Bonjour,

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Re,

Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ...
et valide par OK , il te sera demandé de redémarrer, fais le )

1) Télécharge BTFix (Bibi26).
Dézippe l'archive sur ton Bureau.

• Ouvre le dossier BTFix.
• Double clique sur BTFix.exe.
• Clique sur Rechercher.
• Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

2) Tu es infecté(e) par "Vundo". Supprime tous les cracks de ton PC s'ils sont présents car sinon ils relanceront l'infection.

Télécharge Vundofix (par Atribune) sur ton Bureau.

• Double-clique VundoFix.exe afin de le lancer
• Clique sur le bouton Scan for Vundo
• Lorsque le scan est complété, clique sur le bouton Remove Vundo
• Une invite te demandera si tu veux supprimer les fichiers, clique YES
• Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
• Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
• Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".

N.B : Il se peut que vundofix ne détecte rien, dans ce cas-là pas de rapport nécessaire, dis-moi juste qu'il n'a rien trouvé.

re
vundofix n' a rien trouvé

bonsoir Merillym. voici le rapport combofix .

ComboFix 08-04-15.8 - bruno 2008-04-16 20:58:14.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1699 [GMT 2:00]
Endroit: C:\Users\bruno\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 20:07 --------- d-----w C:\ProgramData\Avira
2008-04-15 20:07 --------- d-----w C:\Program Files\Avira
2008-04-14 22:00 --------- d-----w C:\Users\bruno\AppData\Roaming\LimeWire
2008-04-14 17:54 16,274 ----a-w C:\Users\bruno\winlogon.exe
2008-04-14 17:53 30,720 ----a-w C:\Windows\System32\mljhggge.dll
2008-04-14 17:20 27,335 ----a-w C:\Users\bruno\AppData\Roaming\nvModes.dat
2008-04-13 16:57 --------- d-----w C:\Program Files\LimeWire
2008-04-13 16:57 --------- d-----w C:\Program Files\Java
2008-04-13 16:55 --------- d-----w C:\Program Files\Common Files\Java
2008-04-13 16:48 --------- d-----w C:\ProgramData\Symantec
2008-04-13 16:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-13 16:46 --------- d-----w C:\Program Files\Norton 360
2008-04-10 17:25 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 19:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 18:37 148 ----a-w C:\Users\bruno\AppData\Roaming\wklnhst.dat
2008-04-05 11:03 --------- d-----w C:\Users\bruno\AppData\Roaming\Template
2008-04-02 19:46 --------- d-----w C:\Users\bruno\AppData\Roaming\Shareaza
2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
2008-03-29 17:35 20,560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 17:31 75,856 ----a-w C:\Windows\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2008-03-18 19:09 --------- d-----w C:\ProgramData\Kiwee Toolbar2
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-20 21:05 --------- d-----w C:\Program Files\Kiwee Toolbar2
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 20:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 20:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 20:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 20:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 20:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 20:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 20:08 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 20:08 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 20:08 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 20:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 20:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 20:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 20:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-12-07 21:56 174 --sha-w C:\Program Files\desktop.ini
2007-09-11 14:38 65,536 --sha-w C:\Windows\oem\mp\boot\bootstat.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-16_20.46.33.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-16 18:41:58 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-16 18:56:50 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-16 18:30:27 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-16 18:47:22 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-16 18:42:29 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-16 18:54:42 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-16 18:54:42 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-16 18:37:33 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-16 18:47:28 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-16 18:42:29 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-16 18:54:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-16 18:54:42 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-16 18:30:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-16 18:44:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-16 18:30:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-16 18:44:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-16 18:30:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-16 18:44:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-16 18:36:26 107,614 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-16 18:49:20 107,614 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-16 18:36:27 122,020 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-16 18:49:20 122,020 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-16 18:36:26 618,470 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-16 18:49:20 618,470 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-16 18:36:27 700,222 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-16 18:49:20 700,222 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-04-16 18:31:43 7,032 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4162872725-2423688488-603793406-1002_UserData.bin
+ 2008-04-16 18:44:33 7,294 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4162872725-2423688488-603793406-1002_UserData.bin
- 2008-04-16 18:31:43 58,254 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-16 18:44:33 58,474 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-01-24 17:09 248976 --a------ C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F2A5F67-1C5E-4F84-9618-0FDED83D4ADE}]
C:\Users\bruno\AppData\Local\Temp\qomnoljj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll" [2008-01-24 17:09 248976]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll [2008-01-24 17:09 248976]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 19:21 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-11 16:50 1006264]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 23:36 36864]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-24 00:40 857648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 22:19 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 22:19 8478720]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 22:19 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-11 07:50 243200]
"MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 23:36 102400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"KiweeHook"="C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe" [2008-01-24 17:08 48264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
"MSServer"="C:\Windows\system32\mljhggge.dll" [2008-04-14 19:53 30720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6DC2D282-D414-435E-8A26-FF3C23AC36EF}"= C:\Windows\system32\mljhggge.dll [2008-04-14 19:53 30720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6857F4A8-EED8-4BAD-953F-EBF7F7CFD7AE}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{E37A4087-C20A-4AAE-95E3-020BD76BD09A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6CDDEF00-4C8C-40F8-83AF-F12D829F2ACC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F109A754-3C58-4DCA-8537-058EBE963067}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C7D194FA-100A-4703-BBE9-791BC4F8D0C0}C:\\program files\\yawcam\\jre\\bin\\yawcam.exe"= UDP:C:\program files\yawcam\jre\bin\yawcam.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{D7EC069C-5E0D-4BF9-9A42-4F9D53541D0B}C:\\program files\\yawcam\\jre\\bin\\yawcam.exe"= TCP:C:\program files\yawcam\jre\bin\yawcam.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{3E4EBA1A-10B9-4F1E-A45D-00624E4EE300}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"UDP Query User{C6ACC8F7-2E2B-4FE8-A525-576B77C98010}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"{68A1A102-3E08-4E61-AEDB-4D492B948FA3}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{874BD4A4-2359-4991-9DB6-886B8E8E4904}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-01-08 13:38]
S1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-09 10:00]

