Bonjour,
au démarrage de vista j'ai le message :
c:\ users\david\appdata\local\temp\mcmtfyvv.dll
entré manquante : run

quand j'ouvre l'explorateur, ou un répertoire ou le panneau de configuration, ceux-ci se referment aussitôt.
quand je clique sur internet explorer, je ne peux pas l'ouvrir, il faut que je l'exécute en tant qu'admin (je ne sais pas si c'est lié)
j'ajoute que j'ai des fenêtres pub intempestives.

mon anti virus est norton (verson d'essai 60 jours)

voici mon rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:19, on 23/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDE.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SA479.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\david\AppData\Local\Temp\tusro.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\david\AppData\Local\Temp\xxyvt.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\david\AppData\Local\Temp\mcmtfyvv.dll",run
O4 - HKCU\..\Run: [0ca16960] rundll32.exe "C:\Users\david\AppData\Local\Temp\eouioalq.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10897 bytes

Bonjour, ça c'est vilain.

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Double-clique combofix.exe afin de l'exécuter et suis les instructions.
• Lorsque l'analyse sera complétée, un rapport apparaîtra.
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).

Voici le résultat :
ComboFix 08-02-23.2 - david 2008-02-23 15:35:32.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1035 [GMT 1:00]
Endroit: C:\Users\david\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\KBL.LOG

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))))))))
.

