bonsoir a tous, j'ai lu les differents posts sur le forum a propos de virtumonde.dll et la façon de l'héradiquer, mais je suis sous vista et je voudrais savoir si la procédure est la même. Je poste un rapport Hijackthis en espérant susciter une bonne âme pour m'aider. Mon PC est tres ralenti les pages internet on du mal a s'ouvrir, merci de m'aider.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:46, on 08/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\tracert.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe
C:\Windows\system32\ping.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {795AF9C6-09E5-40AF-B4F0-082F9E0A46C3} - C:\Windows\system32\byXQHASJ.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {818798A0-FA63-47EB-9D62-4691C5C0B1E1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D554A583-D4CF-4A6F-B07A-CB25F60FA743} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BMbbf3b551] Rundll32.exe "C:\Windows\system32\xwqfixsm.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8377] command /c del "C:\Windows\System32\byXQHASJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1933] cmd /c del "C:\Windows\System32\byXQHASJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7124] command /c del "C:\Windows\System32\byXQHASJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2432] cmd /c del "C:\Windows\System32\byXQHASJ.dll_old"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON Stylus DX9400F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\Users\bruno\AppData\Local\Temp\E_S953E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe wincji32.rom,RkzRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/too [...] ontrol.cab
O16 - DPF: CANALPLAY Installer - http://www.canalplay.com/cabs/CanalInstaller.CAB
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/re [...] dfr-fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 1809647341
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 3866679787
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1 [...] 586-jc.cab
O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://epson.synovate.com/epson-france/setup.ocx
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telecharg [...] sicDnl.CAB
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10_fr.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/onli [...] loader.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13758 bytes

Bonsoir,

Télécharge ComboFix (de sUBs) sur ton Bureau.

• Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
• Double clique sur ComboFix.exe.
• Accepte la licence en cliquant sur Oui.
• Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

merci de m'aider, j'ai désactiver mon antivirus (Avast), pour l'antispyware, je suis moins sur, car il n'apparait plus dans la barre des taches en résident. Je te joint le rapport combofix en souhaitant que tu puisse m'aider, merci encore.

ComboFix 08-07-07.3 - bruno 2008-07-09 10:07:31.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2285 [GMT 2:00]
Endroit: C:\Users\bruno\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\bruno\AppData\Roaming\inst.exe
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\drivers\downld
C:\Windows\system32\irhndhxr.dll
C:\Windows\system32\JSAHQXyb.ini
C:\Windows\System32\JSAHQXyb.ini2
C:\Windows\System32\nXGMlkkj.ini
C:\Windows\System32\nXGMlkkj.ini2
C:\Windows\system32\xwqfixsm.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
.

2008-07-08 23:23 . 2008-07-08 23:23 <REP> d-------- C:\Program Files\Trend Micro
2008-07-08 22:33 . 2008-07-08 22:48 153 --a------ C:\Windows\wininit.ini
2008-07-08 12:04 . 2006-03-17 11:45 1,757,184 --a------ C:\Windows\System32\imagX7.dll
2008-07-08 12:04 . 2006-03-17 11:45 802,816 --a------ C:\Windows\System32\imagXRA7.dll
2008-07-08 12:04 . 2006-03-17 11:45 497,296 --a------ C:\Windows\System32\imagXpr7.dll
2008-07-08 12:04 . 2006-03-17 14:49 368,640 --a------ C:\Windows\System32\TwnLib4.dll
2008-07-08 12:04 . 2006-03-17 11:45 258,048 --a------ C:\Windows\System32\imagXR7.dll
2008-07-07 21:22 . 2008-07-07 21:22 <REP> d-------- C:\Windows\LastGood.Tmp
2008-07-03 17:28 . 2008-07-07 21:33 54,156 --ah----- C:\Windows\QTFont.qfn
2008-07-03 17:28 . 2008-07-03 17:28 1,409 --a------ C:\Windows\QTFont.for
2008-07-03 14:51 . 2008-07-03 14:51 <REP> d-------- C:\VundoFix Backups
2008-07-02 18:06 . 2008-07-02 18:06 <REP> d-------- C:\Program Files\Eidos Interactive
2008-07-01 11:23 . 2008-07-01 11:23 <REP> d-------- C:\Program Files\MagicISO
2008-06-27 11:09 . 2008-06-28 09:05 <REP> d-------- C:\Program Files\GUILD WARS
2008-06-24 00:57 . 2008-06-24 00:57 0 --a------ C:\Windows\tosOBEX.INI
2008-06-23 22:32 . 2008-07-05 13:39 99 --a------ C:\Windows\WirelessFTP.INI
2008-06-23 19:32 . 2008-06-23 19:32 <REP> d-------- C:\Users\bruno\AppData\Roaming\DivX
2008-06-23 19:32 . 2008-06-28 13:39 69 --a------ C:\Windows\NeroDigital.ini
2008-06-23 15:14 . 2008-06-23 15:14 <REP> d-------- C:\Program Files\pspvideo9
2008-06-23 15:10 . 2008-06-23 15:10 <REP> d-------- C:\Program Files\DVD Decrypter
2008-06-22 22:54 . 2008-06-26 22:19 <REP> d-------- C:\divx
2008-06-22 22:52 . 2008-06-22 22:52 <REP> d-------- C:\Program Files\DivX
2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\Users\All Users\Recisio
2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\ProgramData\Recisio
2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\Program Files\KaraFun
2008-06-21 23:59 . 2008-06-21 23:59 <REP> d-------- C:\Program Files\Common Files\Autodata Limited Shared
2008-06-20 12:51 . 2006-06-21 18:38 2,507,776 --a------ C:\Windows\MediaDico38Dll.dll
2008-06-20 12:51 . 2006-05-08 16:02 208,992 --a------ C:\Windows\RACHook38.dll
2008-06-20 12:51 . 2006-05-24 15:59 199,680 --a------ C:\Windows\MediaR38.dll
2008-06-20 12:51 . 2008-06-20 12:54 1,976 --a------ C:\Windows\MediaR38.ini
2008-06-20 07:33 . 2008-06-23 07:59 <REP> d-------- C:\Program Files\Cheatbook Database 2008
2008-06-17 10:30 . 2008-06-17 10:30 <REP> d-------- C:\Users\bruno\TaoUSign
2008-06-15 08:28 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 08:27 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 08:27 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 08:27 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-13 21:08 . 2008-06-27 11:09 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-06-13 21:08 . 2008-06-27 11:09 <REP> d-------- C:\ProgramData\Media Center Programs
2008-06-13 21:08 . 2008-06-13 21:08 <REP> d-------- C:\Program Files\Common Files\BioWare
2008-06-13 20:54 . 2008-06-13 21:28 <REP> d-------- C:\Program Files\Mass Effect
2008-06-12 09:46 . 2008-06-12 09:46 <REP> d-------- C:\Program Files\Happyneuron
2008-06-11 16:39 . 2008-06-11 16:39 <REP> d-------- C:\Program Files\Real
2008-06-11 16:39 . 2008-06-11 16:39 <REP> d-------- C:\Program Files\Common Files\xing shared
2008-06-11 16:39 . 2008-06-11 16:39 <REP> d-------- C:\Program Files\Common Files\Real
2008-06-11 10:59 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 10:59 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 10:59 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 10:59 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-09 10:04 . 2008-06-09 10:04 0 --a------ C:\Windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 08:12 17,204 ----a-w C:\Windows\system32\drivers\stwrte.log
2008-07-08 23:42 --------- d-----w C:\Users\bruno\AppData\Roaming\Azureus
2008-07-08 11:05 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-08 10:30 --------- d-----w C:\Users\bruno\AppData\Roaming\Ahead
2008-07-08 10:04 --------- d-----w C:\Program Files\Nero
2008-07-08 10:04 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-08 09:52 --------- d-----w C:\ProgramData\Nero
2008-07-02 08:31 --------- d-----w C:\Program Files\Azureus
2008-06-30 08:57 --------- d-----w C:\Program Files\Pvm
2008-06-25 13:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-23 13:14 --------- d-----w C:\Program Files\AviSynth 2.5
2008-06-22 21:52 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-22 21:40 --------- d-----w C:\Program Files\Bit Che
2008-06-21 17:50 --------- d-----w C:\Program Files\Dofus
2008-06-20 10:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 10:51 --------- d-----w C:\Program Files\Micro Application
2008-06-14 10:15 --------- d-----w C:\ProgramData\eMule
2008-06-11 10:47 --------- d-----w C:\Program Files\Common Files\BinarySense
2008-06-11 10:46 --------- d---a-w C:\ProgramData\TEMP
2008-06-11 10:46 --------- d-----w C:\Program Files\Windows Mail
2008-05-28 14:11 --------- d-----w C:\Users\bruno\AppData\Roaming\BinarySense
2008-05-22 20:55 --------- d-----w C:\ProgramData\GamesBar
2008-05-22 20:55 --------- d-----w C:\Program Files\GamesBar
2008-05-22 20:55 --------- d-----w C:\Program Files\Gamenext
2008-05-22 16:26 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-05-20 22:04 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-16 22:02 --------- d-----w C:\Program Files\EPSON
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 08:22 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-09 08:02 --------- d-----w C:\ProgramData\FLEXnet
2008-04-02 16:15 47,360 ----a-w C:\Users\bruno\AppData\Roaming\pcouffin.sys
2008-03-19 17:11 174 --sha-w C:\Program Files\desktop.ini
2008-02-26 23:29 2,954 ----a-w C:\Users\bruno\AppData\Roaming\SAS7_000.DAT
2007-12-15 09:38 22,328 ----a-w C:\Users\bruno\AppData\Roaming\PnkBstrK.sys
2008-03-26 12:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-26 12:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-26 12:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-11 16:39 185896]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 13:11 4489216 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

C:\Users\bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 21:38:14 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.l3acm"= l3codecp.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PacketiX VPN Client ????????.lnk]
backup=C:\Windows\pss\PacketiX VPN Client ????????.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk
backup=C:\Windows\pss\PDFCreator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^bruno^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanalPlayerHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPN Client UI Helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
--a------ 2007-03-19 09:20 259624 C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-09-21 08:34 220160 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 14:45 279912 C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO38]
--a------ 2006-05-08 14:43 252416 C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]
--a------ 2007-04-27 20:22 312848 C:\PROGRA~1\Nero\PHOTOS~1\data\Xtras\mssysmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSPVideo9]
--a------ 2005-10-30 02:56 606208 C:\Program Files\pspvideo9\pspVideo9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 09:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-06-11 16:39 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
--a------ 2007-02-09 15:54 16896 C:\Program Files\GoogleEULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
--a------ 2007-04-10 14:46 709992 C:\Windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1206471103-55471458-3596929434-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{C2C3AC0E-FDC0-4CD2-879A-AC2BADB8F0C4}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{1F337562-1731-4E0C-8B97-623D746E2960}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"{4E4374AC-8315-4AF3-9907-908CFCF09537}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{3A1B9E8D-8768-40AA-A670-6ADAFAEEEED2}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{C5B5E5FA-CDFE-4B06-9AF5-931E9A5C7837}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{F04A2E32-91A3-42AE-8A8C-CB00FCFBD9E7}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{30FC7D39-1166-415D-A879-F22995AB0EF4}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{323C0E31-67FB-4423-A6B3-5516E2BE80D1}C:\\windows\\temp\\navbrowser.exe"= UDP:C:\windows\temp\navbrowser.exe:navbrowser.exe
"UDP Query User{12B96D57-117D-482B-A106-4B2788E68353}C:\\windows\\temp\\navbrowser.exe"= TCP:C:\windows\temp\navbrowser.exe:navbrowser.exe
"TCP Query User{92B1AB1B-EB5E-442E-A11B-932CA4D49183}C:\\users\\bruno\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\bruno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{2C3F3168-6DE4-48A2-8224-BD79406AFF36}C:\\users\\bruno\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\bruno\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"{EE414A65-1CEB-422E-9142-F67F69E6188F}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{11791F3F-2081-47D7-9783-9752CE9FCAE7}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne
"{DAB94320-B934-4917-85E8-2CFA6FE1D626}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{5AD9059C-0DAA-4F92-9740-8BA9FEE33879}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"{85E48CBD-06BC-49C1-928F-B8D467317EA2}"= UDP:43088:Emule TCP
"{74D9D9DB-63A6-40F1-A034-5029F26D3D4F}"= UDP:36631:Emule UDP
"TCP Query User{8B3CE20C-9BA6-4F89-BD5F-AE9512B2AA09}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B0C14533-58E6-453B-93EB-E96677B9354F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E762558F-E9E2-4CE4-BA0A-DDD15BDC05FF}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{7F035CAD-9CCD-4007-9209-B6BF43DB5C75}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{A3906C17-E10C-47FF-8BA7-3617DF30C400}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0C4AEE0D-45F9-40DE-91C5-86A1643726D5}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{EF5337DA-9CE5-4562-A03D-608D16B8A4D5}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{C925970A-B478-4DF3-86EF-9020DB4A8A7F}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{BA84B418-54CA-44D4-A99D-2AC7D08AD8DD}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{E3354868-7443-48B4-B9D8-71B14D3B20E2}"= UDP:990:LocalSubnet:LocalSubnet|IF={6DD97007-C586-4AE3-A652-A902BE57C65D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{853C5CB4-A862-41D7-8B9D-338923C01BF9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{096A212C-7072-47F1-B77E-D6DF9C6ED959}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{A40DFF96-C42B-4186-810C-DD9F4C1DCB78}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{090E5C6A-62B9-469C-BC4C-140F7EB02C91}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{C69A9603-C74B-4ED6-A289-AD5A70B1494F}"= UDP:C:\Program Files\PacketiX VPN Client\vpnclient.exeacketiX VPN Client 2.0
"{D5A7713C-B9A7-43D8-8548-06E6CE724753}"= TCP:C:\Program Files\PacketiX VPN Client\vpnclient.exeacketiX VPN Client 2.0
"{4F64EB8B-7BBF-4980-A6D4-15BE94FD4A54}"= UDP:C:\Program Files\PacketiX VPN Client\vpncmgr.exeacketiX VPN Client Connection Manager 2.0
"{41DFE712-FAFE-4E59-A125-180996A0AFAF}"= TCP:C:\Program Files\PacketiX VPN Client\vpncmgr.exeacketiX VPN Client Connection Manager 2.0
"{B77408A1-D220-48D2-AE71-0AB7785BC708}"= UDP:C:\Program Files\PacketiX VPN Client\vpncmd.exeacketiX VPN Command-Line Admin Tool 2.0
"{CE05D155-27C6-4E44-9221-0CFFEFA7002A}"= TCP:C:\Program Files\PacketiX VPN Client\vpncmd.exeacketiX VPN Command-Line Admin Tool 2.0
"{1D462E2D-E27E-4D38-B270-1BE7A729B472}"= UDP:C:\Program Files\PacketiX VPN Client\vpnclient.exeacketiX VPN Client 2.0
"{9292460C-7F0B-4979-9371-5A2A24929049}"= TCP:C:\Program Files\PacketiX VPN Client\vpnclient.exeacketiX VPN Client 2.0
"{CF0E575F-AECD-4F88-8881-854AB18D7EB3}"= UDP:C:\Program Files\PacketiX VPN Client\vpncmgr.exeacketiX VPN Client Connection Manager 2.0
"{E2FA8E18-7C52-498F-944E-07BF0B01678E}"= TCP:C:\Program Files\PacketiX VPN Client\vpncmgr.exeacketiX VPN Client Connection Manager 2.0
"{ECA26690-E4C7-4161-B6B1-3E6870670AF1}"= UDP:C:\Program Files\PacketiX VPN Client\vpncmd.exeacketiX VPN Command-Line Admin Tool 2.0
"{8FA445E6-6E21-4416-8667-3EE206899F08}"= TCP:C:\Program Files\PacketiX VPN Client\vpncmd.exeacketiX VPN Command-Line Admin Tool 2.0
"{87A11D79-6AE3-4D47-BADE-8BBFF3BFA838}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8DE39791-46C5-44E6-8B33-6B5D48A77BF5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{EEDF5954-8D56-4F05-ADC2-B4032FA7C27C}"= UDP:990:LocalSubnet:LocalSubnet|IF={6DD97007-C586-4AE3-A652-A902BE57C65D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{3D76E9E1-2CE5-4E59-B43F-1719BC0F423A}"= UDP:990:LocalSubnet:LocalSubnet|IF={6DD97007-C586-4AE3-A652-A902BE57C65D}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{CE6ADCFC-924D-4883-A326-9F52043100CE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{CB05F04C-50B7-4FF2-9014-F0EC8B4A46C9}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{E2E347E9-C34F-4091-A2B6-4B11B9C375AE}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{B0AEECDB-6AAD-4B6C-AC45-C3721DD0CC57}"= UDP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{ECFFA305-82D8-4CFB-8248-AA9C69C95213}"= TCP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game
"{A915D24B-3D55-4FBD-B619-2ABBED0742D5}"= UDP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher
"{A9EDF80C-27BE-437B-8344-30BD508571A4}"= TCP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher

R0 hotcore3;hotcore3;C:\Windows\system32\drivers\hotcore3.sys [2007-05-11 17:06]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 14:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 09:33]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-13 22:07]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 10:43]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 10:31]
S3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 18:43]
S3 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-02-23 18:57]
S3 Neo_vpn;VPN Client Device Driver - vpn;C:\Windows\system32\DRIVERS\Neo_0124.sys [2008-01-04 09:03]
S3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2007-07-16 17:15]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2007-12-23 02:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07f17f68-766d-11dc-aa19-001d920da28b}]
\shell\AutoRun\command - F:\Eautorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6f1a56-b9dc-11dc-915e-001060d0928e}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ec9b728-7cbb-11dc-8997-001d920da28b}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c923b5da-f234-11dc-bdb7-001060d0928e}]
\shell\AutoRun\command - N:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-04 15:17:01 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-07-09 08:05:38 C:\Windows\Tasks\User_Feed_Synchronization-{C5F77192-7FA0-4F87-901F-3555954CE41E}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-07-08 22:47:03 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Re,

Tu veux garder Boonty ? Si oui ne fais pas le script suivant et dis-le moi.

Ouvre Spybot , clique sur l'onglet Mode et choisis Mode Avancé
Ne tiens pas compte de l'avertissement
En bas à gauche , clique sur Outils
Toujours dans la colonne de gauche , clique sur Résident ( pas dans la fenêtre centrale )
Et décoche l'option Resident "TeaTimer" (Tu pourras la recocher lorsque nous aurons terminé)

*******

Télécharge Flash Disinfector (de sUBs) sur ton Bureau.

• Connecte tous les périphériques externes. ( DD , USB , ..... )
• Double clique sur Flash Disinfector et laisse toi guider.

********

Sélectionne l'intégralité du cadre ci-dessous :

• Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
• Enregistre le sous sur ton bureau sous le nom de CFScript.txt
• Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

• Cela va relancer Combofix.
• ComboFix créera ces fichiers sur ton Bureau :

- Un fichier zippé nommé Submit [Date Time].zip
- Un second fichier nommé - CF-Submit.htm

• ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
• Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
• Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
• Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :

- Clique sur le bouton "Browse"("Parcourir" ) et navigue vers le fichier
Submit [Date Time].zip qui est sur ton Bureau.
- Clique sur le fichier afin de le sélectionner.

• Soumets le fichier en cliquant "OK"
• Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.

Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

**********

- Poste de travail/outils/option des dossiers/affichage/cocher afficher les fichiers et dossiers cachés/Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d%u2019exploitation./Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu/Appliquer - - > OK

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser ce(s) fichier(s) sur ce site >> Virustotal <<

• Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\Windows\tosOBEX.INI
• Clique maintenant sur Envoyer le fichier.
• Poste le rapport (De Fichier *** reçu le *** jusqu'à SHA1 : ***)
• Fais la même chose avec ces fichiers : C:\Windows\WirelessFTP.INI, C:\Windows\MediaR38.dll

je t'envoi comme convenu le rapport combofix apres avoir effectué toutes les manips. Merci de m'aider. Le test sur virustotal est en cours je te tiens au courant quand se sera terminé. Encore merci pour tout.

ComboFix 08-07-07.3 - bruno 2008-07-09 22:47:56.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2186 [GMT 2:00]
Endroit: C:\Users\bruno\Desktop\ComboFix.exe
Command switches used :: C:\Users\bruno\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\BOONTYGames
C:\Program Files\BOONTYGames\Components\bureau.url
C:\Program Files\BOONTYGames\Components\Joystick.ico
C:\Program Files\BOONTYGames\Components\start.url
C:\Program Files\Common Files\BOONTY Shared
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
C:\Program Files\Gamenext
C:\Program Files\GamesBar
C:\ProgramData\GamesBar
C:\Users\bruno\AppData\Roaming\inst.exe
C:\VundoFix Backups
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\drivers\downld
C:\Windows\system32\irhndhxr.dll
C:\Windows\system32\JSAHQXyb.ini
C:\Windows\System32\JSAHQXyb.ini2
C:\Windows\System32\nXGMlkkj.ini
C:\Windows\System32\nXGMlkkj.ini2
C:\Windows\system32\xwqfixsm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés 2008-06-09 to 2008-07-09 ))))))))))))))))))))))))))))))))))))
.

2008-07-08 23:23 . 2008-07-08 23:23 <REP> d-------- C:\Program Files\Trend Micro
2008-07-08 22:33 . 2008-07-08 22:48 153 --a------ C:\Windows\wininit.ini
2008-07-08 12:04 . 2006-03-17 11:45 1,757,184 --a------ C:\Windows\System32\imagX7.dll
2008-07-08 12:04 . 2006-03-17 11:45 802,816 --a------ C:\Windows\System32\imagXRA7.dll
2008-07-08 12:04 . 2006-03-17 11:45 497,296 --a------ C:\Windows\System32\imagXpr7.dll
2008-07-08 12:04 . 2006-03-17 14:49 368,640 --a------ C:\Windows\System32\TwnLib4.dll
2008-07-08 12:04 . 2006-03-17 11:45 258,048 --a------ C:\Windows\System32\imagXR7.dll
2008-07-03 17:28 . 2008-07-07 21:33 54,156 --ah----- C:\Windows\QTFont.qfn
2008-07-03 17:28 . 2008-07-03 17:28 1,409 --a------ C:\Windows\QTFont.for
2008-07-02 18:06 . 2008-07-02 18:06 <REP> d-------- C:\Program Files\Eidos Interactive
2008-07-01 11:23 . 2008-07-01 11:23 <REP> d-------- C:\Program Files\MagicISO
2008-06-27 11:09 . 2008-06-28 09:05 <REP> d-------- C:\Program Files\GUILD WARS
2008-06-24 00:57 . 2008-06-24 00:57 0 --a------ C:\Windows\tosOBEX.INI
2008-06-23 22:32 . 2008-07-05 13:39 99 --a------ C:\Windows\WirelessFTP.INI
2008-06-23 19:32 . 2008-06-23 19:32 <REP> d-------- C:\Users\bruno\AppData\Roaming\DivX
2008-06-23 19:32 . 2008-06-28 13:39 69 --a------ C:\Windows\NeroDigital.ini
2008-06-23 15:14 . 2008-06-23 15:14 <REP> d-------- C:\Program Files\pspvideo9
2008-06-23 15:10 . 2008-06-23 15:10 <REP> d-------- C:\Program Files\DVD Decrypter
2008-06-22 22:54 . 2008-06-26 22:19 <REP> d-------- C:\divx
2008-06-22 22:52 . 2008-06-22 22:52 <REP> d-------- C:\Program Files\DivX
2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\Users\All Users\Recisio
2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\ProgramData\Recisio
2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\Program Files\KaraFun
2008-06-21 23:59 . 2008-06-21 23:59 <REP> d-------- C:\Program Files\Common Files\Autodata Limited Shared
2008-06-20 12:51 . 2006-06-21 18:38 2,507,776 --a------ C:\Windows\MediaDico38Dll.dll
2008-06-20 12:51 . 2006-05-08 16:02 208,992 --a------ C:\Windows\RACHook38.dll
2008-06-20 12:51 . 2006-05-24 15:59 199,680 --a------ C:\Windows\MediaR38.dll
2008-06-20 12:51 . 2008-06-20 12:54 1,976 --a------ C:\Windows\MediaR38.ini
2008-06-20 07:33 . 2008-06-23 07:59 <REP> d-------- C:\Program Files\Cheatbook Database 2008
2008-06-17 10:30 . 2008-06-17 10:30 <REP> d-------- C:\Users\bruno\TaoUSign
2008-06-15 08:28 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-15 08:27 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-15 08:27 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-15 08:27 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-13 21:08 . 2008-06-27 11:09 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-06-13 21:08 . 2008-06-27 11:09 <REP> d-------- C:\ProgramData\Media Center Programs
2008-06-13 21:08 . 2008-06-13 21:08 <REP> d-------- C:\Program Files\Common Files\BioWare
2008-06-13 20:54 . 2008-06-13 21:28 <REP> d-------- C:\Program Files\Mass Effect
2008-06-12 09:46 . 2008-06-12 09:46 <REP> d-------- C:\Program Files\Happyneuron
2008-06-11 16:39 . 2008-06-11 16:39 <REP> d-------- C:\Program Files\Real
2008-06-11 16:39 . 2008-06-11 16:39 <REP> d-------- C:\Program Files\Common Files\xing shared
2008-06-11 16:39 . 2008-06-11 16:39 <REP> d-------- C:\Program Files\Common Files\Real
2008-06-11 10:59 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 10:59 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 10:59 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 10:59 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-09 10:04 . 2008-06-09 10:04 0 --a------ C:\Windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 20:33 17,952 ----a-w C:\Windows\system32\drivers\stwrte.log
2008-07-09 20:32 --------- d-----w C:\Users\bruno\AppData\Roaming\Azureus
2008-07-09 09:16 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-09 09:15 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 11:05 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-08 10:30 --------- d-----w C:\Users\bruno\AppData\Roaming\Ahead
2008-07-08 10:04 --------- d-----w C:\Program Files\Nero
2008-07-08 10:04 --------- d-----w C:\Program Files\Common Files\Nero