*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-16 18:30:08 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-04-16 18:30:08 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-16 21:01:46
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-16 21:03:18
ComboFix-quarantined-files.txt 2008-04-16 19:03:06
ComboFix2.txt 2008-04-16 18:47:21

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-15 17:52:26 --- E O F ---


puis voila le rapport hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:07, on 16/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\bruno\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O2 - BHO: (no name) - {6F2A5F67-1C5E-4F84-9618-0FDED83D4ADE} - C:\Users\bruno\AppData\Local\Temp\qomnoljj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmnoljgf.dll,#1
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/tool [...] ontrol.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8279 bytes

bonsoir merillym. voici le rapport de malwarebyte's anti-malware.

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 642

Type de recherche: Examen complet (C:\|)
Eléments examinés: 105106
Temps écoulé: 35 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{6dc2d282-d414-435e-8a26-ff3c23ac36ef} (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6dc2d282-d414-435e-8a26-ff3c23ac36ef} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\tuvwxywx.dll (Trojan.Vundo) -> No action taken.
C:\Users\bruno\AppData\Local\Temp\tmp0000ef8b (Trojan.Vundo) -> No action taken.
C:\Users\bruno\AppData\Local\Temp\tmp0000f69d (Trojan.Vundo) -> No action taken.
C:\Users\bruno\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

voila je viens de refaire le scan et il ne m' a pas détécté d' élément inféctée. où trouve ton le second rapport ?

As-tu cliqué sur "supprimer la sélection" ? Si oui poste-moi le second rapport.

bonsoir merlym. voici le rapport de systemscan.

SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn)

Running on: Windows VISTA (6000.6.0)
System directory: C:\Windows
SystemScan file: C:\Users\bruno\Desktop\sys4612.exe
Running in: User mode
Date: 18/04/2008
Time: 21:46:07

Output limited to:
-Recent files

===================== RECENT FILES =====================

Showing files newer than 60 days

----- recent files in C:\
16/04/2008 00:10:26 (DIR) 0 byte 2 days old -- VundoFix Backups
16/04/2008 00:24:56 135 byte 2 days old -- VundoFix.txt
16/04/2008 20:57:43 4544 byte 2 days old -- Bug.txt
16/04/2008 21:02:44 (DIR) 0 byte 2 days old -- QooBox
16/04/2008 21:03:20 15379 byte 2 days old -- ComboFix.txt
17/04/2008 19:50:10 (DIR) 0 byte 1 days old -- Program Files
17/04/2008 19:50:11 (DIR) 0 byte 1 days old -- ProgramData
17/04/2008 23:36:48 (DIR) 0 byte 1 days old -- System Volume Information
18/04/2008 21:38:48 -1843593216 byte 0 days old -- pagefile.sys
18/04/2008 21:38:50 (DIR)2137448448 byte 0 days old -- hiberfil.sys
18/04/2008 21:39:25 (DIR) 0 byte 0 days old -- Windows

