' Module(s) have been scanned
    Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
    Scan process 'conime.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtProc.exe' - '1' Module(s) have been scanned
    Scan process 'CCC.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'TosOBEX.exe' - '1' Module(s) have been scanned
    Scan process 'TosAVRC.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtHid.exe' - '1' Module(s) have been scanned
    Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned
    Scan process 'dpupdchk.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned
    Scan process 'E_FATICFE.EXE' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'wmdSync.exe' - '1' Module(s) have been scanned
    Scan process 'MOM.exe' - '1' Module(s) have been scanned
    Scan process 'ipoint.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
    Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
    Scan process 'X10nets.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtSrv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'ADCDLicSvc.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    81 processes with 81 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    [INFO] Please restart the search with Administrator rights

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'J:\'
    [INFO] In the drive 'J:\' no data medium is inserted!
    Boot sector 'K:\'
    [INFO] No virus was found!
    Boot sector 'L:\'
    [INFO] In the drive 'L:\' no data medium is inserted!
    Boot sector 'M:\'
    [INFO] In the drive 'M:\' no data medium is inserted!

    Starting to scan the registry.
    The registry was scanned ( '17' files ).


    Starting the file scan:

    Begin scan in 'C:\' <BOOT>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Users\bruno\Documents\Azureus Downloads\Sony Ericsson WALKMAN & Cyber-Shot modding & tunning, by CQ.rar
    [0] Archive type: RAR
    --> w810_w300i_z550i_ADVANCED_TUNiNG_BY_CQ.rar
    [1] Archive type: RAR
    --> db2010cid49_4_alpha.rar.zip
    [2] Archive type: RAR
    --> SEFP\sefp0.10.0.51patch.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was moved to '48e49a04.qua'!
    C:\Windows\System32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <RECOVER>
    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'G:\'
    Search path G:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'H:\'
    Search path H:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'I:\'
    Search path I:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'J:\'
    Search path J:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'K:\' <MUSIC>
    Begin scan in 'L:\'
    Search path L:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'M:\'
    Search path M:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: vendredi 11 juillet 2008 01:49
    Used time: 1:16:26 min

    The scan has been done completely.

    29460 Scanning directories
    508593 Files were scanned
    1 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    1 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    508592 Files not concerned
    7223 Archives were scanned
    6 Warnings
    1 Notes

    11 Juillet 2008 13:15:51

    Bien, poste un nouveau rapport HijackThis ;) 
    11 Juillet 2008 20:46:26

    voila le rapport hijackthis comme tu me l'a demandé. J'espere que tous va bien. Merci de ton aide.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:24:46, on 08/07/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Windows Media Player\wmprph.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\tracert.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe
    C:\Windows\system32\ping.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {795AF9C6-09E5-40AF-B4F0-082F9E0A46C3} - C:\Windows\system32\byXQHASJ.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {818798A0-FA63-47EB-9D62-4691C5C0B1E1} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {D554A583-D4CF-4A6F-B07A-CB25F60FA743} - (no file)
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [BMbbf3b551] Rundll32.exe "C:\Windows\system32\xwqfixsm.dll",s
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8377] command /c del "C:\Windows\System32\byXQHASJ.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1933] cmd /c del "C:\Windows\System32\byXQHASJ.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7124] command /c del "C:\Windows\System32\byXQHASJ.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2432] cmd /c del "C:\Windows\System32\byXQHASJ.dll_old"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX9400F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\Users\bruno\AppData\Local\Temp\E_S953E.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe wincji32.rom,RkzRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.canalplay.com
    O15 - Trusted Zone: *.canalplusactive.com
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
    O16 - DPF: CANALPLAY Installer - http://www.canalplay.com/cabs/CanalInstaller.CAB
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpld...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
    O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://epson.synovate.com/epson-france/setup.ocx
    O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/Fnacm...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10_fr.cab
    O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/b...
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 13758 bytes
    12 Juillet 2008 00:38:49

    Ce rapport est vieux.
    Poste moi un nouveau rapport.
    12 Juillet 2008 10:33:52

    Je suis désolé, mais j'ai relancé hijacthis, et le rapport qu'il m'a donné je te l'ai envoyé, je ne sais pas pourquoi ce rapport datait du 8 alors que je l'ai demandé le 11/07, y'a t'il une manip a faire entre chaque rapport? J'ai du desinstaller hijackthis et le réinstaller pour obtenir un rapport du jour. Je te le joint, merci de ton aide. Pour info, j'ai toujours un fichier qui ne s'ouvre pas au demarrage du pc (Wincji32.rom)peut être sais tu de quoi il s'agit.Merci.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:29:10, on 12/07/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATICFE.EXE
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\Program Files\Windows Live Toolbar\msn_sl.exe
    C:\Users\bruno\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {795AF9C6-09E5-40AF-B4F0-082F9E0A46C3} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {818798A0-FA63-47EB-9D62-4691C5C0B1E1} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe wincji32.rom,RkzRun
    O4 - HKCU\..\Run: [EPSON Stylus DX9400F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\Users\bruno\AppData\Local\Temp\E_S7C52.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.canalplay.com
    O15 - Trusted Zone: *.canalplusactive.com
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/Install...
    O16 - DPF: CANALPLAY Installer - http://www.canalplay.com/cabs/CanalInstaller.CAB
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpld...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-win...
    O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://epson.synovate.com/epson-france/setup.ocx
    O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/Fnacm...
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/b...
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 11464 bytes
    12 Juillet 2008 14:07:53

    Re :) 

    Télécharge DelDomains (de Mike Burgess)

  • Enregistre le sur le Bureau.
  • Utilisation : clic droit / Installer
  • Si tu vois le bloc notes s'ouvrir, c'est que tu as fais une mauvaise manip.

