Forum-vista : Entraide et dépannage Windows Vista et Windows Seven

Bonjour,

quand je met en marche mon pc , ce message d'erreur s'affiche:
entrée manquante run
erreur dans c:/users/bruno/app data/local/temp/npqybgfx.dll

merci de votre aide .
akim78

Bonjour.
Il s'agit de trace d'une infection.
Télécharge Hijackthis de Trend Micro:
http://www.trendsecure.com/portal/en-US ... e=download
Installes-le.
Il sera dans C:\Program Files\TrendMicro\HijackThis2.0.2\HijackThis.exe

Lances-le par Do a system scan and save a logfile.
A la fin du scan, un blocnote va s'ouvrir, enregistre le sous HJT1.txt.
Puis sans le fermer :
CTRL+A pour tout sélectionner
CTRL+C pour copier
CTRL+V pour coller dans la réponse
Tu le refermes pour le moment.
Tu attends les résultats de l'analyse.

@+

tout d'abord je te remercie d'avoir répondu aussi rapidement.
voici le rapport de hijackhis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:53, on 13/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\IEeREAD.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\bruno\AppData\Local\Temp\npqybgfx.dll",run
O4 - HKCU\..\Run: [300edbe6] rundll32.exe "C:\Users\bruno\AppData\Local\Temp\fimicjet.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM333de87a] Rundll32.exe "C:\Users\bruno\AppData\Local\Temp\jidvgvsd.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/on ... /fscax.cab
O16 - DPF: {71D413D7-38C5-4035-8548-976522CF11D5} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcVistaBeta.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF58E7AB-7DB0-4DAF-9D77-C9E56023EBB8}: NameServer = 213.36.80.1,212.216.172.62
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10849 bytes

En espérant que tu as la solution.
merci d'avance.
akim78

Bonsoir

Désactive Tea-Timer que tu réactiveras en fin de coup.


Il faut déjà finir la désinstallation de Norton.
Dans Démarrer, tu tapes services.msc dans la barre de recherche et Entrée.
Tu arrêtes ces deux là :

Symantec Lic NetConnect service (CLTNetCnService)
LiveUpdate - Symantec Corporation
Et tu double-cliques dessus et dans Type de démarrage, tu optes pour Désactiver.

Tu cliques droit sur Hijackthis et tu le lances par Exécuter en tant qu'administrateur (Elévation des privilèges)

Dans Open the misc tools section, Delete an NT service tu colles successivement :
CLTNetCnService
Et tu valides par OK sans tenir compte de l'avertissement.
Puis avec LiveUpdate

Tu reviens à la page d'accueil par Main menu et Do a system scan only et tu coches :

O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\bruno\AppData\Local\Temp\npqybgfx.dll",run
O4 - HKCU\..\Run: [300edbe6] rundll32.exe "C:\Users\bruno\AppData\Local\Temp\fimicjet.dll",b
O4 - HKCU\..\Run: [BM333de87a] Rundll32.exe "C:\Users\bruno\AppData\Local\Temp\jidvgvsd.dll",s

Tu cliques sur Fix checked et tu refermes Hijackthis.

Télécharge OTMoveIt2 : http://download.bleepingcomputer.com/ol ... oveIt2.exe
Sur ton bureau. Important.

Lance OtMoveIt, il ne nécessite pas d'installation. Mais avec élévation des privilèges.

Tu inscris (ou tu colles) le chemin du fichier/dossier à supprimer (C'est à dire ce qui suit)dans la fenêtre de gauche, cadre du haut , en-tête bleu
(Paste Standard List of Files/Folders to Move) et tu cliques sur MoveIt! (en rouge).
(La case Unregister Dll's and OCX's doit être cochée.)

C:\Users\bruno\AppData\Local\Temp\npqybgfx.dll
C:\Users\bruno\AppData\Local\Temp\fimicjet.dll
C:\Users\bruno\AppData\Local\Temp\jidvgvsd.dll
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Symantec

Le résultat apparaitra dans le cadre Results à droite.
Clique sur Exit pour fermer.
Un rapport sera enregistré dans C:\\_OTMoveIt\MovedFiles.(xxxxxxxx_xxxxxx.log)
Les x sont des chiffres qui correspondent à la date et l'heure du scan.
Redémarre le pc et poste le rapport avec un nouveau rapport Hijackthis.

Mets à jour Java:
-Java Runtime Environment (JRE)6u5 :
http://java.sun.com/javase/downloads/index.jsp
Clique sur Download Java Runtime Environment (JRE) 6 update 5
Dans la page suivante, choisis Windows dans Platform coche I agree to the Java SE Runtime Environment 6 License Agreement et Continue
Dans la nouvelle page, coche Windows Offline Installation, et clique sur jre-6u5-windows-i586-p.exe //15.18 MB.
Tu l'installeras hors connexion.
Dans Démarrer, tape appwiz.cpl, puis Entrée et supprime toutes les autres versions.

@+

Bonsoir Nardino,

Voici le rapport de Otmovelt:
DllUnregisterServer procedure not found in C:\Users\bruno\AppData\Local\Temp\npqybgfx.dll
C:\Users\bruno\AppData\Local\Temp\npqybgfx.dll NOT unregistered.
C:\Users\bruno\AppData\Local\Temp\npqybgfx.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\bruno\AppData\Local\Temp\fimicjet.dll
C:\Users\bruno\AppData\Local\Temp\fimicjet.dll NOT unregistered.
C:\Users\bruno\AppData\Local\Temp\fimicjet.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\bruno\AppData\Local\Temp\jidvgvsd.dll
C:\Users\bruno\AppData\Local\Temp\jidvgvsd.dll NOT unregistered.
C:\Users\bruno\AppData\Local\Temp\jidvgvsd.dll moved successfully.
Folder move failed. C:\Program Files\Common Files\Symantec Shared\CCPD-LC scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Common Files\Symantec Shared scheduled to be moved on reboot.
File/Folder C:\Program Files\Symantec not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03132008_233128

Voici le nouveau rapport de Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06:13, on 14/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\IEeREAD.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\WebHook.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [300edbe6] rundll32.exe "C:\Users\bruno\AppData\Local\Temp\fimicjet.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/on ... /fscax.cab
O16 - DPF: {71D413D7-38C5-4035-8548-976522CF11D5} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcVistaBeta.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF58E7AB-7DB0-4DAF-9D77-C9E56023EBB8}: NameServer = 213.36.80.1,212.216.172.62
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9383 byt
Dans l 'attente de ta réponse ,te remerciant d'avance.
akim78

Je viens de redémarrer mon pc et un nouveau message s'affiche:
run dll
erreur de chargement de
c:/Users/bruno/AppData/Local/Temp/fimicjet.dll
le module spécifié est introuvable
Je pense que c 'est toujours du à un virus.
Merci de votre réponse.
akim78

Bonsoir,
Désactive l'UAC le temps du scan avec le programme suivant :

Vois ici : http://www.forum-vista.net/tutoriaux_vi ... ac-t66.htm

Télécharge Combofix de sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sur ton bureau

Ferme toutes les fenêtres
Double-clique sur ComboFix.exe (ne clique pas sur la fenêtre qui s'ouvre)
Appuie sur Y pour lancer le scan
Il y aura un redémarrage assez lent, ne t'en inquiète pas.
A la fin du scan (cela peut prendre du temps), un rapport sera créé.
Poste ce rapport dans ton prochain message.

@+

Bonjour nardino:
voici le rapport de combo fix:

ComboFix 08-03-14.4 - bruno 2008-03-15 10:28:36.1 - NTFSx86
Endroit: C:\Users\bruno\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~2\Microsoft\Network\Downloader\qmgr0.dat
C:\PROGRA~2\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\internet explorer\svchost.exe
C:\Windows\system32\ddcawwx.dll

----- BITS: Possible sites infectés -----

hxxp://rad.msn.com
hxxp://ads1.msn.com
hxxp://ads.msn.com
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-15 to 2008-03-15 ))))))))))))))))))))))))))))))))))))
.