2008-02-23 11:18 . 2008-02-23 11:18 <REP> d-------- C:\Program Files\Trend Micro
2008-02-22 19:18 . 2008-02-22 19:18 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-02-22 06:12 . 2008-02-22 06:12 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-22 06:12 . 2008-02-22 06:12 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-02-20 05:35 . 2008-02-20 05:35 <REP> d-------- C:\Users\david\AppData\Roaming\Media Player Classic
2008-02-18 18:24 . 2008-02-18 18:24 <REP> d-------- C:\Program Files\Yahoo!
2008-02-18 18:24 . 2008-02-18 18:24 <REP> d-------- C:\Program Files\CCleaner
2008-02-17 21:28 . 2008-02-19 06:17 <REP> d-------- C:\Users\david\AppData\Roaming\Ahead
2008-02-17 21:27 . 2008-02-17 21:27 <REP> d-------- C:\Users\All Users\Ahead
2008-02-17 21:27 . 2008-02-17 21:27 <REP> d-------- C:\ProgramData\Ahead
2008-02-17 21:25 . 2008-02-17 21:25 <REP> d-------- C:\Users\All Users\Nero
2008-02-17 21:25 . 2008-02-17 21:25 <REP> d-------- C:\ProgramData\Nero
2008-02-17 21:25 . 2008-02-17 21:25 <REP> d-------- C:\Program Files\Nero
2008-02-17 21:25 . 2008-02-17 21:27 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-02-17 09:21 . 2008-02-17 09:21 39,264 --a------ C:\Windows\System32\drivers\Pcouffin.sys
2008-02-17 09:20 . 2008-02-17 09:20 <REP> d-------- C:\Program Files\VSO
2008-02-16 22:46 . 2008-02-16 22:46 <REP> d-------- C:\Users\All Users\DVD Shrink
2008-02-16 22:46 . 2008-02-16 22:46 <REP> d-------- C:\ProgramData\DVD Shrink
2008-02-16 22:46 . 2008-02-16 22:46 <REP> d-------- C:\Program Files\DVD Shrink
2008-02-16 22:26 . 2008-02-16 22:26 <REP> d-------- C:\Users\david\AppData\Roaming\vlc
2008-02-16 22:26 . 2008-02-16 22:26 <REP> d-------- C:\Program Files\VideoLAN
2008-02-16 22:16 . 2008-02-16 22:16 <REP> d-------- C:\Users\All Users\Real
2008-02-16 22:16 . 2008-02-16 22:16 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-16 19:33 . 2008-02-16 19:33 <REP> d-------- C:\Users\All Users\eMule
2008-02-16 19:33 . 2008-02-16 19:33 <REP> d-------- C:\ProgramData\eMule
2008-02-16 19:32 . 2008-02-16 19:32 <REP> d-------- C:\Program Files\eMule
2008-02-16 19:19 . 2008-02-17 11:31 <REP> d-------- C:\Users\david\AppData\Roaming\Azureus
2008-02-16 19:19 . 2008-02-16 19:19 <REP> d-------- C:\Users\All Users\Azureus
2008-02-16 19:19 . 2008-02-16 19:19 <REP> d-------- C:\ProgramData\Azureus
2008-02-16 19:16 . 2008-02-23 10:34 <REP> d-------- C:\Program Files\Azureus
2008-02-16 18:50 . 2008-02-16 18:50 <REP> d-------- C:\Users\All Users\UDL
2008-02-16 18:50 . 2008-02-16 18:50 <REP> d-------- C:\ProgramData\UDL
2008-02-16 18:47 . 2008-02-16 18:47 <REP> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-02-16 18:45 . 2008-02-16 18:45 <REP> d-------- C:\Users\david\AppData\Roaming\InstallShield
2008-02-16 18:45 . 2006-10-20 00:10 501,912 --a------ C:\Windows\System32\PICSDK2.dll
2008-02-16 18:44 . 2008-02-16 18:44 <REP> d-------- C:\Users\All Users\EPSON
2008-02-16 18:44 . 2008-02-16 18:44 <REP> d-------- C:\ProgramData\EPSON
2008-02-16 18:40 . 2006-12-08 03:04 76,800 --a------ C:\Windows\System32\E_FLBCDE.DLL
2008-02-16 18:40 . 2006-04-19 03:00 62,976 --a------ C:\Windows\System32\E_FD4BCDE.DLL
2008-02-16 18:40 . 2004-09-10 21:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL
2008-02-16 18:38 . 2008-02-16 18:49 <REP> d-------- C:\Program Files\epson
2008-02-16 18:38 . 2007-03-27 00:00 67,072 --a------ C:\Windows\System32\escwiad.dll
2008-02-16 18:38 . 2008-02-16 18:38 25 --a------ C:\Windows\CDE DX7400DEFGIPS.ini
2008-02-16 17:33 . 2008-02-16 17:33 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-02-16 17:29 . 2008-02-16 17:29 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-16 17:29 . 2008-02-16 17:29 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-16 17:29 . 2008-02-16 17:29 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-02-16 17:29 . 2008-02-16 17:29 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-02-16 17:29 . 2008-02-16 17:29 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-02-16 17:29 . 2008-02-16 17:29 2,048 --a------ C:\Windows\System32\asferror.dll
2008-02-16 17:28 . 2008-02-16 17:28 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-02-16 17:28 . 2008-02-16 17:28 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-02-16 17:28 . 2008-02-16 17:28 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-02-16 17:27 . 2008-02-16 17:27 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-02-16 17:27 . 2008-02-16 17:27 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-02-16 17:27 . 2008-02-16 17:27 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-02-16 17:27 . 2008-02-16 17:27 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-02-16 17:26 . 2008-02-16 17:26 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-02-16 17:25 . 2008-02-16 17:25 <REP> d-------- C:\Program Files\MSXML 4.0
2008-02-16 17:25 . 2008-02-16 17:25 2,048 --a------ C:\Windows\System32\tzres.dll
2008-02-16 17:21 . 2008-02-16 17:21 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-16 17:08 . 2008-02-16 17:08 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-02-16 17:08 . 2008-02-16 17:08 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-02-16 17:08 . 2008-02-16 17:08 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-02-16 17:08 . 2008-02-16 17:08 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-02-16 17:08 . 2008-02-16 17:08 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-02-16 17:08 . 2008-02-16 17:08 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-02-16 17:08 . 2008-02-16 17:08 43,352 --a------ C:\Windows\System32\wups2.dll
2008-02-16 17:08 . 2008-02-16 17:08 33,624 --a------ C:\Windows\System32\wups.dll
2008-02-16 17:08 . 2008-02-16 17:08 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-02-16 17:01 . 2008-02-16 17:01 <REP> dr------- C:\Users\david\Searches
2008-02-16 17:01 . 2008-02-16 17:01 <REP> d-------- C:\Users\david\AppData\Roaming\Symantec
2008-02-16 17:00 . 2008-02-16 17:00 <REP> dr------- C:\Users\david\Contacts
2008-02-16 17:00 . 2008-02-16 17:00 81 --a------ C:\Windows\System32\LOG
2008-02-16 17:00 . 2008-02-16 17:00 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-02-16 16:51 . 2008-02-16 17:02 <REP> d-------- C:\Users\david\AppData\Roaming\Hewlett-Packard
2008-02-16 16:49 . 2008-02-16 16:49 <REP> d-------- C:\Users\All Users\Electronic Arts
2008-02-16 16:49 . 2008-02-16 16:49 <REP> d-------- C:\ProgramData\Electronic Arts
2008-02-16 16:44 . 2008-02-16 16:49 <REP> d-------- C:\Program Files\Electronic Arts
2008-02-16 16:42 . 2008-02-16 16:42 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Presario A900 Notebook PC_Y5335KV_0U_QCND8030GMJ_E460271-051_4A_I30ED_SHP_V83.1E_F.22_T071214_WV3-0_L40C_M2038_J160_7Intel_86FD_91.67_#071121_N10EC8139;168C001C_(KM058EA#ABF)_XMOBILE_CN10_Z_2F.22.MRK