    Normalement, tu ne vois rien se passer !

    *********

    Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    O2 - BHO: (no name) - {795AF9C6-09E5-40AF-B4F0-082F9E0A46C3} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {818798A0-FA63-47EB-9D62-4691C5C0B1E1} - (no file)
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe wincji32.rom,RkzRun
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    Plus de soucis ?
    12 Juillet 2008 19:55:20

    Bonsoir, j'ai telechargé Deldomains, mais quand je fais clic droit/installer, j'ai un message d'erreur qui me dit que l'installation à échoué. En ce qui concerne le rapport Hijackthis, j'ai fixé les lignes que tu m'avait demandé et apparement tout fonctionne bien, mon pc est redevenu rapide et réactif, c'est un vrai bonheur. En ce qui concerne Deldomains, est-il prévu pour fonctionner sous vista? tient moi au courant si l'utilisation de ce log est obligatoire dans mon cas. Encore une fois je te remercie pour le temps, l'energie et les solutions apportée, merci pour tout.
    12 Juillet 2008 21:13:19

    De rien, oublie Deldomains, pas grave ..

    Télécharge ToolsCleaner2 (de A.Rothstein)

  • Installe le sur ton Bureau.
  • Clique sur Recherche pour lancer le scan.
  • Clique sur Supprimer pour nettoyer les outils utilisés.
  • Clique sur Quitter.
  • Poste ce rapport ~>C:\TCleaner.txt<~

  • Garde Ccleaner, MBAM et AntiVir si nous les avons installés..
  • Désactive-réactive la restauration système.
  • Rapporte ton infection sur Malware Complaints >Tuto<
  • Ton(tes) infection(s) : Vundo, Bagle, Toolbars.
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections,

  • Mets ton ordi correctement à jour >ici<
  • Si ce n'est pas fait, assure-toi que les Mises à jour Automatiques Windows soient activées !

    Puis regarde ces dossiers :

    - Sécurité/Prévention
    - Conséquences de la multi-protection
    - Toolbars : Inutilité et ralentissements

    Bonne journée/soirée :) 
    13 Juillet 2008 12:52:43

    Bonjour, j'ai telecharger Tcleaner, je l'ai lancer, il a fonctioné correctement , il a bien supprimé tous les outils utilisés, mais pour généré le rapport, j'ai eu un message d'erreur disant qu'il ne pouvait ecrire le rapport sur C.
    J'ai ensuite rapporté l'infection dont j'étais victime sur Malware complaints.
    J'ai aussi mis a jours mon ordi via secunia PSI. Et j'ai aussi lu les differents dossiers, j'ai appris pas mal de choses, je te remercie.
    Maintenant j'ai fini par savoir que mes enfants ont utilisé mon ordi dans mon dos pour aller sur des sites que je ne connais pas, je commence a comprendre pourquoi j'ai été infecté, cela ne m'étais jamais arrivé.
    J'ai lu le tuto sur les points de restaurations de windows, mais ce tuto est pour XP, sous vista je n'ai pas les memes menus, je n'ai pas trouvé comment désactiver et reactiver la restauration. Existe t'il un tuto pour cela?
    Dois-je remettre spybot en route ou pas?
    En tous cas, je te remercie pour toute ton aide et le temps que tu m'as consacré
    13 Juillet 2008 13:52:38

    Re :) 

    C'est bien ;) 

    Oui, je vais faire un tuto pour Vista quand j'aurai le temps.


    Panneau de Configuration -> Système et Maintenance -> Paramètres Système avancés -> Protection du système -> décoche les "disques disponibles", clique sur désactiver la restauration système à l'apparition du message, fais pareil pour tous , appliquer, ok.

    Bonne journée
    13 Juillet 2008 15:04:13

    c'est tout bon, j'ai effectué la désactivation / reactivation de la restauration; mon pc marche du tonnerre, merci pour ton aide
    13 Juillet 2008 15:07:24

    juste une derniere chose, comment marque t'on que le probleme est résolu sur le forum? merci
    13 Juillet 2008 20:06:36

    Pour marquer résolu :
    Tu click sur éditer le message (à coté des jumelles) et la tu modifies ton texte d'acceuil et tu valides. Voilà voilà ;) 
    14 Juillet 2008 01:55:54

    Il faut éditer le premier message de ce sujet ;) 

    Hello Doctor :) 
    17 Juillet 2008 10:47:04

    ok pour editer le premier sujet, mais je ne vois pas l'icone d'edition dans le premier message, et je ne sais pas comment faire pour le modifier, si quelqu'un a une idée, merci....
    18 Juillet 2008 14:36:43

    Ce n'est pas très grave sinon.
    C'est l'icône à côté des jumelles.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS