Se connecter / S'enregistrer
Votre question

Infection avec System Doctor, winpro, et autre :((

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Octobre 2007 12:50:05

Bonjour à tous.

Je me doute que mon post vas certainement parraitre récurent, mais j'ai vraiment besoin d'un coup de pouce de la part de personnes s'y connaissant vraiment en matière, de malware et autre saletés du genre qui pourrisse progressivement nos ptit PC adoré :pt1cable: 


En gros voilà ma situation:

Possesseur de Windows Xp-Pro.
Depuis quelques mois j'ai été infecté par System Doctor, WinPro et autre autres ... Jusqu'alors ça ne touchais que Internet Explorer. Mais depuis peu Firefox en à egalement été la victime. ... :pfff: 


Plus embêtant depuis peu Winrar plante lors de l'ouverture des archives ... pas moyen de le relancer sans avoir à reboot.
(et encore au bout d'un moment ça plante à nouveau ...)

Plus ennuyeux et étrange lorsque Winrar plante et bien Spybot et Ad-Aware plantent également au lancement. Le message d'erreur s'affiche et ne peux être fermé (enfin si mais le message d'erreur persiste et réaparaissant -> Message typique qui propose l'envoie de l'erreur à Microsoft, rien de plus)

... Alors j'ai un peu trainé sur le net jusqu'à tomber sur un ou deux topics ici. Dans l'espoir d'être entendu j'ai pris les devant en téléchargeant Hijack et en vous copiant le Log que voici ...
(auquel -navré- je ne comprend rien :sarcastic:  )


---------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:26, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMMES\CURSOR\CursorXP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SEC\MT4.0\GammaTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SEC\MT4.0\MagicTune.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lionel Hofert\Bureau\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\qmafgoeb.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: MagicTune4.0.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - http://update.nprotect.net/sci/install_new/NPPWebInstal...
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/keycrypt/npkcx.c...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024

--
End of file - 9700 bytes
---------------------------------------------------------------


Voilà pourriez vous m'aidez -a l'occaliser et erradiquer le/les problèmes- s'il vous plais.

Merci d'avance !

Autres pages sur : infection system doctor winpro

a b 8 Sécurité
3 Octobre 2007 13:23:10

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    3 Octobre 2007 14:16:42

    Merci Angeldark.

    Voilà donc le rapport VundoFix:

    -----------------------------------------------------------------


    VundoFix V6.5.9

    Checking Java version...

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 13:53:35 03/10/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\kjllm.bak1
    C:\WINDOWS\system32\kjllm.ini
    C:\WINDOWS\system32\mlljk.dll
    C:\WINDOWS\system32\pmnlj.dll
    C:\WINDOWS\system32\tuvwvsr.dll
    C:\WINDOWS\system32\yltoyguy.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\kjllm.bak1
    C:\WINDOWS\system32\kjllm.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kjllm.ini
    C:\WINDOWS\system32\kjllm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnlj.dll
    C:\WINDOWS\system32\pmnlj.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\tuvwvsr.dll
    C:\WINDOWS\system32\tuvwvsr.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\yltoyguy.dll
    C:\WINDOWS\system32\yltoyguy.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\pmnlj.dll
    C:\WINDOWS\system32\pmnlj.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\tuvwvsr.dll
    C:\WINDOWS\system32\tuvwvsr.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\yltoyguy.dll
    C:\WINDOWS\system32\yltoyguy.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    ---------------------------------------------------------------




    Et voilà le HijackThis


    ---------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:15:57, on 03/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\WINDOWS\system32\winsys2.exe
    C:\Program Files\MagicRotation\MagicPvt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\PROGRAMMES\CURSOR\CursorXP.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SEC\MT4.0\GammaTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    C:\Program Files\SEC\MT4.0\MagicTune.exe
    C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Lionel Hofert\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
    O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: MagicTune4.0.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - http://update.nprotect.net/sci/install_new/NPPWebInstal...
    O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/keycrypt/npkcx.c...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
    O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024

    --
    End of file - 9552 bytes

    ---------------------------------------------------------------


    Merci encore de ton aide.
    J'attend la suite de ta réponse. :p 
    Contenus similaires
    a b 8 Sécurité
    3 Octobre 2007 14:23:37

    Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    3 Octobre 2007 14:29:33

    :fou:  ... et voilà comme ça m'est arrivé souvent en voulant utiliser Ad-Aware ou Spybot ainsi que tout autre logiciels servant à virer malwares and co.