2008-02-16 16:41 . 2008-02-16 17:01 <REP> dr------- C:\Users\david\Videos
2008-02-16 16:41 . 2008-02-23 12:00 <REP> dr------- C:\Users\david\Saved Games
2008-02-16 16:41 . 2008-02-16 21:40 <REP> dr------- C:\Users\david\Pictures
2008-02-16 16:41 . 2008-02-16 17:01 <REP> dr------- C:\Users\david\Music
2008-02-16 16:41 . 2008-02-16 17:01 <REP> dr------- C:\Users\david\Links
2008-02-16 16:41 . 2008-02-23 11:01 <REP> dr------- C:\Users\david\Downloads
2008-02-16 16:41 . 2008-02-20 17:18 <REP> dr------- C:\Users\david\Documents
2008-02-16 16:41 . 2006-11-02 13:37 <REP> d-------- C:\Users\david\AppData\Roaming\Media Center Programs
2008-02-16 16:41 . 2008-02-20 05:35 <REP> d--h----- C:\Users\david\AppData
2008-02-16 16:37 . 2008-02-16 16:37 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 09:03 --------- d-----w C:\ProgramData\Symantec
2008-02-22 18:06 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-22 18:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-22 17:55 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-02-22 17:55 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-02-22 17:55 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-02-22 17:55 --------- d-----w C:\Program Files\Symantec
2008-02-17 09:24 --------- d-----w C:\Program Files\Java
2008-02-16 17:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 17:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-16 17:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-16 17:07 --------- d-----w C:\Program Files\Windows Mail
2008-02-16 16:33 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-16 16:30 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-16 16:29 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-16 16:29 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-16 16:29 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-16 16:29 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-16 16:22 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-16 16:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-16 16:22 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-16 16:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-16 16:02 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-16 15:42 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Presario A900 Notebook PC_Y5335KV_0U_QCND8030GMJ_E460271-051_4A_I30ED_SHP_V83.1E_F.22_T071214_WV3-0_L40C_M2038_J160_7Intel_86FD_91.67_#071121_N10EC8139;168C001C_(KM058EA#ABF)_XMOBILE_CN10_Z_2F.22.MRK
2008-02-16 15:37 --------- d-sh--w C:\ProgramData\Modèles
2008-02-16 15:37 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-02-16 15:37 --------- d-sh--w C:\ProgramData\Favoris
2008-02-16 15:37 --------- d-sh--w C:\ProgramData\Bureau
2008-02-16 15:37 --------- d-sh--w C:\Program Files\Fichiers communs
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-14 23:14 --------- d-----w C:\ProgramData\WildTangent
2008-01-14 23:14 --------- d-----w C:\Program Files\HP Games
2008-01-14 23:11 --------- d-----w C:\Program Files\CyberLink
2008-01-14 23:07 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-01-14 23:07 --------- d-----w C:\Program Files\HPQ
2008-01-14 23:07 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-14 23:06 --------- d-----w C:\ProgramData\CyberLink
2008-01-14 23:05 --------- d-----w C:\Program Files\Hp
2008-01-14 22:59 --------- d-----w C:\Program Files\CONEXANT
2008-01-14 22:57 --------- d-----w C:\Program Files\Intel
2008-01-14 22:56 --------- d-----w C:\Program Files\NetWaiting
2008-01-14 22:54 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-01-14 22:54 --------- d-----w C:\Program Files\Realtek
2008-01-14 22:54 --------- d-----w C:\Program Files\Apoint2K
2008-01-14 22:52 --------- d-----w C:\ProgramData\Atheros
2008-01-14 22:52 --------- d-----w C:\Program Files\Atheros
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-10 12:16 159,839 ----a-w C:\Windows\System32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\Windows\System32\xvidcore.dll
2007-12-24 12:49 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-11-21 06:08 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 03:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-16 17:23 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-16 17:28 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 16:10 1783136]
"EPSON Stylus DX7400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 07:00 182272]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 13:43 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 13:43 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 13:43 137752]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-10-10 13:48 212992]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 19:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 16:05 202032]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 16:32 222504]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-21 06:28 1006264]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 05:07 51048]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 15:15 480560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{053AB282-E2DF-4F2E-B806-4A8C143D0FDF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2C0C2D29-F3D6-444D-8A5C-21AC5D347C8A}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C480E308-4D58-40D5-BBDB-E2B1FE48357E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0FB36BD6-41FD-4EF9-AF57-32C005BBCF26}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{21592082-8707-4982-AA79-54813E0AAB47}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector|Desc=CyberLink PowerDirector
"{1A6DD2DF-10DA-4D90-BC75-F7B18492797B}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play|Desc=Quick Play
"{CCCD9476-B687-4AF7-BB9A-FBD817DEDFBF}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program|Desc=Quick Play Resident Program
"{B6048534-BCF8-4441-AE00-830DCF9F02A1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{9D8B39D7-2EF5-4889-A313-64963B776E03}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{CB0CAD73-2154-4B7B-AC4C-8749A7906B23}C:\program files\azureus\azureus.exe"= Disabled:UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"UDP Query User{B64C5F25-25BC-440F-B499-490CF3076A73}C:\program files\azureus\azureus.exe"= Disabled:TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"TCP Query User{A87E987A-7F25-46C2-8FDE-41BBDCB59525}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{E3F4E857-6EA5-4CB6-969D-651623EB670E}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{89878C77-DE97-4733-85E9-4AFBAF3109A8}C:\program files\nero\nero 7\nero home\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home|Desc=Nero Home
"UDP Query User{96DD66E0-C264-4CCE-B5C8-035983BB25B8}C:\program files\nero\nero 7\nero home\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home|Desc=Nero Home

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080221.002\IDSvix86.sys [2008-02-13 17:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 05:07]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 15:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 15:40]
R3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 13:25]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-09-27 17:33]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 20:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 00:33]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-18 20:23:25 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - david.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 15:38:05
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-23 15:38:50
ComboFix-quarantined-files.txt 2008-02-23 14:38:48
.
2008-02-19 22:08:53 --- E O F ---

Crée un fichier texte nommé CFScript.txt
Double clique pour l'ouvrir, et copie colle ceci dedans :

RootKit::
c:\ users\david\appdata\local\temp\mcmtfyvv.dll
C:\Users\david\AppData\Local\Temp\xxyvt.dll
C:\Users\david\AppData\Local\Temp\tusro.dll
C:\Users\david\AppData\Local\Temp\eouioalq.dll

DirLook::
c:\ users\david\appdata\local\temp\

Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

• Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

ComboFix 08-02-23.2 - david 2008-02-23 16:02:13.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.884 [GMT 1:00]
Endroit: C:\Users\david\Desktop\ComboFix.exe
Command switches used :: C:\Users\david\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\ users\david\appdata\local\temp\mcmtfyvv.dll
C:\Users\david\AppData\Local\Temp\eouioalq.dll
C:\Users\david\AppData\Local\Temp\tusro.dll
C:\Users\david\AppData\Local\Temp\xxyvt.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))))))))
.