2008-03-14 00:32 . 2008-03-14 00:33 <REP> d-------- C:\Program Files\Java
2008-03-14 00:31 . 2008-03-14 00:31 <REP> d-------- C:\Program Files\Common Files\Java
2008-03-13 23:27 . 2008-03-13 23:27 <REP> d-------- C:\_OTMoveIt
2008-03-13 21:41 . 2008-03-13 21:41 <REP> d-------- C:\Program Files\Trend Micro
2008-03-12 23:43 . 2007-03-07 03:51 543,232 --a------ C:\Windows\System32\FWPUCLNT.DLL
2008-03-12 23:43 . 2007-03-07 03:51 416,768 --a------ C:\Windows\System32\IKEEXT.DLL
2008-03-12 23:43 . 2007-03-07 03:51 317,440 --a------ C:\Windows\System32\BFE.DLL
2008-03-12 23:43 . 2007-03-07 03:08 84,992 --a------ C:\Windows\System32\drivers\FWPKCLNT.SYS
2008-03-12 23:14 . 2008-03-12 23:14 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-03-12 23:14 . 2008-03-12 23:14 286,720 --a------ C:\Windows\PATCH.EXE
2008-03-12 23:14 . 2008-03-12 23:14 69,689 --a------ C:\Windows\UNZIP.DLL
2008-03-12 22:06 . 2008-03-12 22:05 691,545 --a------ C:\Windows\unins000.exe
2008-03-12 22:06 . 2008-03-12 22:06 2,543 --a------ C:\Windows\unins000.dat
2008-03-12 21:59 . 2008-03-12 23:47 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-12 21:59 . 2008-03-12 22:35 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-12 21:59 . 2008-03-12 23:47 <REP> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-03-12 14:11 . 2008-03-12 14:11 127 --a------ C:\Windows\System32\MRT.INI
2008-03-11 21:16 . 2007-12-16 23:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-11 21:16 . 2007-12-16 10:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-09 16:41 . 2008-03-09 16:41 <REP> d-------- C:\Garmin
2008-03-03 20:52 . 2008-03-03 20:52 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-03-03 20:52 . 2008-03-03 20:52 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-03-03 20:33 . 2008-03-03 20:33 <REP> d-------- C:\Program Files\Atari
2008-03-03 20:33 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-02-26 23:46 . 2008-03-11 23:51 <REP> d-------- C:\Users\bruno\AppData\Roaming\LimeWire
2008-02-26 23:41 . 2008-02-26 23:41 <REP> d-------- C:\Program Files\real
2008-02-26 23:41 . 2008-02-26 23:45 <REP> d-------- C:\Program Files\eREAD6.0
2008-02-26 05:01 . 2008-02-26 01:21 13,019,234 --a------ C:\Program Files\LimeWire_Pro_v4.17.1.exe
2008-02-23 15:11 . 2008-02-23 16:21 <REP> d-------- C:\Users\bruno\AppData\Roaming\DAEMON Tools
2008-02-23 15:11 . 2008-02-23 15:12 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-17 22:24 . 2008-02-17 22:24 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-02-17 19:56 . 2008-02-17 19:56 <REP> d-------- C:\Program Files\Alcohol Soft
2008-02-17 19:53 . 2008-02-23 15:04 716,272 --a------ C:\Windows\System32\drivers\sptd.sys
2008-02-16 09:55 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 09:11 --------- d-----w C:\Users\bruno\AppData\Roaming\Azureus
2008-03-13 23:48 --------- d-----w C:\Program Files\Azureus
2008-03-13 21:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-12 13:13 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 13:12 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-03-11 21:03 --------- d-----w C:\PROGRA~2\Roxio
2008-03-03 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 21:09 --------- d-----w C:\Program Files\MumboJumbo
2008-02-14 02:09 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:09 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:06 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:06 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:06 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:06 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:06 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:06 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 02:06 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:05 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:05 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:05 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:05 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:05 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:05 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:05 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 02:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 16:43 --------- d-----w C:\Users\bruno\AppData\Roaming\Roxio
2008-02-13 13:00 --------- d-----w C:\PROGRA~2\NVIDIA
2008-02-12 13:16 --------- d-----w C:\Program Files\7-Zip
2008-02-10 21:58 --------- d-----w C:\PROGRA~2\Azureus
2008-02-02 20:26 --------- d-----w C:\Program Files\World of Warcraft
2008-01-28 22:28 --------- d-----w C:\Program Files\Seagate
2008-01-28 22:20 --------- d-----w C:\Program Files\Packard Bell ImageWriter
2008-01-28 22:14 --------- d-----w C:\Program Files\Picasa2
2008-01-28 22:14 --------- d-----w C:\PROGRA~2\Templates
2008-01-28 22:14 --------- d-----w C:\PROGRA~2\Start Menu
2008-01-28 22:14 --------- d-----w C:\PROGRA~2\Favorites