----- recent files in C:\Windows\
20/02/2008 23:04:18 (DIR) 0 byte 58 days old -- Downloaded Program Files
22/03/2008 11:15:44 281562216 byte 27 days old -- MEMORY.DMP
22/03/2008 11:15:44 (DIR) 0 byte 27 days old -- Minidump
10/04/2008 19:25:25 15986 byte 8 days old -- setupact.log
10/04/2008 19:25:41 (DIR) 0 byte 8 days old -- AppPatch
10/04/2008 19:30:10 (DIR) 0 byte 8 days old -- winsxs
13/04/2008 18:45:13 (DIR) 0 byte 5 days old -- assembly
13/04/2008 18:57:38 (DIR) 0 byte 5 days old -- Installer
16/04/2008 00:50:15 (DIR) 0 byte 2 days old -- PIF
16/04/2008 20:38:03 1663 byte 2 days old -- BM3b81b719.txt
16/04/2008 20:40:04 (DIR) 0 byte 2 days old -- erdnt
16/04/2008 21:01:44 215 byte 2 days old -- system.ini
16/04/2008 21:06:45 33538 byte 2 days old -- PFRO.log
17/04/2008 23:42:33 628440 byte 1 days old -- ntbtlog.txt
18/04/2008 00:25:29 (DIR) 0 byte 0 days old -- System32
18/04/2008 00:25:29 (DIR) 0 byte 0 days old -- inf
18/04/2008 21:39:00 67584 byte 0 days old -- bootstat.dat
18/04/2008 21:44:46 1747698 byte 0 days old -- WindowsUpdate.log
18/04/2008 21:45:39 (DIR) 0 byte 0 days old -- TEMP
18/04/2008 21:45:47 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\Windows\Downloaded Program Files\

----- recent files in C:\Windows\system\

----- recent files in C:\Windows\system32\
19/02/2008 07:10:22 620088 byte 59 days old -- ci.dll
21/02/2008 02:53:40 1383424 byte 57 days old -- mshtml.tlb
21/02/2008 06:42:42 1831424 byte 57 days old -- inetcpl.cpl
21/02/2008 06:43:03 26624 byte 57 days old -- ieUnatt.exe
21/02/2008 06:43:03 70656 byte 57 days old -- ie4uinit.exe
21/02/2008 06:43:34 124928 byte 57 days old -- advpack.dll
21/02/2008 06:43:35 214528 byte 57 days old -- dxtrans.dll
21/02/2008 06:43:35 347136 byte 57 days old -- dxtmsft.dll
21/02/2008 06:43:35 6066176 byte 57 days old -- ieframe.dll
21/02/2008 06:43:35 63488 byte 57 days old -- icardie.dll
21/02/2008 06:43:35 296448 byte 57 days old -- gdi32.dll
21/02/2008 06:43:35 383488 byte 57 days old -- ieapfltr.dll
21/02/2008 06:43:36 27648 byte 57 days old -- jsproxy.dll
21/02/2008 06:43:36 3591680 byte 57 days old -- mshtml.dll
21/02/2008 06:43:36 478208 byte 57 days old -- mshtmled.dll
21/02/2008 06:43:36 44544 byte 57 days old -- iernonce.dll
21/02/2008 06:43:36 56320 byte 57 days old -- iesetup.dll
21/02/2008 06:43:36 180736 byte 57 days old -- ieui.dll
21/02/2008 06:43:37 671232 byte 57 days old -- mstime.dll
21/02/2008 06:43:38 44544 byte 57 days old -- pngfilt.dll
21/02/2008 06:43:41 1159680 byte 57 days old -- urlmon.dll
21/02/2008 06:43:42 826368 byte 57 days old -- wininet.dll
29/02/2008 06:16:38 2027008 byte 49 days old -- win32k.sys
29/02/2008 08:34:50 7168 byte 49 days old -- f3ahvoas.dll
29/02/2008 08:35:17 6656 byte 49 days old -- kbd106n.dll
29/02/2008 08:38:54 313856 byte 49 days old -- rstrui.exe
29/02/2008 08:38:59 16384 byte 49 days old -- srdelayed.exe
29/02/2008 08:39:13 371712 byte 49 days old -- srcore.dll
29/02/2008 08:39:13 40960 byte 49 days old -- srclient.dll
29/02/2008 08:51:24 19000 byte 49 days old -- kd1394.dll
29/03/2008 19:23:22 95608 byte 20 days old -- AvastSS.scr
29/03/2008 19:45:49 1146232 byte 20 days old -- aswBoot.exe
06/04/2008 07:56:20 19836024 byte 12 days old -- mrt.exe
10/04/2008 19:25:44 (DIR) 0 byte 8 days old -- migration
10/04/2008 19:25:50 (DIR) 0 byte 8 days old -- fr-FR
10/04/2008 19:28:36 336376 byte 8 days old -- FNTCACHE.DAT
10/04/2008 19:29:47 (DIR) 0 byte 8 days old -- catroot
13/04/2008 18:38:29 16 byte 5 days old -- coh.cache
13/04/2008 18:57:35 5534 byte 5 days old -- jupdate-1.6.0_04-b12.log
14/04/2008 23:49:07 (DIR) 0 byte 4 days old -- catroot2
15/04/2008 19:56:23 2577 byte 3 days old -- config.nt
16/04/2008 20:40:20 (DIR) 0 byte 2 days old -- config
16/04/2008 20:57:42 (DIR) 0 byte 2 days old -- en-US
16/04/2008 21:03:46 (DIR) 0 byte 2 days old -- drivers
18/04/2008 00:25:29 122020 byte 0 days old -- perfc00C.dat
18/04/2008 00:25:29 107614 byte 0 days old -- perfc009.dat
18/04/2008 00:25:29 618470 byte 0 days old -- perfh009.dat
18/04/2008 00:25:29 1538854 byte 0 days old -- PerfStringBackup.INI
18/04/2008 00:25:29 700222 byte 0 days old -- perfh00C.dat
18/04/2008 21:39:18 3072 byte 0 days old -- 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
18/04/2008 21:39:20 3072 byte 0 days old -- 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