2008-02-23 11:18 . 2008-02-23 11:18 <REP> d-------- C:\Program Files\Trend Micro
2008-02-22 19:18 . 2008-02-22 19:18 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-02-22 06:12 . 2008-02-22 06:12 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-22 06:12 . 2008-02-22 06:12 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-02-20 05:35 . 2008-02-20 05:35 <REP> d-------- C:\Users\david\AppData\Roaming\Media Player Classic
2008-02-18 18:24 . 2008-02-18 18:24 <REP> d-------- C:\Program Files\Yahoo!
2008-02-18 18:24 . 2008-02-18 18:24 <REP> d-------- C:\Program Files\CCleaner
2008-02-17 21:28 . 2008-02-19 06:17 <REP> d-------- C:\Users\david\AppData\Roaming\Ahead
2008-02-17 21:27 . 2008-02-17 21:27 <REP> d-------- C:\Users\All Users\Ahead
2008-02-17 21:27 . 2008-02-17 21:27 <REP> d-------- C:\ProgramData\Ahead
2008-02-17 21:25 . 2008-02-17 21:25 <REP> d-------- C:\Users\All Users\Nero
2008-02-17 21:25 . 2008-02-17 21:25 <REP> d-------- C:\ProgramData\Nero
2008-02-17 21:25 . 2008-02-17 21:25 <REP> d-------- C:\Program Files\Nero
2008-02-17 21:25 . 2008-02-17 21:27 <REP> d-------- C:\Program Files\Common Files\Ahead
2008-02-17 09:21 . 2008-02-17 09:21 39,264 --a------ C:\Windows\System32\drivers\Pcouffin.sys
2008-02-17 09:20 . 2008-02-17 09:20 <REP> d-------- C:\Program Files\VSO
2008-02-16 22:46 . 2008-02-16 22:46 <REP> d-------- C:\Users\All Users\DVD Shrink
2008-02-16 22:46 . 2008-02-16 22:46 <REP> d-------- C:\ProgramData\DVD Shrink
2008-02-16 22:46 . 2008-02-16 22:46 <REP> d-------- C:\Program Files\DVD Shrink
2008-02-16 22:26 . 2008-02-16 22:26 <REP> d-------- C:\Users\david\AppData\Roaming\vlc
2008-02-16 22:26 . 2008-02-16 22:26 <REP> d-------- C:\Program Files\VideoLAN
2008-02-16 22:16 . 2008-02-16 22:16 <REP> d-------- C:\Users\All Users\Real
2008-02-16 22:16 . 2008-02-16 22:16 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-02-16 19:33 . 2008-02-16 19:33 <REP> d-------- C:\Users\All Users\eMule
2008-02-16 19:33 . 2008-02-16 19:33 <REP> d-------- C:\ProgramData\eMule
2008-02-16 19:32 . 2008-02-16 19:32 <REP> d-------- C:\Program Files\eMule
2008-02-16 19:19 . 2008-02-17 11:31 <REP> d-------- C:\Users\david\AppData\Roaming\Azureus
2008-02-16 19:19 . 2008-02-16 19:19 <REP> d-------- C:\Users\All Users\Azureus
2008-02-16 19:19 . 2008-02-16 19:19 <REP> d-------- C:\ProgramData\Azureus
2008-02-16 19:16 . 2008-02-23 10:34 <REP> d-------- C:\Program Files\Azureus
2008-02-16 18:50 . 2008-02-16 18:50 <REP> d-------- C:\Users\All Users\UDL
2008-02-16 18:50 . 2008-02-16 18:50 <REP> d-------- C:\ProgramData\UDL
2008-02-16 18:47 . 2008-02-16 18:47 <REP> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-02-16 18:45 . 2008-02-16 18:45 <REP> d-------- C:\Users\david\AppData\Roaming\InstallShield
2008-02-16 18:45 . 2006-10-20 00:10 501,912 --a------ C:\Windows\System32\PICSDK2.dll
2008-02-16 18:44 . 2008-02-16 18:44 <REP> d-------- C:\Users\All Users\EPSON
2008-02-16 18:44 . 2008-02-16 18:44 <REP> d-------- C:\ProgramData\EPSON
2008-02-16 18:40 . 2006-12-08 03:04 76,800 --a------ C:\Windows\System32\E_FLBCDE.DLL
2008-02-16 18:40 . 2006-04-19 03:00 62,976 --a------ C:\Windows\System32\E_FD4BCDE.DLL
2008-02-16 18:40 . 2004-09-10 21:12 49,152 --a------ C:\Windows\System32\E_DCINST.DLL
2008-02-16 18:38 . 2008-02-16 18:49 <REP> d-------- C:\Program Files\epson
2008-02-16 18:38 . 2007-03-27 00:00 67,072 --a------ C:\Windows\System32\escwiad.dll
2008-02-16 18:38 . 2008-02-16 18:38 25 --a------ C:\Windows\CDE DX7400DEFGIPS.ini
2008-02-16 17:33 . 2008-02-16 17:33 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-02-16 17:29 . 2008-02-16 17:29 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-16 17:29 . 2008-02-16 17:29 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-16 17:29 . 2008-02-16 17:29 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-02-16 17:29 . 2008-02-16 17:29 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-02-16 17:29 . 2008-02-16 17:29 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-02-16 17:29 . 2008-02-16 17:29 2,048 --a------ C:\Windows\System32\asferror.dll
2008-02-16 17:28 . 2008-02-16 17:28 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-02-16 17:28 . 2008-02-16 17:28 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-02-16 17:28 . 2008-02-16 17:28 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-02-16 17:27 . 2008-02-16 17:27 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-02-16 17:27 . 2008-02-16 17:27 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-02-16 17:27 . 2008-02-16 17:27 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-02-16 17:27 . 2008-02-16 17:27 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-02-16 17:26 . 2008-02-16 17:26 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-02-16 17:25 . 2008-02-16 17:25 <REP> d-------- C:\Program Files\MSXML 4.0
2008-02-16 17:25 . 2008-02-16 17:25 2,048 --a------ C:\Windows\System32\tzres.dll
2008-02-16 17:21 . 2008-02-16 17:21 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-16 17:08 . 2008-02-16 17:08 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-02-16 17:08 . 2008-02-16 17:08 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-02-16 17:08 . 2008-02-16 17:08 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-02-16 17:08 . 2008-02-16 17:08 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-02-16 17:08 . 2008-02-16 17:08 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-02-16 17:08 . 2008-02-16 17:08 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-02-16 17:08 . 2008-02-16 17:08 43,352 --a------ C:\Windows\System32\wups2.dll