2008-01-28 22:14 --------- d-----w C:\PROGRA~2\Documents
2008-01-28 22:14 --------- d-----w C:\PROGRA~2\Desktop
2008-01-28 22:14 --------- d-----w C:\PROGRA~2\Application Data
2008-01-28 21:53 108 ----a-w C:\Users\bruno\AppData\Roaming\wklnhst.dat
2008-01-28 21:51 --------- d-----w C:\Users\bruno\AppData\Roaming\Template
2008-01-28 19:31 --------- d-----w C:\Program Files\Alwil Software
2008-01-28 19:24 --------- d-----w C:\Program Files\Packard Bell
2008-01-28 19:20 --------- d-----w C:\Program Files\Norton 360
2008-01-28 19:16 --------- d-----w C:\Users\bruno\AppData\Roaming\Packard Bell
2008-01-28 05:53 --------- d-----w C:\Program Files\Google
2008-01-27 19:27 --------- d-----w C:\Users\bruno\AppData\Roaming\vlc
2008-01-27 19:27 --------- d-----w C:\Program Files\VideoLAN
2008-01-17 23:47 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-17 23:47 --------- d-----w C:\Program Files\Windows Live
2008-01-17 23:39 --------- d-----w C:\PROGRA~2\WLInstaller
2008-01-17 23:06 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-14 23:50 174 --sha-w C:\Program Files\desktop.ini
2008-01-14 23:33 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-14 23:33 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-14 23:33 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-14 23:33 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-14 23:30 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-14 23:29 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-14 23:29 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-14 23:28 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-14 23:28 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-14 23:28 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-14 23:26 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-14 23:24 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-14 23:24 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-14 23:24 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-14 23:22 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-14 23:18 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-14 22:43 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-14 22:43 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-14 22:43 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-14 22:43 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-14 22:43 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-14 22:43 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-14 22:43 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-14 22:42 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-14 22:42 163,000 ----a-w C:\Windows\System32\wuwebv.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
2007-06-28 17:25 57344 --a------ C:\Program Files\eREAD6.0\IEeREAD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
2008-02-01 10:20 57224 --a------ C:\Program Files\eREAD6.0\WebHook.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-15 00:24 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 14:32 1120568]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:20 222080]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 00:41 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 16:10 4468736 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 17:51 1826816 C:\Windows\SkyTel.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-05 15:27 243200]
"MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 22:36 102400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 02:18 366400]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 02:18 366400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6F2E429B-260A-4637-8CAC-290135432830}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{3C7ADA1D-7C82-42D3-9640-E09E3EDDA0CF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15F7B2CA-08B1-4995-B7D6-2C91D1F950E9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B84FAE59-CDAB-4F86-9DB6-9D978261C5F1}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{183C7C33-E9E2-44FB-8186-C21A78B740CD}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D9324D67-BC57-44EA-B15C-2D5801145201}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{46923A38-E3D6-4E62-A612-CEC744DC7155}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{13EE9AD3-1333-40AE-A301-4585ACC80E5E}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{AEE78464-69EE-447D-A875-9991FBFD3E5C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{30F8CDD2-3203-4A5D-AA3A-EECEBD4C1EE1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-15 09:30:04 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-03-14 20:23:29 C:\Windows\Tasks\User_Feed_Synchronization-{9A5BDC7B-D560-4A56-9786-9E77B2AC356D}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-15 10:31:20
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-15 10:32:34
ComboFix-quarantined-files.txt 2008-03-15 09:32:31
.
2008-03-13 20:06:46 --- E O F ---