----- recent files in C:\Windows\system32\drivers\
02/03/2008 14:07:22 (DIR) 0 byte 47 days old -- UMDF
29/03/2008 19:27:33 42912 byte 20 days old -- aswTdi.sys
29/03/2008 19:29:08 23152 byte 20 days old -- aswRdr.sys
29/03/2008 19:31:34 75856 byte 20 days old -- aswSP.sys
29/03/2008 19:32:42 50768 byte 20 days old -- aswMonFlt.sys
29/03/2008 19:35:49 20560 byte 20 days old -- aswFsBlk.sys
16/04/2008 20:42:28 (DIR) 0 byte 2 days old -- etc

----- recent files in C:\Windows\temp\
16/04/2008 21:08:04 0 byte 2 days old -- JET8C37.tmp
16/04/2008 21:22:29 15332 byte 2 days old -- lpksetup-20080416-212215-0.log
16/04/2008 21:22:29 622 byte 2 days old -- lpksetup-20080416-212229-0.log
17/04/2008 19:31:45 0 byte 1 days old -- JET756D.tmp
17/04/2008 19:46:21 15332 byte 1 days old -- lpksetup-20080417-194610-0.log
17/04/2008 19:46:22 622 byte 1 days old -- lpksetup-20080417-194621-0.log
17/04/2008 20:48:44 0 byte 1 days old -- JET5A8D.tmp
17/04/2008 21:03:02 15332 byte 1 days old -- lpksetup-20080417-210251-0.log
17/04/2008 21:03:02 622 byte 1 days old -- lpksetup-20080417-210302-0.log
18/04/2008 00:21:21 0 byte 0 days old -- JET57C0.tmp
18/04/2008 00:35:41 622 byte 0 days old -- lpksetup-20080418-003541-0.log
18/04/2008 00:35:41 15332 byte 0 days old -- lpksetup-20080418-003529-0.log
18/04/2008 21:39:57 0 byte 0 days old -- JET8101.tmp
18/04/2008 21:45:38 (DIR) 0 byte 0 days old -- _avast4_