2008-02-16 17:08 . 2008-02-16 17:08 33,624 --a------ C:\Windows\System32\wups.dll
2008-02-16 17:08 . 2008-02-16 17:08 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-02-16 17:01 . 2008-02-16 17:01 <REP> dr------- C:\Users\david\Searches
2008-02-16 17:01 . 2008-02-16 17:01 <REP> d-------- C:\Users\david\AppData\Roaming\Symantec
2008-02-16 17:00 . 2008-02-16 17:00 <REP> dr------- C:\Users\david\Contacts
2008-02-16 17:00 . 2008-02-16 17:00 81 --a------ C:\Windows\System32\LOG
2008-02-16 17:00 . 2008-02-16 17:00 44 --a------ C:\Windows\system\hpsysdrv.dat
2008-02-16 16:51 . 2008-02-16 17:02 <REP> d-------- C:\Users\david\AppData\Roaming\Hewlett-Packard
2008-02-16 16:49 . 2008-02-16 16:49 <REP> d-------- C:\Users\All Users\Electronic Arts
2008-02-16 16:49 . 2008-02-16 16:49 <REP> d-------- C:\ProgramData\Electronic Arts
2008-02-16 16:44 . 2008-02-16 16:49 <REP> d-------- C:\Program Files\Electronic Arts
2008-02-16 16:42 . 2008-02-16 16:42 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Presario A900 Notebook PC_Y5335KV_0U_QCND8030GMJ_E460271-051_4A_I30ED_SHP_V83.1E_F.22_T071214_WV3-0_L40C_M2038_J160_7Intel_86FD_91.67_#071121_N10EC8139;168C001C_(KM058EA#ABF)_XMOBILE_CN10_Z_2F.22.MRK
2008-02-16 16:41 . 2008-02-16 17:01 <REP> dr------- C:\Users\david\Videos
2008-02-16 16:41 . 2008-02-23 12:00 <REP> dr------- C:\Users\david\Saved Games
2008-02-16 16:41 . 2008-02-16 21:40 <REP> dr------- C:\Users\david\Pictures
2008-02-16 16:41 . 2008-02-16 17:01 <REP> dr------- C:\Users\david\Music
2008-02-16 16:41 . 2008-02-16 17:01 <REP> dr------- C:\Users\david\Links
2008-02-16 16:41 . 2008-02-23 11:01 <REP> dr------- C:\Users\david\Downloads
2008-02-16 16:41 . 2008-02-20 17:18 <REP> dr------- C:\Users\david\Documents
2008-02-16 16:41 . 2006-11-02 13:37 <REP> d-------- C:\Users\david\AppData\Roaming\Media Center Programs
2008-02-16 16:41 . 2008-02-20 05:35 <REP> d--h----- C:\Users\david\AppData
2008-02-16 16:37 . 2008-02-16 16:37 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 09:03 --------- d-----w C:\ProgramData\Symantec
2008-02-22 18:06 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-22 18:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-22 17:55 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-02-22 17:55 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-02-22 17:55 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-02-22 17:55 --------- d-----w C:\Program Files\Symantec
2008-02-17 09:24 --------- d-----w C:\Program Files\Java
2008-02-16 17:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 17:52 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-16 17:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-16 17:07 --------- d-----w C:\Program Files\Windows Mail
2008-02-16 16:33 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-16 16:30 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-16 16:29 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-16 16:29 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-16 16:29 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-16 16:29 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-16 16:22 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-16 16:22 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-16 16:22 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-16 16:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-16 16:02 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-02-16 15:42 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Presario A900 Notebook PC_Y5335KV_0U_QCND8030GMJ_E460271-051_4A_I30ED_SHP_V83.1E_F.22_T071214_WV3-0_L40C_M2038_J160_7Intel_86FD_91.67_#071121_N10EC8139;168C001C_(KM058EA#ABF)_XMOBILE_CN10_Z_2F.22.MRK
2008-02-16 15:37 --------- d-sh--w C:\ProgramData\Modèles
2008-02-16 15:37 --------- d-sh--w C:\ProgramData\Menu Démarrer
2008-02-16 15:37 --------- d-sh--w C:\ProgramData\Favoris
2008-02-16 15:37 --------- d-sh--w C:\ProgramData\Bureau
2008-02-16 15:37 --------- d-sh--w C:\Program Files\Fichiers communs
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-14 23:14 --------- d-----w C:\ProgramData\WildTangent
2008-01-14 23:14 --------- d-----w C:\Program Files\HP Games
2008-01-14 23:11 --------- d-----w C:\Program Files\CyberLink
2008-01-14 23:07 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2008-01-14 23:07 --------- d-----w C:\Program Files\HPQ
2008-01-14 23:07 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-14 23:06 --------- d-----w C:\ProgramData\CyberLink
2008-01-14 23:05 --------- d-----w C:\Program Files\Hp
2008-01-14 22:59 --------- d-----w C:\Program Files\CONEXANT
2008-01-14 22:57 --------- d-----w C:\Program Files\Intel
2008-01-14 22:56 --------- d-----w C:\Program Files\NetWaiting
2008-01-14 22:54 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2008-01-14 22:54 --------- d-----w C:\Program Files\Realtek
2008-01-14 22:54 --------- d-----w C:\Program Files\Apoint2K
2008-01-14 22:52 --------- d-----w C:\ProgramData\Atheros
2008-01-14 22:52 --------- d-----w C:\Program Files\Atheros
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-10 12:16 159,839 ----a-w C:\Windows\System32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\Windows\System32\xvidcore.dll
2007-12-24 12:49 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\divx.dll
2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-11-21 06:08 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\ users\david\appdata\local\temp\ ----

