Ok je vais faire tout ça
Merci pour votre réponse.

Bon voila les 2 rapports de RSIT, mais, sur virus total je comprend pas ce que je doit faire puisque je ne trouve pas le fichier que malwarebytes détecte à l'emplacement c\windows\system32\


le premier

Packardbell_EcoBtn-->C:\Program Files\InstallShield Installation Information\{7DBCD0B0-F5E1-4072-9B68-EBF32B322756}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver V6.0.1.5643-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AUDIO*
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Realtek PCI-E Gigabit Ethernet Driver V6.206.0502.2008-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LAN*
Registry First Aid-->"C:\Program Files\RFA\unins000.exe"
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *RICOH*
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Satsuki Decoder Pack 4000-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
Snagit 9.1.1-->MsiExec.exe /I{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Synaptics Pointing Device driver Ver11.0.4.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *TOUCHPAD*
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThreatFire-->"C:\Program Files\ThreatFire\unins000.exe"
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
USB 2.0 1.3M UVC WebCam Camera driver V61.005.029.190-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CAMERA*
USB 2.0 1.3M UVC WebCam-->C:\Windows\Uninstsxga.bat
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VDownloader 0.82-->"C:\Program Files\VDOWNLOADER\unins000.exe"
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
X10 Hardware(TM)-->C:\Windows\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
ZebHelpProcess 2.33.12-->"C:\Program Files\ZebHelpProcess\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ThreatFire
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender
AS: ThreatFire
AS: Spyware Terminator (disabled)

======System event log======

Computer Name: PC-de-vince
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB949246(Update) à l’état Installation demandée(Install Requested)
Record Number: 11426
Source Name: Microsoft-Windows-Servicing
Time Written: 20090211225507.000000-000
Event Type: Avertissement
User: PC-de-vince\vince

Computer Name: PC-de-vince
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB949246(Update) à l’état Installation demandée(Install Requested)
Record Number: 11381
Source Name: Microsoft-Windows-Servicing
Time Written: 20090211225507.000000-000
Event Type: Avertissement
User: PC-de-vince\vince

Computer Name: PC-de-vince
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB949246(Update) à l’état Installation demandée(Install Requested)
Record Number: 11371
Source Name: Microsoft-Windows-Servicing
Time Written: 20090211225507.000000-000
Event Type: Avertissement
User: PC-de-vince\vince

Computer Name: PC-de-vince
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB949246(Update) à l’état Installation demandée(Install Requested)
Record Number: 11368
Source Name: Microsoft-Windows-Servicing
Time Written: 20090211225507.000000-000
Event Type: Avertissement
User: PC-de-vince\vince

Computer Name: PC-de-vince
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB949246(Update) à l’état Installation demandée(Install Requested)
Record Number: 11364
Source Name: Microsoft-Windows-Servicing
Time Written: 20090211225507.000000-000
Event Type: Avertissement
User: PC-de-vince\vince

=====Application event log=====

Computer Name: PC-de-vince
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 932
Source Name: Microsoft-Windows-WMI
Time Written: 20090211201024.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-vince
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2732191490-1574391756-320303621-1000:
Process 644 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2732191490-1574391756-320303621-1000

Record Number: 914
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090211200803.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-vince
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 824
Source Name: Microsoft-Windows-WMI
Time Written: 20090211193951.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-vince
Event Code: 1008
Message: Le service Windows Search tente de supprimer l’ancien catalogue.

Record Number: 820
Source Name: Microsoft-Windows-Search
Time Written: 20090211193948.000000-000
Event Type: Avertissement
User:

Computer Name: WIN-HB7TQM54BZG
Event Code: 1036
Message: Échec de InitializePrintProvider pour le fournisseur inetpp.dll. Cela peut se produire à la suite d’une instabilité du système ou d’une insuffisance des ressources système.
Record Number: 797
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090211193713.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Security event log=====

Computer Name: WIN-HB7TQM54BZG
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : WIN-HB7TQM54BZG$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x2f4
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 312
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081022100802.820138-000
Event Type: Succès de l'audit
User:

Computer Name: WIN-HB7TQM54BZG
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 311
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081022100802.320938-000
Event Type: Succès de l'audit
User:

Computer Name: WIN-HB7TQM54BZG
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : WIN-HB7TQM54BZG$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x2f4
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 310
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081022100802.320938-000
Event Type: Succès de l'audit
User:

Computer Name: WIN-HB7TQM54BZG
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : WIN-HB7TQM54BZG$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x2f4
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 309
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081022100802.320938-000
Event Type: Succès de l'audit
User:

Computer Name: WIN-HB7TQM54BZG
Event Code: 1102
Message: Le journal d’audit a été effacé.
Objet :
ID de sécurité : S-1-5-21-3416539466-1500581427-4180331500-500
Nom de compte : Administrator
Nom de domaine : WIN-HB7TQM54BZG
ID de connexion : 0x3047e
Record Number: 308
Source Name: Microsoft-Windows-Eventlog
Time Written: 20081022100752.539738-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------

le deuxième


Logfile of random's system information tool 1.06 (written by random/random)
Run by vince at 2009-06-29 22:10:04
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 187 GB (83%) free of 226 GB
Total RAM: 3070 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:18, on 29/06/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\Packardbell\EcoBtn\EcoBtn.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\vince\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\vince.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9136
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9136
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [ThreatFire] "C:\Program Files\ThreatFire\TFTray.exe"
O4 - HKLM\..\Run: [Skytel] "Skytel.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O13 - Gopher Prefix:
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.807.15159 (GoogleDesktopManager-071508-051939) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
End of file - 9101 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Maintenance en 1 clic.job
C:\Windows\tasks\Malwarebytes' Scheduled Scan for vince.job
C:\Windows\tasks\Malwarebytes' Scheduled Update for vince.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll [2009-03-12 68936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-25 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2009-04-24 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-16 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-05-07 178712]
"HControlUser"=C:\Program Files\ATK Hotkey\HcontrolUser.exe [2008-01-11 98304]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-22 24064]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-06-13 6183456]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-05-04 209153]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-06 1041704]
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2009-06-19 259344]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-06-17 414992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-06-17 1287440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-22 68856]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-12-12 1840424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-12-02 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfagent]
C:\Program Files\RFA\rfagent.exe [2008-11-24 916800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2008-02-04 1038136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^vince^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-29 22:10:04 ----D---- C:\rsit
2009-06-29 22:10:04 ----D---- C:\Program Files\trend micro
2009-06-29 21:31:43 ----A---- C:\Windows\system32\mwmhfi.txt
2009-06-28 17:59:08 ----D---- C:\Program Files\WinRAR
2009-06-28 13:59:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-27 20:47:00 ----D---- C:\Program Files\PDFConverterDesktop
2009-06-25 23:01:15 ----D---- C:\Program Files\MSSOAP
2009-06-25 23:01:15 ----D---- C:\Program Files\Common Files\MSSoap
2009-06-25 23:00:59 ----D---- C:\Program Files\Webroot
2009-06-23 22:33:18 ----D---- C:\Program Files\Lavalys
2009-06-14 19:57:42 ----D---- C:\Users\vince\AppData\Roaming\Megaupload
2009-06-14 19:52:58 ----D---- C:\Program Files\Megaupload
2009-06-14 19:51:39 ----D---- C:\Users\vince\AppData\Roaming\InstallShield
2009-06-13 20:51:41 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-12 22:00:22 ----A---- C:\Windows\system32\TUProgSt.exe
2009-06-12 22:00:19 ----A---- C:\Windows\system32\uxtuneup.dll
2009-06-12 22:00:18 ----A---- C:\Windows\system32\authuitu.dll
2009-06-12 22:00:13 ----A---- C:\Windows\system32\TuneUpDefragService.exe
2009-06-12 21:59:54 ----D---- C:\Users\vince\AppData\Roaming\TuneUp Software
2009-06-12 21:59:07 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-06-12 21:59:04 ----D---- C:\ProgramData\TuneUp Software
2009-06-12 21:58:21 ----SHD---- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-12 19:20:14 ----D---- C:\Program Files\JRE
2009-06-10 13:02:43 ----A---- C:\Windows\system32\mshtml.dll
2009-06-10 13:02:43 ----A---- C:\Windows\system32\ieframe.dll
2009-06-10 13:02:42 ----A---- C:\Windows\system32\wininet.dll
2009-06-10 13:02:42 ----A---- C:\Windows\system32\urlmon.dll
2009-06-10 13:02:42 ----A---- C:\Windows\system32\iertutil.dll
2009-06-10 13:02:42 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-10 13:02:41 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-10 13:02:41 ----A---- C:\Windows\system32\ieui.dll
2009-06-10 13:02:40 ----A---- C:\Windows\system32\iesetup.dll
2009-06-10 13:02:40 ----A---- C:\Windows\system32\iernonce.dll
2009-06-10 13:02:40 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-10 13:02:38 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 13:02:36 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-09 23:56:48 ----D---- C:\Users\vince\AppData\Roaming\vlc
2009-06-07 14:15:44 ----D---- C:\ProgramData\TechSmith
2009-06-07 14:15:39 ----D---- C:\Program Files\TechSmith
2009-06-07 14:05:13 ----D---- C:\Users\vince\AppData\Roaming\OpenCandy
2009-06-03 22:57:22 ----D---- C:\ProgramData\WindowsSearch
2009-06-03 21:10:39 ----D---- C:\Users\vince\AppData\Roaming\FrostWire
2009-05-30 14:36:42 ----D---- C:\Program Files\WinClamAVShield
2009-05-30 13:33:30 ----D---- C:\Users\vince\AppData\Roaming\Spyware Terminator
2009-05-30 13:33:27 ----D---- C:\ProgramData\Spyware Terminator
2009-05-30 13:33:27 ----D---- C:\Program Files\Spyware Terminator

======List of files/folders modified in the last 1 months======

2009-06-29 22:10:17 ----D---- C:\Windows\prefetch
2009-06-29 22:10:04 ----RD---- C:\Program Files
2009-06-29 22:09:59 ----D---- C:\Windows\Temp
2009-06-29 21:49:54 ----D---- C:\Program Files\ZebHelpProcess
2009-06-29 21:31:43 ----D---- C:\Windows\system32\drivers
2009-06-29 21:31:43 ----AD---- C:\Windows\System32
2009-06-29 21:09:55 ----AD---- C:\ProgramData\TEMP
2009-06-29 14:01:01 ----D---- C:\Program Files\Mozilla Firefox
2009-06-29 13:02:41 ----AD---- C:\Windows
2009-06-29 12:45:06 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-06-29 12:41:19 ----D---- C:\Program Files\SpywareBlaster
2009-06-28 23:45:10 ----D---- C:\Program Files\totalcmd
2009-06-28 21:40:22 ----D---- C:\Windows\inf
2009-06-28 21:40:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-28 21:19:40 ----D---- C:\Windows\Tasks
2009-06-28 21:19:40 ----D---- C:\Windows\system32\Tasks
2009-06-28 17:37:25 ----D---- C:\ProgramData\RFA_backups
2009-06-28 17:20:05 ----D---- C:\ProgramData\Lavasoft
2009-06-28 17:20:05 ----D---- C:\Program Files\Lavasoft
2009-06-28 17:19:11 ----SHD---- C:\Windows\Installer
2009-06-28 17:19:06 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-28 15:19:20 ----D---- C:\ProgramData\Avira
2009-06-28 15:17:43 ----SHD---- C:\System Volume Information
2009-06-27 20:51:14 ----D---- C:\Windows\system32\catroot2
2009-06-26 21:32:40 ----A---- C:\Users\vince\AppData\Roaming\QuickZip45.ini
2009-06-25 23:24:47 ----HD---- C:\ProgramData
2009-06-25 23:24:46 ----RD---- C:\Users
2009-06-25 23:01:40 ----A---- C:\Windows\win.ini
2009-06-25 23:01:15 ----D---- C:\Program Files\Common Files
2009-06-24 21:02:52 ----D---- C:\Program Files\ThreatFire
2009-06-24 13:08:37 ----D---- C:\Windows\Microsoft.NET
2009-06-24 12:57:30 ----D---- C:\Windows\winsxs
2009-06-24 12:57:30 ----D---- C:\Program Files\Internet Explorer
2009-06-24 12:56:23 ----D---- C:\Windows\system32\catroot
2009-06-21 21:48:56 ----D---- C:\Users\vince\AppData\Roaming\dvdcss
2009-06-21 21:29:06 ----D---- C:\Program Files\DivX
2009-06-21 21:11:48 ----D---- C:\Program Files\a-squared Free
2009-06-16 17:37:44 ----D---- C:\Program Files\Unlocker
2009-06-14 19:52:57 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-13 21:54:51 ----D---- C:\Windows\system32\config
2009-06-13 14:05:03 ----D---- C:\Windows\pss
2009-06-12 19:22:27 ----D---- C:\Program Files\OpenOffice.org 3
2009-06-12 19:21:45 ----RSD---- C:\Windows\assembly
2009-06-12 19:20:27 ----RSD---- C:\Windows\Fonts
2009-06-10 13:08:33 ----D---- C:\Windows\ehome
2009-06-10 13:08:32 ----D---- C:\Windows\system32\migration
2009-06-09 23:55:01 ----D---- C:\Program Files\VideoLAN
2009-06-07 14:04:59 ----D---- C:\Program Files\VDOWNLOADER
2009-06-07 14:04:51 ----D---- C:\Users\vince\AppData\Roaming\Desktopicon
2009-06-04 00:04:48 ----SHD---- C:\boot
2009-06-01 18:51:12 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-05-04 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-04 96104]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2009-05-30 142592]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-04 28376]
R2 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-05-04 55640]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 RMCAST;Pilote du protocole RMCAT PGMP; C:\Windows\system32\DRIVERS\RMCAST.sys [2009-04-11 113664]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-10 3839488]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GearAspiWDM;GEARAspiWDM; C:\Windows\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-13 2152344]
R3 itecir;ITECIR Infrared Receiver; C:\Windows\system32\DRIVERS\itecir.sys [2007-12-18 54784]
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2009-06-17 19096]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-06-26 3662848]
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2008-05-29 146848]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-06 198960]
R3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2009-06-19 33552]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-22 23040]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-10-22 507904]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-22 30208]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-10-22 149504]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-05-02 122368]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-05-04 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-04 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-04 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-04 432897]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-02 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-06-10 692224]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-05-07 354840]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-06-17 195856]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2009-06-19 70928]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-22 647680]
S3 GoogleDesktopManager-071508-051939;Google Desktop Manager 5.7.807.15159; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-10-22 24064]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 182768]
S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-06-21 718880]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
S4 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S4 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-05-30 487424]
S4 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-06-12 361216]
S4 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2009-06-12 604416]

-----------------EOF-----------------

Télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser­-combofix

Voila, j'ai fait ce que vous m'avez dit voila le rapport, et j'ai refait un scan rapide avec malwarebites mais backdoor est toujours là


ComboFix 09-06-29.02 - vince 29/06/2009 23:14:14.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1922 [GMT 2:00]
Lancé depuis: C:\Users\vince\Desktop\ComboFix.exe
AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: ThreatFire *disabled* (Updated) {79E34F8F-D0AD-48d6-9223-C657C6491F67}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-06-29 ))))))))))))))))))))))))))))))))))))
.

2009-06-29 21:19:36 . 2009-06-29 21:19:45 0 d-----w- C:\Users\vince\AppData\Local\temp
2009-06-29 21:19:36 . 2009-06-29 21:19:36 0 d-----w- C:\Users\Administrateur\AppData\Local\te­mp
2009-06-29 21:19:36 . 2009-06-29 21:19:36 0 d-----w- C:\Users\Administrateur.PC-de-vince\AppD­ata\Local\temp
2009-06-29 20:10:04 . 2009-06-29 20:10:20 0 d-----w- C:\rsit
2009-06-29 20:10:04 . 2009-06-29 20:10:18 0 d-----w- C:\Program Files\trend micro
2009-06-28 12:00:01 . 2009-06-17 09:27:56 38160 ----a-w- C:\Windows\system32\drivers\mbamswis­sarmy.sys
2009-06-28 11:59:59 . 2009-06-28 19:20:42 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-28 11:59:59 . 2009-06-17 09:27:44 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys­
2009-06-27 18:47:00 . 2009-06-28 20:18:31 0 d-----w- C:\Program Files\PDFConverterDesktop
2009-06-25 21:01:15 . 2009-06-25 21:01:15 0 d-----w- C:\Program Files\MSSOAP
2009-06-25 21:00:59 . 2009-06-25 21:00:59 0 d-----w- C:\Program Files\Webroot
2009-06-25 20:54:17 . 2009-06-25 20:54:23 164 ----a-w- C:\Windows\install.dat
2009-06-23 20:33:18 . 2009-06-23 20:33:18 0 d-----w- C:\Program Files\Lavalys
2009-06-16 19:21:39 . 2009-06-16 19:21:39 456304 ----a-w- C:\ProgramData\Google\Google Toolbar\Update\gtb7081.tmp.exe
2009-06-14 17:57:42 . 2009-06-14 17:57:42 0 d-----w- C:\Users\vince\AppData\Roaming\Megauploa­d
2009-06-14 17:52:58 . 2009-06-14 17:52:58 0 d-----w- C:\Program Files\Megaupload
2009-06-14 17:51:39 . 2009-06-14 17:51:39 0 d-----w- C:\Users\vince\AppData\Roaming\InstallSh­ield
2009-06-13 18:51:41 . 2009-06-13 18:51:46 0 d-----w- C:\Program Files\Common Files\DivX Shared
2009-06-12 20:00:22 . 2009-06-12 20:00:22 604416 ----a-w- C:\Windows\system32\TUProgSt.exe
2009-06-12 20:00:19 . 2009-04-27 12:21:36 28928 ----a-w- C:\Windows\system32\uxtuneup.dll
2009-06-12 20:00:18 . 2009-04-27 12:21:44 17152 ----a-w- C:\Windows\system32\authuitu.dll
2009-06-12 20:00:13 . 2009-06-12 20:00:13 361216 ----a-w- C:\Windows\system32\TuneUpDefragSer­vice.exe
2009-06-12 19:59:54 . 2009-06-12 19:59:54 0 d-----w- C:\Users\vince\AppData\Roaming\TuneUp Software
2009-06-12 19:59:07 . 2009-06-12 19:59:42 0 d-----w- C:\Program Files\TuneUp Utilities 2009
2009-06-12 19:59:04 . 2009-06-12 19:59:04 0 d-----w- C:\ProgramData\TuneUp Software
2009-06-12 19:58:21 . 2009-06-12 19:58:21 0 d-sh--w- C:\ProgramData\{55A29068-F2CE-456C-9148-­C869879E2357}
2009-06-12 17:20:14 . 2009-06-12 17:20:14 0 d-----w- C:\Program Files\JRE
2009-06-09 21:56:48 . 2009-06-09 21:58:01 0 d-----w- C:\Users\vince\AppData\Roaming\vlc
2009-06-07 12:15:44 . 2009-06-07 12:15:44 0 d-----w- C:\ProgramData\TechSmith
2009-06-07 12:15:39 . 2009-06-07 12:15:39 0 d-----w- C:\Users\vince\AppData\Local\TechSmith
2009-06-07 12:15:39 . 2009-06-07 12:15:39 0 d-----w- C:\Program Files\TechSmith
2009-06-07 12:05:13 . 2009-06-07 12:06:01 25354165 ----a-w- C:\Users\vince\AppData\Roaming\Op­enCandy\SnagItWrapperfr.exe
2009-06-07 12:05:13 . 2009-06-07 12:05:13 0 d-----w- C:\Users\vince\AppData\Roaming\OpenCandy­
2009-06-03 20:57:22 . 2009-06-03 20:57:22 0 d-----w- C:\ProgramData\WindowsSearch
2009-06-03 19:10:39 . 2009-06-07 11:47:21 0 d-----w- C:\Users\vince\AppData\Roaming\FrostWire­