----- recent files in C:\Program Files\
20/02/2008 23:05:08 (DIR) 0 byte 58 days old -- Kiwee Toolbar2
10/04/2008 19:25:44 (DIR) 0 byte 8 days old -- Internet Explorer
10/04/2008 19:25:53 (DIR) 0 byte 8 days old -- Windows Mail
13/04/2008 18:46:19 (DIR) 0 byte 5 days old -- Norton 360
13/04/2008 18:55:01 (DIR) 0 byte 5 days old -- Common Files
13/04/2008 18:57:35 (DIR) 0 byte 5 days old -- Java
13/04/2008 18:57:49 (DIR) 0 byte 5 days old -- LimeWire
15/04/2008 22:07:31 (DIR) 0 byte 3 days old -- Avira
17/04/2008 19:50:12 (DIR) 0 byte 1 days old -- Malwarebytes' Anti-Malware
17/04/2008 23:36:49 (DIR) 0 byte 1 days old -- Mozilla Firefox

----- recent files in C:\Program Files\Common Files\
13/04/2008 18:48:57 (DIR) 0 byte 5 days old -- Symantec Shared
13/04/2008 18:55:01 (DIR) 0 byte 5 days old -- Java

----- recent files in C:\Users\bruno\AppData\Roaming\
02/04/2008 21:46:07 (DIR) 0 byte 16 days old -- Shareaza
05/04/2008 13:03:23 (DIR) 0 byte 13 days old -- Template
05/04/2008 18:09:11 (DIR) 0 byte 13 days old -- Microsoft
06/04/2008 20:37:10 148 byte 12 days old -- wklnhst.dat
14/04/2008 19:20:03 27335 byte 4 days old -- nvModes.dat
15/04/2008 00:00:45 (DIR) 0 byte 3 days old -- LimeWire
17/04/2008 19:49:24 (DIR) 0 byte 1 days old -- Download Manager
17/04/2008 19:50:18 (DIR) 0 byte 1 days old -- Malwarebytes
18/04/2008 21:39:35 27335 byte 0 days old -- nvModes.001

----- recent files in C:\Users\bruno\AppData\Local\Temp\
16/04/2008 22:01:14 1756 byte 2 days old -- wmplog00.sqm
17/04/2008 19:48:43 (DIR) 0 byte 1 days old -- DRDld
18/04/2008 21:39:53 16384 byte 0 days old -- ~DF4A77.tmp
18/04/2008 21:39:55 (DIR) 0 byte 0 days old -- WPDNSE
18/04/2008 21:39:59 31832 byte 0 days old -- bruno.bmp
18/04/2008 21:40:05 1020 byte 0 days old -- ~ROMFN_000007DC
18/04/2008 21:44:24 865 byte 0 days old -- jusched.log
18/04/2008 21:45:08 (DIR) 0 byte 0 days old -- nsrA6CA.tmp
18/04/2008 21:45:36 34 byte 0 days old -- systemscan.ini
18/04/2008 21:45:37 16384 byte 0 days old -- ~DFA208.tmp
18/04/2008 21:45:38 (DIR) 0 byte 0 days old -- nscB193.tmp

==========================================
Scan completed in 0 minutes
End of report


~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~
SystemScan uses some freeware tools that remain property of their authors:

* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "
* dumphive (Markus Stephany)--> "Registry scan"
* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"
* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"
---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

Thanks to all of them for their hard work

bonjour merillym. voici le scan combofix



ComboFix 08-04-15.8 - bruno 2008-04-19 9:09:54.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1707 [GMT 2:00]
Endroit: C:\Users\bruno\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-19 to 2008-04-19 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 17:50 --------- d-----w C:\Users\bruno\AppData\Roaming\Malwarebytes
2008-04-17 17:50 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-17 17:50 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-17 17:49 --------- d-----w C:\Users\bruno\AppData\Roaming\Download Manager
2008-04-15 20:07 --------- d-----w C:\ProgramData\Avira
2008-04-15 20:07 --------- d-----w C:\Program Files\Avira
2008-04-14 22:00 --------- d-----w C:\Users\bruno\AppData\Roaming\LimeWire
2008-04-14 17:20 27,335 ----a-w C:\Users\bruno\AppData\Roaming\nvModes.dat
2008-04-13 16:57 --------- d-----w C:\Program Files\LimeWire
2008-04-13 16:57 --------- d-----w C:\Program Files\Java
2008-04-13 16:55 --------- d-----w C:\Program Files\Common Files\Java
2008-04-13 16:48 --------- d-----w C:\ProgramData\Symantec
2008-04-13 16:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-13 16:46 --------- d-----w C:\Program Files\Norton 360
2008-04-10 17:25 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 19:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 18:37 148 ----a-w C:\Users\bruno\AppData\Roaming\wklnhst.dat
2008-04-05 11:03 --------- d-----w C:\Users\bruno\AppData\Roaming\Template
2008-04-02 19:46 --------- d-----w C:\Users\bruno\AppData\Roaming\Shareaza
2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
2008-03-29 17:35 20,560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 17:31 75,856 ----a-w C:\Windows\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2008-03-18 19:09 --------- d-----w C:\ProgramData\Kiwee Toolbar2
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-20 21:05 --------- d-----w C:\Program Files\Kiwee Toolbar2
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 20:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 20:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 20:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 20:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 20:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 20:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 20:08 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 20:08 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 20:08 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 20:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 20:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 20:08 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 20:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-12-07 21:56 174 --sha-w C:\Program Files\desktop.ini
2007-09-11 14:38 65,536 --sha-w C:\Windows\oem\mp\boot\bootstat.dat
.