Bonsoir,

Peux-tu m'indiquer à quoi te servent ces programmes : eREAD6.0 et AdVantage ?
Merci

Toujours avec l'UAC désactivé et l'élévation des privilèges.

**Hijackthis**

Lance Hijackthis par Do a system scan only, sans autre application lancée.
Coche les lignes suivantes :

O4 - HKCU\..\Run: [300edbe6] rundll32.exe "C:\Users\bruno\AppData\Local\Temp\fimicjet.dll",b

Clique sur Fix checked et referme le programme.

**Script Combofix**

- Ouvre le bloc-note et colles-y les lignes écrites ci-dessous :
Veille à ce que Retour à la ligne ne soit pas coché dans Format.

Folder::
C:\Users\bruno\AppData\Roaming\Template

File::
C:\Users\bruno\AppData\Roaming\wklnhst.dat
C:\Users\bruno\AppData\Roaming\Template
C:\Users\bruno\AppData\Local\Temp\fimicjet.dll

- Enregistre-le sous CFScript.txt, sur le bureau
- Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe
http://i34.servimg.com/u/f34/11/05/93/83/cfscri11.gif
- Combofix va se lancer et faire redémarrer l'ordinateur.
- Poste le rapport Combofix2.txt qui est dans C:\Combofix et un nouveau rapport HijackThis.
- Donne des infos sur l'évolution de tes problèmes.

@+

Bonsoir,
Je viens de démarrer mon pc et je n'ai plus aucun message d'erreur.
Je te remercie de tes conseils précieux car grace à toi je n 'aurais pas à formater mon pc.
Merci pour tout.
akim78

Bonsoir,
Je t'ai demandé des rapports et posé des questions, si tu veux mener à terme la désinfection essaie au moins de respecter le travail de recherche que j'ai fourni.
Merci.
@+

Bonsoir Nardino ,
je pensais que le pc était désinfecté, désolé,je me prenche dessus à l'instant et je t 'envoie rapport dés que possible.
Akim

eREAD6.0 est un programme sur les mangas mais il est anglais;je pense que c 'est mon fils qui a du l'installer mais je ne sais pas à quoi il sert.
Pour AdVantage je ne le trouve pas.
Dans Hijackthis

je ne peux pas cocher cette phrase car je ne l' 'ai pas
O4 - HKCU\..\Run: [300edbe6] rundll32.exe "C:\Users\bruno\AppData\Local\Temp\fimicjet.dll",b

je t'envoie un rapport de hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:49, on 17/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\IEeREAD.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/on ... /fscax.cab
O16 - DPF: {71D413D7-38C5-4035-8548-976522CF11D5} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcVistaBeta.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF58E7AB-7DB0-4DAF-9D77-C9E56023EBB8}: NameServer = 213.36.80.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9454 bytes
maintenant je me penche sur combofix et je t'envoie le rapport dés qu 'il est fini.

voici le rapport combofixComboFix 08-03-14.4 - bruno 2008-03-17 23:11:25.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2106 [GMT 1:00]
Endroit: C:\Users\bruno\Desktop\ComboFix.exe
Command switches used :: C:\Users\bruno\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Users\bruno\AppData\Local\Temp\fimicjet.dll
C:\Users\bruno\AppData\Roaming\Template
C:\Users\bruno\AppData\Roaming\wklnhst.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\bruno\AppData\Roaming\Template
C:\Users\bruno\AppData\Roaming\Template\Normal.wpt
C:\Users\bruno\AppData\Roaming\wklnhst.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-17 to 2008-03-17 ))))))))))))))))))))))))))))))))))))
.