c:\ users\david\appdata\local\temp\\


((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-25 03:51 316784 --a------ c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-16 17:23 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-16 17:28 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 16:10 1783136]
"EPSON Stylus DX7400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 07:00 182272]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-28 13:43 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-28 13:43 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-28 13:43 137752]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-10-10 13:48 212992]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 19:34 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 16:05 202032]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 16:32 222504]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-21 06:28 1006264]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 05:07 51048]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 15:15 480560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{053AB282-E2DF-4F2E-B806-4A8C143D0FDF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2C0C2D29-F3D6-444D-8A5C-21AC5D347C8A}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C480E308-4D58-40D5-BBDB-E2B1FE48357E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0FB36BD6-41FD-4EF9-AF57-32C005BBCF26}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{21592082-8707-4982-AA79-54813E0AAB47}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector|Desc=CyberLink PowerDirector
"{1A6DD2DF-10DA-4D90-BC75-F7B18492797B}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play|Desc=Quick Play
"{CCCD9476-B687-4AF7-BB9A-FBD817DEDFBF}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program|Desc=Quick Play Resident Program
"{B6048534-BCF8-4441-AE00-830DCF9F02A1}"= UDP:C:\Program Files\eMule\emule.exe:eMule
"{9D8B39D7-2EF5-4889-A313-64963B776E03}"= TCP:C:\Program Files\eMule\emule.exe:eMule
"TCP Query User{CB0CAD73-2154-4B7B-AC4C-8749A7906B23}C:\program files\azureus\azureus.exe"= Disabled:UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"UDP Query User{B64C5F25-25BC-440F-B499-490CF3076A73}C:\program files\azureus\azureus.exe"= Disabled:TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"TCP Query User{A87E987A-7F25-46C2-8FDE-41BBDCB59525}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{E3F4E857-6EA5-4CB6-969D-651623EB670E}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"TCP Query User{89878C77-DE97-4733-85E9-4AFBAF3109A8}C:\program files\nero\nero 7\nero home\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home|Desc=Nero Home
"UDP Query User{96DD66E0-C264-4CCE-B5C8-035983BB25B8}C:\program files\nero\nero 7\nero home\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home|Desc=Nero Home

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080221.002\IDSvix86.sys [2008-02-13 17:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 05:07]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 15:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 15:40]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 13:25]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-09-27 17:33]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 20:50]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 00:33]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 00:27]

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-18 20:23:25 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - david.job"

Les fichiers ont été supprimés, la liste du dossier non (un espace en trop, pas grave).