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 20:57:48 . 2008-10-22 09:05:26 12 ----a-w- C:\Windows\bthservsdp.dat
2009-06-29 19:49:54 . 2009-05-29 17:06:53 0 d-----w- C:\Program Files\ZebHelpProcess
2009-06-29 13:03:39 . 2009-04-01 17:09:13 1356 ----a-w- C:\Users\vince\AppData\Local\d3d9caps­.dat
2009-06-29 10:45:06 . 2009-02-15 01:02:10 0 d-----w- C:\ProgramData\Spybot - Search & Destroy
2009-06-29 10:41:19 . 2009-04-29 18:07:38 0 d-----w- C:\Program Files\SpywareBlaster
2009-06-28 21:45:10 . 2009-05-17 20:26:28 0 d-----w- C:\Program Files\totalcmd
2009-06-28 21:43:19 . 2009-02-14 12:51:26 1 ----a-w- C:\Users\vince\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-28 20:14:54 . 2009-05-30 11:33:30 0 d-----w- C:\Users\vince\AppData\Roaming\Spyware Terminator
2009-06-28 20:14:54 . 2009-05-30 11:33:27 0 d-----w- C:\Program Files\Spyware Terminator
2009-06-28 19:40:22 . 2008-10-22 18:46:25 669566 ----a-w- C:\Windows\system32\perfh00C.dat
2009-06-28 19:40:22 . 2008-10-22 18:46:25 123556 ----a-w- C:\Windows\system32\perfc00C.dat
2009-06-28 15:37:25 . 2009-05-03 16:50:54 0 d-----w- C:\ProgramData\RFA_backups
2009-06-28 15:20:05 . 2009-03-26 11:47:31 0 d-----w- C:\ProgramData\Lavasoft
2009-06-28 15:20:05 . 2009-03-26 11:47:31 0 d-----w- C:\Program Files\Lavasoft
2009-06-28 15:19:06 . 2009-04-21 18:17:00 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-28 13:19:20 . 2009-02-22 21:01:29 0 d-----w- C:\ProgramData\Avira
2009-06-28 11:57:30 . 2009-05-30 12:36:42 0 d-----w- C:\Program Files\WinClamAVShield
2009-06-26 19:02:53 . 2009-05-30 11:33:27 0 d-----w- C:\ProgramData\Spyware Terminator
2009-06-24 19:02:52 . 2009-05-26 20:20:06 0 d-----w- C:\Program Files\ThreatFire
2009-06-21 19:48:56 . 2009-02-12 23:51:58 0 d-----w- C:\Users\vince\AppData\Roaming\dvdcss
2009-06-21 19:29:06 . 2009-03-03 19:13:27 0 d-----w- C:\Program Files\DivX
2009-06-21 19:11:48 . 2009-05-22 21:31:17 0 d-----w- C:\Program Files\a-squared Free
2009-06-19 20:37:29 . 2009-05-26 20:20:06 46864 ----a-w- C:\Windows\system32\drivers\TfSysMon.sys
2009-06-19 20:37:28 . 2009-05-26 20:20:06 33552 ----a-w- C:\Windows\system32\drivers\TfNetMon.sys
2009-06-19 20:37:27 . 2009-05-26 20:20:06 51984 ----a-w- C:\Windows\system32\drivers\TfFsMon.sys
2009-06-16 15:37:44 . 2009-04-28 17:35:00 0 d-----w- C:\Program Files\Unlocker
2009-06-14 17:52:57 . 2008-10-22 09:17:33 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-06-12 17:26:35 . 2009-02-11 19:51:07 73568 ----a-w- C:\Users\vince\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-12 17:22:27 . 2009-02-11 20:52:35 0 d-----w- C:\Program Files\OpenOffice.org 3
2009-06-09 21:55:01 . 2009-02-11 21:00:36 0 d-----w- C:\Program Files\VideoLAN
2009-06-07 12:04:59 . 2009-02-11 20:58:36 0 d-----w- C:\Program Files\VDOWNLOADER
2009-06-07 12:04:51 . 2009-04-28 17:35:01 0 d-----w- C:\Users\vince\AppData\Roaming\Desktopicon
2009-05-30 11:33:31 . 2009-05-30 11:33:31 6144 ----a-w- C:\ProgramData\Spyware Terminator\sp_rsdel.exe
2009-05-30 11:33:30 . 2009-05-30 11:33:30 5632 ----a-w- C:\ProgramData\Spyware Terminator\fileobjinfo.sys
2009-05-30 11:33:30 . 2009-05-30 11:33:30 142592 ----a-w- C:\Windows\system32\drivers\sp_rsdrv2.sys
2009-05-29 18:02:04 . 2009-05-26 20:20:06 0 d-----w- C:\ProgramData\PC Tools
2009-05-29 17:07:29 . 2009-05-29 17:07:29 0 d-----w- C:\Program Files\Common Files\Borland Shared
2009-05-27 10:57:28 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Calendar
2009-05-27 10:57:28 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-05-27 10:57:27 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Sidebar
2009-05-27 10:57:26 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Journal
2009-05-27 10:57:26 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Collaboration
2009-05-27 10:57:25 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Photo Gallery
2009-05-27 10:57:22 . 2006-11-02 12:37:34 0 d-----w- C:\Program Files\Windows Defender
2009-05-27 10:56:36 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
2009-05-22 20:41:12 . 2009-05-17 20:26:28 0 d-----w- C:\Users\vince\AppData\Roaming\GHISLER
2009-05-16 18:28:09 . 2009-05-16 18:28:09 0 d-----w- C:\ProgramData\AVS4YOU
2009-05-16 18:27:41 . 2009-05-16 18:27:18 0 d-----w- C:\Program Files\AVS4YOU
2009-05-16 18:27:39 . 2009-03-03 12:10:38 0 d-----w- C:\Program Files\Common Files\AVSMedia
2009-05-16 11:01:35 . 2009-05-15 20:44:16 0 d-----w- C:\Users\vince\AppData\Roaming\NeoDivX2008
2009-05-15 20:57:07 . 2009-05-15 20:52:24 0 d-----w- C:\Program Files\NeoDivX2009
2009-05-15 20:52:31 . 2009-05-15 20:52:24 0 d-----w- C:\Users\vince\AppData\Roaming\NeoDivX2009