2008-03-14 00:32 . 2008-03-14 00:33 <REP> d-------- C:\Program Files\Java
2008-03-14 00:31 . 2008-03-14 00:31 <REP> d-------- C:\Program Files\Common Files\Java
2008-03-13 23:27 . 2008-03-13 23:27 <REP> d-------- C:\_OTMoveIt
2008-03-13 21:41 . 2008-03-13 21:41 <REP> d-------- C:\Program Files\Trend Micro
2008-03-12 23:43 . 2007-03-07 03:51 543,232 --a------ C:\Windows\System32\FWPUCLNT.DLL
2008-03-12 23:43 . 2007-03-07 03:51 416,768 --a------ C:\Windows\System32\IKEEXT.DLL
2008-03-12 23:43 . 2007-03-07 03:51 317,440 --a------ C:\Windows\System32\BFE.DLL
2008-03-12 23:43 . 2007-03-07 03:08 84,992 --a------ C:\Windows\System32\drivers\FWPKCLNT.SYS
2008-03-12 23:14 . 2008-03-12 23:14 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-03-12 23:14 . 2008-03-12 23:14 286,720 --a------ C:\Windows\PATCH.EXE
2008-03-12 23:14 . 2008-03-12 23:14 69,689 --a------ C:\Windows\UNZIP.DLL
2008-03-12 22:06 . 2008-03-12 22:05 691,545 --a------ C:\Windows\unins000.exe
2008-03-12 22:06 . 2008-03-12 22:06 2,543 --a------ C:\Windows\unins000.dat
2008-03-12 21:59 . 2008-03-12 23:47 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-12 21:59 . 2008-03-12 22:35 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-12 21:59 . 2008-03-12 23:47 <REP> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-03-12 14:11 . 2008-03-12 14:11 127 --a------ C:\Windows\System32\MRT.INI
2008-03-11 21:16 . 2007-12-16 23:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-11 21:16 . 2007-12-16 10:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-09 16:41 . 2008-03-09 16:41 <REP> d-------- C:\Garmin
2008-03-03 20:52 . 2008-03-03 20:52 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-03-03 20:52 . 2008-03-03 20:52 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-03-03 20:33 . 2008-03-03 20:33 <REP> d-------- C:\Program Files\Atari
2008-03-03 20:33 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-02-26 23:46 . 2008-03-11 23:51 <REP> d-------- C:\Users\bruno\AppData\Roaming\LimeWire
2008-02-26 23:41 . 2008-02-26 23:41 <REP> d-------- C:\Program Files\real
2008-02-26 23:41 . 2008-02-26 23:45 <REP> d-------- C:\Program Files\eREAD6.0
2008-02-26 05:01 . 2008-02-26 01:21 13,019,234 --a------ C:\Program Files\LimeWire_Pro_v4.17.1.exe
2008-02-23 15:11 . 2008-02-23 16:21 <REP> d-------- C:\Users\bruno\AppData\Roaming\DAEMON Tools
2008-02-23 15:11 . 2008-02-23 15:12 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-17 22:24 . 2008-02-17 22:24 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-02-17 19:56 . 2008-02-17 19:56 <REP> d-------- C:\Program Files\Alcohol Soft
2008-02-17 19:53 . 2008-02-23 15:04 716,272 --a------ C:\Windows\System32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 20:34 --------- d-----w C:\Users\bruno\AppData\Roaming\Azureus
2008-03-15 19:32 --------- d-----w C:\PROGRA~2\Roxio
2008-03-13 23:48 --------- d-----w C:\Program Files\Azureus
2008-03-13 21:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-12 13:13 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 13:12 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-03-03 19:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 21:09 --------- d-----w C:\Program Files\MumboJumbo
2008-02-14 02:09 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:09 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:06 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:06 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:06 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:06 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:06 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:06 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 02:06 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:05 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:05 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:05 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:05 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:05 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:05 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:05 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 02:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 16:43 --------- d-----w C:\Users\bruno\AppData\Roaming\Roxio
2008-02-13 13:00 --------- d-----w C:\PROGRA~2\NVIDIA
2008-02-12 13:16 --------- d-----w C:\Program Files\7-Zip
2008-02-10 21:58 --------- d-----w C:\PROGRA~2\Azureus
2008-02-02 20:26 --------- d-----w C:\Program Files\World of Warcraft
2008-01-28 22:28 --------- d-----w C:\Program Files\Seagate
2008-01-28 22:20 --------- d-----w C:\Program Files\Packard Bell ImageWriter
2008-01-28 22:14 --------- d-----w C:\Program Files\Picasa2
2008-01-28 22:14 --------- d-----w C:\PROGRA~2\Templates
2008-01-28 22:14 --------- d-----w C:\PROGRA~2\Start Menu
2008-01-28 22:14 --------- d-----w C:\PROGRA~2\Favorites
2008-01-28 22:14 --------- d-----w C:\PROGRA~2\Documents
2008-01-28 22:14 --------- d-----w C:\PROGRA~2\Desktop
2008-01-28 22:14 --------- d-----w C:\PROGRA~2\Application Data
2008-01-28 19:31 --------- d-----w C:\Program Files\Alwil Software
2008-01-28 19:24 --------- d-----w C:\Program Files\Packard Bell
2008-01-28 19:20 --------- d-----w C:\Program Files\Norton 360
2008-01-28 19:16 --------- d-----w C:\Users\bruno\AppData\Roaming\Packard Bell
2008-01-28 05:53 --------- d-----w C:\Program Files\Google
2008-01-27 19:27 --------- d-----w C:\Users\bruno\AppData\Roaming\vlc
2008-01-27 19:27 --------- d-----w C:\Program Files\VideoLAN
2008-01-17 23:47 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-17 23:47 --------- d-----w C:\Program Files\Windows Live
2008-01-17 23:39 --------- d-----w C:\PROGRA~2\WLInstaller
2008-01-17 23:06 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-14 23:50 174 --sha-w C:\Program Files\desktop.ini
2008-01-14 23:33 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-14 23:33 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-14 23:33 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-14 23:33 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-14 23:30 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-14 23:29 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-01-14 23:29 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-01-14 23:28 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-14 23:28 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-14 23:28 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-14 23:26 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-14 23:24 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-01-14 23:24 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-01-14 23:24 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-14 23:22 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-14 23:18 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-14 22:43 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-14 22:43 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-14 22:43 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-14 22:43 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-14 22:43 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-14 22:43 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-14 22:43 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-01-14 22:42 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-14 22:42 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
.