((((((((((((((((((((((((((((( snapshot_2008-04-16_21.02.44,40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-16 18:56:50 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-04-19 07:08:52 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-04-16 18:47:22 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-19 07:01:01 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-16 18:54:42 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-19 07:07:23 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-19 07:07:23 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-16 18:47:28 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-04-19 07:03:32 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-04-16 18:54:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-19 07:07:23 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-19 07:07:23 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-16 18:44:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-19 07:07:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-16 18:44:54 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-19 07:07:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-16 18:44:54 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-19 07:07:00 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-16 18:49:20 107,614 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-18 19:46:12 107,614 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-16 18:49:20 122,020 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-04-18 19:46:12 122,020 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-04-16 18:49:20 618,470 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-18 19:46:12 618,470 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-16 18:49:20 700,222 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-04-18 19:46:12 700,222 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-04-16 18:44:33 7,294 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4162872725-2423688488-603793406-1002_UserData.bin
+ 2008-04-19 07:02:15 7,550 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4162872725-2423688488-603793406-1002_UserData.bin
- 2008-04-16 18:44:33 58,474 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-19 07:02:15 59,116 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-16 18:31:42 35,950 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-19 07:02:14 36,102 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-01-24 17:09 248976 --a------ C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F2A5F67-1C5E-4F84-9618-0FDED83D4ADE}]
C:\Users\bruno\AppData\Local\Temp\qomnoljj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll" [2008-01-24 17:09 248976]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll [2008-01-24 17:09 248976]

[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 19:21 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-11 16:50 1006264]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 23:36 36864]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-24 00:40 857648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 22:19 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 22:19 8478720]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 22:19 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-11 07:50 243200]
"MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 23:36 102400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"KiweeHook"="C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe" [2008-01-24 17:08 48264]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6857F4A8-EED8-4BAD-953F-EBF7F7CFD7AE}"= C:\Program Files\CyberLink\MagicSports\MagicSports.exe:CyberLink MagicSports
"{E37A4087-C20A-4AAE-95E3-020BD76BD09A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6CDDEF00-4C8C-40F8-83AF-F12D829F2ACC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F109A754-3C58-4DCA-8537-058EBE963067}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C7D194FA-100A-4703-BBE9-791BC4F8D0C0}C:\\program files\\yawcam\\jre\\bin\\yawcam.exe"= UDP:C:\program files\yawcam\jre\bin\yawcam.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{D7EC069C-5E0D-4BF9-9A42-4F9D53541D0B}C:\\program files\\yawcam\\jre\\bin\\yawcam.exe"= TCP:C:\program files\yawcam\jre\bin\yawcam.exe:Java(TM) 2 Platform Standard Edition binary
"TCP Query User{3E4EBA1A-10B9-4F1E-A45D-00624E4EE300}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"UDP Query User{C6ACC8F7-2E2B-4FE8-A525-576B77C98010}C:\\program files\\shareaza applications\\shareaza\\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza
"{68A1A102-3E08-4E61-AEDB-4D492B948FA3}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{874BD4A4-2359-4991-9DB6-886B8E8E4904}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2007-01-08 13:38]
S1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-09 10:00]

*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-18 20:30:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-04-18 20:30:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 09:12:31
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-19 9:13:35
ComboFix-quarantined-files.txt 2008-04-19 07:13:12
ComboFix2.txt 2008-04-16 19:03:20
ComboFix3.txt 2008-04-16 18:47:21