2009-05-15 10:37:11 . 2009-05-15 10:37:11 0 d-----w- C:\ProgramData\SlySoft
2009-05-09 05:50:28 . 2009-06-10 11:02:42 915456 ----a-w- C:\Windows\system32\wininet.dll
2009-05-09 05:34:34 . 2009-06-10 11:02:40 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-05-06 23:14:16 . 2009-05-06 23:14:16 27977008 ----a-w- C:\Windows\system32\snagitfr.exe
2009-05-05 20:56:51 . 2009-02-17 22:41:27 0 d-----w- C:\Program Files\RegSeeker
2009-05-05 20:38:41 . 2009-05-05 20:38:41 0 d-----w- C:\Program Files\VS Revo Group
2009-05-04 21:09:57 . 2009-05-04 21:09:57 0 d-----w- C:\Users\vince\AppData\Roaming\Avira
2009-05-04 21:04:13 . 2009-05-04 21:04:13 0 d-----w- C:\Program Files\Avira
2009-05-04 21:02:43 . 2009-05-04 21:04:14 96104 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2009-05-04 21:02:42 . 2009-05-04 21:04:14 55640 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2009-05-01 21:02:28 . 2009-05-01 21:02:28 90112 ----a-w- C:\Windows\system32\dpl100.dll
2009-05-01 21:02:26 . 2009-05-01 21:02:26 823296 ----a-w- C:\Windows\system32\divx_xx0c.dll
2009-05-01 21:02:26 . 2009-05-01 21:02:26 823296 ----a-w- C:\Windows\system32\divx_xx07.dll
2009-05-01 21:02:26 . 2009-05-01 21:02:26 815104 ----a-w- C:\Windows\system32\divx_xx0a.dll
2009-05-01 21:02:26 . 2009-05-01 21:02:26 811008 ----a-w- C:\Windows\system32\divx_xx16.dll
2009-05-01 21:02:26 . 2009-05-01 21:02:26 802816 ----a-w- C:\Windows\system32\divx_xx11.dll
2009-05-01 21:02:26 . 2009-05-01 21:02:26 685056 ----a-w- C:\Windows\system32\DivX.dll
2009-05-01 20:22:43 . 2009-05-01 20:22:43 0 d-----w- C:\Users\vince\AppData\Roaming\Malwarebytes
2009-05-01 20:22:37 . 2009-05-01 20:22:37 0 d-----w- C:\ProgramData\Malwarebytes
2009-05-01 15:47:24 . 2009-05-01 15:47:24 0 d-----w- C:\Users\vince\AppData\Roaming\FreeLanguageTranslator
2009-05-01 15:47:12 . 2009-05-01 15:47:11 98534 ----a-r- C:\Users\vince\AppData\Roaming\Microsoft\Installer\{420058C0-ACDE-4FC1-980C-F3823E9F1BA7}\_7D51EA2244C5115E67DCCF.exe
2009-05-01 15:47:11 . 2009-05-01 15:47:12 0 d-----w- C:\Program Files\FreeLanguageTranslator
2009-05-01 15:47:11 . 2009-05-01 15:47:11 98534 ----a-r- C:\Users\vince\AppData\Roaming\Microsoft\Installer\{420058C0-ACDE-4FC1-980C-F3823E9F1BA7}\_C9D4E05D763437E2020F76.exe
2009-05-01 15:47:11 . 2009-05-01 15:47:11 98534 ----a-r- C:\Users\vince\AppData\Roaming\Microsoft\Installer\{420058C0-ACDE-4FC1-980C-F3823E9F1BA7}\_6FEFF9B68218417F98F549.exe
2009-05-01 15:47:11 . 2009-05-01 15:47:11 1078 ----a-r- C:\Users\vince\AppData\Roaming\Microsoft\Installer\{420058C0-ACDE-4FC1-980C-F3823E9F1BA7}\_8FB0A1AF382AEC832DA851.exe
2009-04-29 10:38:43 . 2009-04-29 10:38:43 86576 ----a-w- C:\Users\vince\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-04-29 10:38:43 . 2009-04-29 10:38:43 392728 ----a-w- C:\Users\vince\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-04-29 10:38:43 . 2009-04-29 10:38:43 132672 ----a-w- C:\Users\vince\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-04-23 21:00:45 . 2009-02-26 18:34:13 472 ----a-w- C:\Users\vince\AppData\Roaming\wklnhst.dat
2009-04-23 12:15:07 . 2009-06-10 11:02:36 784896 ----a-w- C:\Windows\system32\rpcrt4.dll
2009-04-23 12:14:10 . 2009-06-10 11:02:38 623616 ----a-w- C:\Windows\system32\localspl.dll
2009-04-21 11:39:47 . 2009-06-10 11:02:45 2034688 ----a-w- C:\Windows\system32\win32k.sys
2009-04-17 14:58:28 . 2009-04-21 18:30:52 954368 ----a-w- C:\Users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 14:58:28 . 2009-04-21 18:30:52 103424 ----a-w- C:\Users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 14:58:28 . 2009-04-21 18:30:48 344064 ----a-w- C:\Users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-17 14:58:26 . 2009-04-21 18:30:52 1161626 ----a-w- C:\Users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 14:58:26 . 2009-04-21 18:30:51 65536 ----a-w- C:\Users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 14:58:26 . 2009-04-21 18:30:49 71652 ----a-w- C:\Users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 14:58:26 . 2009-04-21 18:30:49 4579328 ----a-w- C:\Users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 14:58:26 . 2009-04-21 18:30:49 4534272 ----a-w- C:\Users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 14:58:26 . 2009-04-21 18:30:48 131868 ----a-w- C:\Users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
2009-04-12 14:25:57 . 2009-04-12 14:25:57 0 ----a-w- C:\Windows\nsreg.dat
2009-04-11 06:33:19 . 2009-05-27 10:41:11 986600 ----a-w- C:\Windows\system32\winload.exe