((((((((((((((((((((((((((((( snapshot_2008-03-17_22.44.39,70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-17 21:41:34 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-17 22:10:49 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-17 21:29:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-17 22:06:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-17 21:29:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-17 22:06:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-17 21:29:13 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-17 22:06:29 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]
2007-06-28 17:25 57344 --a------ C:\Program Files\eREAD6.0\IEeREAD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]
2008-02-01 10:20 57224 --a------ C:\Program Files\eREAD6.0\WebHook.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-15 00:24 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 14:32 1120568]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:20 222080]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-06 00:41 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 16:10 4468736 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 17:51 1826816 C:\Windows\SkyTel.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-05 15:27 243200]
"MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 22:36 102400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 17:20 28672]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 02:18 366400]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 02:18 366400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6F2E429B-260A-4637-8CAC-290135432830}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{3C7ADA1D-7C82-42D3-9640-E09E3EDDA0CF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{15F7B2CA-08B1-4995-B7D6-2C91D1F950E9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B84FAE59-CDAB-4F86-9DB6-9D978261C5F1}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{183C7C33-E9E2-44FB-8186-C21A78B740CD}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D9324D67-BC57-44EA-B15C-2D5801145201}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{46923A38-E3D6-4E62-A612-CEC744DC7155}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{13EE9AD3-1333-40AE-A301-4585ACC80E5E}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{AEE78464-69EE-447D-A875-9991FBFD3E5C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{30F8CDD2-3203-4A5D-AA3A-EECEBD4C1EE1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 15:52]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-17 22:00:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-03-17 22:01:09 C:\Windows\Tasks\User_Feed_Synchronization-{9A5BDC7B-D560-4A56-9786-9E77B2AC356D}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 23:13:03
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-17 23:14:11
ComboFix-quarantined-files.txt 2008-03-17 22:14:08
ComboFix2.txt 2008-03-17 21:45:11
ComboFix3.txt 2008-03-15 09:32:35
.
2008-03-13 20:06:46 --- E O F ---

nouveau rapport hijackthisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:38, on 17/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\IEeREAD.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\WebHook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/on ... /fscax.cab
O16 - DPF: {71D413D7-38C5-4035-8548-976522CF11D5} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcVistaBeta.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF58E7AB-7DB0-4DAF-9D77-C9E56023EBB8}: NameServer = 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{EF58E7AB-7DB0-4DAF-9D77-C9E56023EBB8}: NameServer = 213.36.80.1
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9501 bytes

Bonsoir.
Tout est rentré dans l'ordre.
Reste à supprimer les outils devenus inutiles.
Télécharge ToolsCleaner2 de A. Rothstein sur ton Bureau :*
http://pagesperso-orange.fr/AceRothstei ... eaner2.exe

Clique droit sur ToolsCleaner2.exe et Exécuter en tant qu'administrateur
Clique sur Recherche et la liste des outils va s'afficher.
Clique sur le bouton Suppression.
Quitter.
Un fichier C:\TCleaner.txt sera créé, postes-le

Note : ton bureau va disparaître, c'est normal.

S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"
Tape explorer.exe et valide. Cela fera réapparaître le Bureau

@+