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
.
2008-04-18 20:06:08 --- E O F ---

re, voici le rapport de OAD


19/04/2008 ---- 13:20:39,85

----------------------------------
§§§§§§ [pmnoljgf.dll] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************



*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

bonjour merillym. voici le rapport hijackthis.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:33, on 20/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Users\bruno\Desktop\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O2 - BHO: (no name) - {6F2A5F67-1C5E-4F84-9618-0FDED83D4ADE} - C:\Users\bruno\AppData\Local\Temp\qomnoljj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/tool [...] ontrol.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8495 bytes

bonjour voici le rapport hijackthis.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:01, on 21/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe
C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\bruno\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O2 - BHO: (no name) - {6F2A5F67-1C5E-4F84-9618-0FDED83D4ADE} - C:\Users\bruno\AppData\Local\Temp\qomnoljj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/tool [...] ontrol.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7873 bytes

bonsoir merillym. désolé pour le retard. voici le rapport de bitdéfender




BitDefender Online Scanner







Scan report generated at: Wed, Apr 23, 2008 - 20:53:35









Scan path: C:\;D:\;















Statistics

Time


00:33:08

Files


164087

Folders


11008

Boot Sectors


3

Archives


898

Packed Files


11862







Results

Identified Viruses


2

Infected Files


3

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


3







Engines Info

Virus Definitions


1176301

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


16

Archive plugins


42

Unpack plugins


7

E-mail plugins


6

System plugins


5







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\327882R2FWJFW\NirCmdC.cfexe


Detected with: Spyware.Tool.Nircmd.B

C:\327882R2FWJFW\NirCmdC.cfexe


Deleted

C:\Users\bruno\Desktop\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe


Detected with: Spyware.Tool.Nircmd.B

C:\Users\bruno\Desktop\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\NirCmdC.cfexe


Deleted

C:\Users\bruno\Desktop\ComboFix.exe=>(RAR Sfx o)


Update failed

C:\Users\bruno\Desktop\sys4612.exe=>(NSIS o)=>zlib_nsis0011


Infected with: DeepScan:Generic.Zlob.38B68927

C:\Users\bruno\Desktop\sys4612.exe=>(NSIS o)=>zlib_nsis0011


Disinfection failed

C:\Users\bruno\Desktop\sys4612.exe=>(NSIS o)=>zlib_nsis0011


Deleted

C:\Users\bruno\Desktop\sys4612.exe=>(NSIS o)


Update failed

le pc fonctionne bien, je n' est plus les pages d' internet qui s' ouvrée toutes seul, et avant de désinstaller avast il ne me détecter plus de virus. voici le rapport hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:12, on 23/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\bruno\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O2 - BHO: (no name) - {6F2A5F67-1C5E-4F84-9618-0FDED83D4ADE} - C:\Users\bruno\AppData\Local\Temp\qomnoljj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.2.116\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar2\1.2.116\kwtbaim.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/tool [...] ontrol.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8194 bytes

bonjour. non je ne connais pas se programme. pourquoi? c quoi se programme.

bonsoir Merillym.
voici se que sa m' affiche Virus Total quand je marque ( C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe ).

0 bytes size received / Se ha recibido un archivo vacio

bonsoir merillym.
j' ai rencontré un petit soucie quand j' ai voulu quiter toolscleaner un message d' erreur c' est afficher me marquent impossible de créer le dossier "C:\TCleaner.txt.". accès refusé.

bonsoir merillym. désolé de te déranger mais pour désactiver la restauration système le lien d' aide que tu ma donner et pour windows xp mais j' ai vista. Comment doit je faire?

re . merci encore pour tes conseils et surtout pour ton aide.je te suis très reconnaissent.

@+

oui c' est bon j' ai réussi a trouver. si sa t' intéresse voici le lien.

http://www.jenyburn.com/home/comme [...] ows-vista/


@+

Re,

Hum... tu as vérifié que tu n'as pas 36 logiciels de protection installés sur ton PC ?

Pour rappel, c'est un antispyware, un antivirus et un parefeu max par PC

Poste un log hijackthis pour vérifier si tu veux.

Bonjour,

Je ne vois rien d'alarmant.

Peux-tu être plus descriptif dans tes problèmes, car un pc ralenti c'est tout ce qu'il y a de plus vague comme description de problème

Bonjour,

Pas de souci

Tu trouveras les réponses à tes questions dans les précédents liens que je t'ai donnés.

Bonne continuation