    ça plante et j'ai droit à ce jolie message:

    Freeware implementation of REG.EXE a rencontré un problème et doit fermer. Nous vous prions de nous excuser pour le désagrément encouru.

    Tout ceci sans pouvoir dégager la fenêtre vue qu'en cliquant sur la croix pour fermer la fenêtre repop ...

    avec un autre message d'erreur windows:

    L'instruction à "0x0047312a" emploie l'adresse mémoire "0x01100de2". La mémoire ne peut pas être "read".


    ... au secour :( 
    3 Octobre 2007 15:09:20

    Merci encore pour ta patience et ton aide.

    Voilà pour le rapport du Scan Windows System Directory

    -----------------------------------------------------------------


    AntiVir PersonalEdition Classic
    Report file date: mercredi 3 octobre 2007 15:04

    Scanning for 863296 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Lionel Hofert
    Computer name: MANA

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 12:57:49
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 12:57:49
    ANTIVIR2.VDF : 7.0.0.32 315904 Bytes 28/09/2007 12:57:49
    ANTIVIR3.VDF : 7.0.0.46 76800 Bytes 03/10/2007 12:57:49
    AVEWIN32.DLL : 7.6.0.18 2810368 Bytes 03/10/2007 12:57:50
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Windows System Directory
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysdir.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 3 octobre 2007 15:04

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
    Scan process 'MagicTune.exe' - '1' Module(s) have been scanned
    Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
    Scan process 'NaturalColorLoad.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'GammaTray.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'lxbbbmon.exe' - '1' Module(s) have been scanned
    Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
    Scan process 'CursorXP.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'MagicPvt.exe' - '1' Module(s) have been scanned
    Scan process 'WinSys2.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'lxbbbmgr.exe' - '1' Module(s) have been scanned
    Scan process 'InCD.exe' - '1' Module(s) have been scanned
    Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'wbload.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'Smc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    52 processes with 52 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    C:\WINDOWS\system32\pmnlj.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\pmnlj.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    C:\WINDOWS\system32\tuvwvsr.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\tuvwvsr.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen

    The registry was scanned ( '54' files ).


    Starting the file scan:

    Begin scan in 'C:\WINDOWS\system32'
    C:\WINDOWS\system32\Autorun.exe
    [DETECTION] Contains detection pattern of a probably damaged sample CC/UKMalw.LB
    [INFO] The file was moved to '477793ed.qua'!
    C:\WINDOWS\system32\pmnlj.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\sstqn.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '47779420.qua'!
    C:\WINDOWS\system32\tuvwvsr.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: mercredi 3 octobre 2007 15:07
    Used time: 03:18 min

    The scan has been done completely.

    235 Scanning directories
    8329 Files were scanned
    6 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    2 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    8323 Files not concerned
    16 Archives were scanned
    5 Warnings
    0 Notes

    -------------------------------------------------------------
    a b 8 Sécurité
    3 Octobre 2007 15:15:18

    Reposte un rapport Hijackthis.
    3 Octobre 2007 15:34:41

    J'ai pu faire le diagnostic avec COmbofix

    Le voilà:

    -----------------------------------------------------------------
    ComboFix 07-10-03.7 - Lionel Hofert 2007-10-03 15:11:57.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1293 [GMT 2:00]
    Running from: C:\Documents and Settings\Lionel Hofert\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\system32\bwyirxcw.dll
    C:\WINDOWS\system32\cemqevwu.ini
    C:\WINDOWS\system32\fnqyjpkl.dll
    C:\WINDOWS\system32\ibdbrjat.dll
    C:\WINDOWS\system32\jlnmp.bak1
    C:\WINDOWS\system32\jlnmp.bak2
    C:\WINDOWS\system32\jlnmp.ini
    C:\WINDOWS\system32\jlnmp.ini2
    C:\WINDOWS\system32\jlnmp.tmp
    C:\WINDOWS\system32\lkpjyqnf.ini
    C:\WINDOWS\system32\plugin1.dat
    C:\WINDOWS\system32\pmnlj.dll
    C:\WINDOWS\system32\qebyxwrv.ini
    C:\WINDOWS\system32\SysPr.prx
    C:\WINDOWS\system32\tajrbdbi.ini
    C:\WINDOWS\system32\uwveqmec.dll
    C:\WINDOWS\system32\vrwxybeq.dll
    C:\WINDOWS\system32\wcxriywb.ini
    C:\WINDOWS\system32\winsys.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-03 to 2007-10-03 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-03 15:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-03 14:55 <REP> d-------- C:\Program Files\Avira
    2007-10-03 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-10-03 14:13 77,376 --a------ C:\WINDOWS\system32\wnhjgckw.dll
    2007-10-03 14:05 77,376 --a------ C:\WINDOWS\system32\loyugaml.dll
    2007-10-03 13:53 <REP> d-------- C:\VundoFix Backups
    2007-10-01 19:55 87,104 --a------ C:\WINDOWS\system32\xwmshxfu.dll
    2007-10-01 12:10 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\WinRAR
    2007-10-01 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
    2007-09-03 12:13 32 --a------ C:\WINDOWS\system32\driver.dat
    2007-09-03 12:05 <REP> d-------- C:\WINDOWS\NV31763484.TMP
    2007-09-03 12:01 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Bioshock
    2007-09-03 11:12 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield Installation Information