2009-04-11 06:33:19 . 2009-05-27 10:40:51 926184 ----a-w- C:\Windows\system32\winresume.exe
2009-04-11 06:33:03 . 2009-05-27 10:40:30 292840 ----a-w- C:\Windows\system32\drivers\volmgrx.sys
2009-04-11 06:33:02 . 2009-05-27 10:41:09 897000 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2009-04-11 06:33:02 . 2009-05-27 10:40:56 614376 ----a-w- C:\Windows\system32\ci.dll
2009-04-11 06:28:28 . 2009-05-27 10:40:54 56320 ----a-w- C:\Windows\system32\xmlfilter.dll
2009-05-01 21:02:48 . 2009-05-01 21:02:48 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02:48 . 2009-05-01 21:02:48 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
2008-10-22 18:49:46 . 2008-10-22 18:49:44 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-06-29_20.59.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-29 20:58:37 . 2009-06-29 20:58:37 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-23 23:30:17 . 2009-06-29 20:59:38 262144 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-02-23 23:30:17 . 2009-06-29 20:58:51 262144 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28:19 114176 ----a-w- C:\Windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 15:41:12 178712]
"HControlUser"="C:\Program Files\ATK Hotkey\HcontrolUser.exe" [2008-01-11 20:40:10 98304]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 10:17:18 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-06 11:04:20 1041704]
"RtHDVCpl"="RtHDVCpl.exe" - C:\Windows\RtHDVCpl.exe [2008-06-13 05:52:52 6183456]
"Skytel"="Skytel.exe" - C:\Windows\SkyTel.exe [2007-11-20 10:15:58 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^vince^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe"
"toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a4,0c,ce,8b,ba,de,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A72F6AF9-0AC5-4273-A9B3-1DB241E1FC84}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{BB2069BC-52EB-47D4-B0EB-2726049EBF3E}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{F0960BB4-C161-40E8-BC61-F781A4FD809B}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{8CD664D3-EDCE-48E4-AFE9-5992E17A0060}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{C56D9643-C10F-4F40-ADA9-EE6037D6F69E}"= UDP:C:\Program Files\a-squared Free\a2free.exe:a-squared Free
"{88E0FFA0-5015-4E48-834E-4FE2001F3C3E}"= TCP:C:\Program Files\a-squared Free\a2free.exe:a-squared Free
"TCP Query User{1754B518-2C19-4715-AFA2-84329AAEBD6D}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{7C17D77E-7CDC-454E-BD7A-84BE2F3FC54F}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"TCP Query User{D095A04C-F068-40A6-B58C-AE5D44D77042}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{E74733D2-7AEF-414C-BAFB-0255DDF48B43}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [26/05/2009 22:20:06 51984]
R0 TfSysMon;TfSysMon;C:\Windows\System32\drivers\TfSysMon.sys [26/05/2009 22:20:06 46864]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\System32\drivers\sp_rsdrv2.sys [30/05/2009 13:33:30 142592]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 00:45:04 124832]
R2 AntiVirMailService;Avira AntiVir MailGuard;C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [04/05/2009 23:04:13 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;C:\Program Files\Avira\AntiVir Desktop\sched.exe [04/05/2009 23:04:14 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe [04/05/2009 23:04:13 432897]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23:43 21504]
R2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [28/06/2009 14:00:04 195856]
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service --> C:\Program Files\ThreatFire\TFService.exe service [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [22/10/2008 11:25:47 54784]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [28/06/2009 13:59:59 19096]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\System32\drivers\NETw5v32.sys [18/07/2008 12:47:23 3662848]
R3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [26/05/2009 22:20:06 33552]
R3 X10Hid;X10 Hid Device;C:\Windows\System32\drivers\x10hid.sys [22/10/2008 11:28:57 13976]
S3 GoogleDesktopManager-071508-051939;Google Desktop Manager 5.7.807.15159;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [22/10/2008 11:59:21 24064]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [10/03/2009 20:21:52 1153368]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;C:\Windows\System32\TUProgSt.exe [12/06/2009 22:00:22 604416]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-06-28 C:\Windows\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:42:06 . 2009-04-27 13:42:06]