Redémarre et poste un nouveau log HJT stp.

voilà
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:19, on 23/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICDE.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_SA479.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\david\AppData\Local\Temp\tusro.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\david\AppData\Local\Temp\xxyvt.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\david\AppData\Local\Temp\mcmtfyvv.dll",run
O4 - HKCU\..\Run: [0ca16960] rundll32.exe "C:\Users\david\AppData\Local\Temp\eouioalq.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10897 bytes

Merci.

Télécharge VundoFix.exe (par Atribune) sur ton bureau :
http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe pour le lancer.
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est terminé, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après, le bureau disparaîtra un moment, c'est normal.
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique sur OK.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

Note: Il est possible que VundoFix se trouve face à un fichier qu'il ne peut pas supprimer. Si cela se produit, il se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".

vundo m'a dit qu'il n'avait trouvé aucun fichier

Ok, peux-tu poster le rapport stp ?

je ne trouve pas le rapport

Regarde dans C:\vundofix.txt, le fichier doit être là, normalement.

j'ai cherché mais rien

dois je relancer vundo

Est-ce qu'il a listé des fichiers, au centre de l'interface (partie blanche) après avoir cliqué sur scan for Vundo ?

je ne me souviens pas

Arf. Fais une recherche sur le pc avec comme nom de fichier "vundofix.txt" vois si tu en trouves un.

Si tu n'en trouves pas, relance je te mets tout ci dessous :

Télécharge VundoFix.exe (par Atribune) sur ton bureau :
http://www.atribune.org/ccount/click.php?id=4

* fais un clic droit sur VundoFix.exe, puis choisis "exécuter en tant que..." puis "administrateur".
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est terminé, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après, le bureau disparaîtra un moment, c'est normal.
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique sur OK.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt

Note: Il est possible que VundoFix se trouve face à un fichier qu'il ne peut pas supprimer. Si cela se produit, il se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".

j'ai refait vundo.
toujours aucun rapport
dans la fenêtre blanche il n'y avait rien de lister.
et pas de fichier trouvé

C'est ennuyeux, c'est bien ce qu'il faudrait. On va essayer autre chose.

Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection).

* Démarrer > Panneau de Configuration
* Double clique sur l'icône Comptes d'utilisateurs
* Clique ensuite sur Désactiver et valide.

Ensuite lance vundoFix en tant qu'administrateur via le clic droit.

Vois si vundoFix fonctionne. Sinon on fera autrement.

Voici le rapport

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.11

Scan started at 09:58:45 2008-02-24

Listing files found while scanning....

No infected files were found.


Beginning removal...

Ok, ça ne passera pas avec. Je vais te préparer un script.

En attendant, poste un rapport DiagHelp stp, voici comment faire.

Ce logiciel va créer un rapport contenant des listes de fichiers pur diagnostiquer (après analyse) une possible infection ou des fichiers en trop.

Télécharge DiagHelp.zip de Malekal_morte sur ton bureau.

• Décompresse-le, sur ton bureau par exemple.
• Un nouveau dossier chercher va être créé DiagHelp.
• Ouvre le et double-clique sur go.cmd (le .cmd peut ne pas apparaître)
• Une fenêtre va s'ouvrir, choisis l'option 1 et valide avec la touche entrée.
• L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
• Copie/colle le contenu du bloc-note qui s'ouvre et joins-le à ta prochaine réponse.
  
  NB : si un antivirus détecte Troj/INJECT MF choisis "ignorer" c'est une fausse alerte.
  NB : un outil, sigcheck.exe, peut demander l'accès à internet, si ton firewall te demande l'autorisation, laisse-le accéder à internet.
  
• Le rapport est sauvegardé dans c:\resultat.txt si jamais tu le cherches

après ça, je te prépare un script (plus agressif que le 1er).