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-02 11:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-08-24 20:16 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\vlc
    2007-08-24 20:14 --------- d-------- C:\Program Files\Satsuki Decoder Pack
    2007-08-17 17:25 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2007-08-17 17:25 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
    2007-08-17 16:23 8478720 --a------ C:\WINDOWS\system32\nvcpl.dll
    2007-08-17 16:23 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
    2007-08-17 16:23 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
    2007-08-17 16:23 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
    2007-08-17 16:23 6842208 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
    2007-08-17 16:23 6746112 --a------ C:\WINDOWS\system32\nvoglnt.dll
    2007-08-17 16:23 6344704 --a------ C:\WINDOWS\system32\nvdisps.dll
    2007-08-17 16:23 5860736 --a------ C:\WINDOWS\system32\nv4_disp.dll
    2007-08-17 16:23 466944 --a------ C:\WINDOWS\system32\nvshell.dll
    2007-08-17 16:23 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
    2007-08-17 16:23 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
    2007-08-17 16:23 425984 --a------ C:\WINDOWS\system32\keystone.exe
    2007-08-17 16:23 36864 --a------ C:\WINDOWS\system32\nvcodins.dll
    2007-08-17 16:23 36864 --a------ C:\WINDOWS\system32\nvcod.dll
    2007-08-17 16:23 360448 --a------ C:\WINDOWS\system32\nvapi.dll
    2007-08-17 16:23 3551232 --a------ C:\WINDOWS\system32\nvvitvs.dll
    2007-08-17 16:23 3334144 --a------ C:\WINDOWS\system32\nvgames.dll
    2007-08-17 16:23 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
    2007-08-17 16:23 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
    2007-08-17 16:23 2371584 --a------ C:\WINDOWS\system32\nvwss.dll
    2007-08-17 16:23 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
    2007-08-17 16:23 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
    2007-08-17 16:23 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
    2007-08-17 16:23 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
    2007-08-17 16:23 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
    2007-08-17 16:23 1478656 --a------ C:\WINDOWS\system32\nview.dll
    2007-08-17 16:23 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
    2007-08-17 16:23 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
    2007-08-17 16:23 1150976 --a------ C:\WINDOWS\system32\nvmobls.dll
    2007-08-17 16:23 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
    2007-08-17 16:23 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
    2007-08-14 11:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-14 11:54 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield
    2007-08-14 10:45 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\GetRightToGo
    2007-08-13 11:16 127034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-08-06 12:56 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Logitech
    2007-08-06 12:52 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
    2007-08-06 12:52 --------- d-------- C:\Program Files\Logitech
    2007-08-06 12:51 --------- d-------- C:\Program Files\Fichiers communs\Logitech
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-28 18:43 751623 ---hs---- C:\WINDOWS\system32\srqss.bak2
    2007-06-26 20:00 21948 --a------ C:\Program Files\serial.zip
    2007-06-26 20:00 21948 --a------ C:\Program Files\serial.dat
    2007-06-26 16:56 0 --a------ C:\Program Files\vqesyyn.exe
    2007-06-26 16:56 0 --a------ C:\Program Files\secure32.html
    2006-12-28 20:10 7168 --ahs---- C:\Program Files\Thumbs.db
    2006-11-23 00:30 94080 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezplay.sys
    2006-11-23 00:30 81920 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezpinst.exe
    2006-11-23 00:30 47360 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\pcouffin.sys
    2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.zip
    2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.tbe
    2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.zip
    2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.tde
    2006-05-28 15:05 221099 -rahs---- C:\Program Files\serial.tde
    2006-02-19 04:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
    2006-01-15 15:33 9728 --------- C:\Program Files\vorbisfile.dll
    2006-01-15 15:32 8704 --------- C:\Program Files\ogg.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{449A7F9B-75AF-49E8-99BC-E7B3D78339C2}]
    C:\WINDOWS\system32\mlljk.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F75E47-94D2-48AC-8D32-863356FA6578}]
    2007-06-26 16:51 26166 --------- C:\WINDOWS\system32\tuvwvsr.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-04-24 10:53 C:\WINDOWS\SOUNDMAN.EXE]
    "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-09-01 15:32]
    "Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-11 19:41]
    "iTunesHelper"="D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe" [2005-05-14 00:20]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "nwiz"="nwiz.exe" [2007-08-17 16:23 C:\WINDOWS\system32\nwiz.exe]
    "SS1HelperStartUp"="C:\PROGRA~1\SEASID~1\SS1HEL~1.exe" []
    "IMEKRMIG6.1"="" []
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
    "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 12:13]
    "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 12:14]
    "WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-10-03 08:37]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
    "MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-12-26 17:23]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-17 16:23]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
    "CursorXP"="D:\PROGRAMMES\CURSOR\CursorXP.exe" [2005-01-19 17:34]
    "igndlm.exe"="D:\PROGRAMMES\Download Manager\dlm.exe" [2007-03-05 13:57]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-13 12:38]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{90F75E47-94D2-48AC-8D32-863356FA6578}"= C:\WINDOWS\system32\tuvwvsr.dll [2007-06-26 16:51 26166]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]
    C:\WINDOWS\system32\mlljk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwvsr]
    tuvwvsr.dll 2007-06-26 16:51 26166 C:\WINDOWS\system32\tuvwvsr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=wbsys.dll

    R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys
    R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
    R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
    R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
    R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
    S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
    S3 WINIO;WINIO;\??\F:\DRIVER\Audio\winio.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1840b2f2-3d5b-11da-a9c3-0010a7132ad6}]
    AutoRun\command- G:\FahrenheitAutoRun.exe