2009-06-29 C:\Windows\Tasks\Malwarebytes' Scheduled Scan for vince.job
- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-06-28 12:00:01 . 2009-06-17 09:27:48]

2009-06-28 C:\Windows\Tasks\Malwarebytes' Scheduled Update for vince.job
- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-06-28 12:00:01 . 2009-06-17 09:27:48]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.sfr.fr/kit/adsl/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
LSP: C:\Program Files\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - C:\Users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://france.meteofrance.com/france/meteo?PREVISIONS_PORTLET.path=previsionsville%2F470010%2F|http://mail2.voila.fr/webmail/fr_FR/inbox.html?PAGE=1&FromSubmit=true
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: C:\Users\vince\AppData\Roaming\Mozilla\Firefox\Profiles\p3akc9he.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 23:19:45
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\Users\vince\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,e1,ac,6f,1f,4b,09,49,83,29,a2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,e1,ac,6f,1f,4b,09,49,83,29,a2,\

[HKEY_LOCAL_MACHINE\software\Classes\Applications\WINWORD.EXE\TaskbarExceptionsIcons]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\ProxyStubClsid]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\ProxyStubClsid32]
@DACL=(02 0000)
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\TypeLib]
@DACL=(02 0000)
"Version"="1.0"
@="{47A7A4B0-2723-41BA-865E-EBBB7081A602}"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(712)
C:\Program Files\ThreatFire\TFWAH.dll

- - - - - - - > 'lsass.exe'(660)
C:\Program Files\ThreatFire\TFWAH.dll

- - - - - - - > 'Explorer.exe'(4004)
C:\Program Files\ThreatFire\TFWAH.dll
C:\Windows\system32\PortableDeviceTypes.dll
.
Heure de fin: 2009-06-29 23:23:34
ComboFix-quarantined-files.txt 2009-06-29 21:23:30

Avant-CF: 195 539 226 624 octets libres
Après-CF: 195 428 786 176 octets libres

318 --- E O F --- 2009-06-24 10:57:47

Bon voila j'ai resolu mon probleme, en fet c'est un faux positif ou un beugue de malwarebytes.
J'ai trouvé ici
http://fvsm.forumperso.com/probleme-d-infection-f23/backdoor­bot-t2301.htm
buy

Ok effectivement les rapports sont bon


lance tool cleaner pour virer ce qui a été utilisé


http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

Merci pour votre aide

Bonne suite