    *Newly Created Service* - SSMDRV
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-09-26 16:00:00 C:\WINDOWS\Tasks\At1.job"
    "2007-09-26 15:00:00 C:\WINDOWS\Tasks\At10.job"
    "2007-09-26 16:00:00 C:\WINDOWS\Tasks\At11.job"
    "2007-09-26 12:00:00 C:\WINDOWS\Tasks\At13.job"
    "2007-09-26 18:00:00 C:\WINDOWS\Tasks\At14.job"
    "2007-06-26 15:12:53 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2007-09-26 15:00:00 C:\WINDOWS\Tasks\At3.job"
    "2007-09-26 18:00:00 C:\WINDOWS\Tasks\At4.job"
    "2007-06-26 14:51:41 C:\WINDOWS\Tasks\At5.job"
    "2007-09-26 12:00:00 C:\WINDOWS\Tasks\At6.job"
    "2007-09-26 18:00:00 C:\WINDOWS\Tasks\At7.job"
    "2007-09-26 08:00:00 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2007-09-26 08:00:00 C:\WINDOWS\Tasks\At9.job"
    - C:\Program Files\Internet Explorer\iexplore.exe -nohome http://www.amazon.de/exec/obidos/redirect-home?tag=forl...
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-03 15:26:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-03 15:29:24 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-10-03 15:28
    .
    --- E O F ---
    --------------------------------------------------------------




    Et voilà le log Hijack:



    ---------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:32:10, on 03/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\winsys2.exe
    C:\Program Files\MagicRotation\MagicPvt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\PROGRAMMES\CURSOR\CursorXP.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\SEC\MT4.0\GammaTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\SEC\MT4.0\MagicTune.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Lionel Hofert\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {449A7F9B-75AF-49E8-99BC-E7B3D78339C2} - C:\WINDOWS\system32\mlljk.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {90F75E47-94D2-48AC-8D32-863356FA6578} - C:\WINDOWS\system32\tuvwvsr.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
    O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: MagicTune4.0.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - http://update.nprotect.net/sci/install_new/NPPWebInstal...
    O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/keycrypt/npkcx.c...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
    O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll (file missing)
    O20 - Winlogon Notify: tuvwvsr - C:\WINDOWS\SYSTEM32\tuvwvsr.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024

    --
    End of file - 10384 bytes
    ---------------------------------------------------------------


    Malgrès tout ça les pop-up system doctor réapparaissent quand même :s







    Accessoirement AntiVir sonne régulièrement pour la même alerte et ce quelque soit l'action que je préconise (move to quarantine, Delete, Rename, Etc ...)

    celà concerne:

    C:\WINDOWS\system32\tuvwvsr.dll

    Elle reviens toutes les 10sec ... quelque soit l'action d'AntiVir


    Ps: D'ailleur peut-on couper la sonnerie v_v
    a b 8 Sécurité
    3 Octobre 2007 16:17:59

    Refais un scan Combofix stp. Tu n'auras bientôt plus de sonnerie ;) 
    3 Octobre 2007 17:57:02

    Voilà pour le Scan CoboFix:

    ------------------------------------------------------------------
    ComboFix 07-10-03.7 - Lionel Hofert 2007-10-03 17:39:51.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1514 [GMT 2:00]
    Running from: C:\Documents and Settings\Lionel Hofert\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\gebyv.dll
    C:\WINDOWS\system32\jityegns.dll
    C:\WINDOWS\system32\sngeytij.ini
    C:\WINDOWS\system32\vybeg.bak1
    C:\WINDOWS\system32\vybeg.ini

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-03 to 2007-10-03 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-03 15:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-03 14:55 <REP> d-------- C:\Program Files\Avira
    2007-10-03 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-10-03 14:13 77,376 --a------ C:\WINDOWS\system32\wnhjgckw.dll
    2007-10-03 14:05 77,376 --a------ C:\WINDOWS\system32\loyugaml.dll
    2007-10-03 13:53 <REP> d-------- C:\VundoFix Backups
    2007-10-01 19:55 87,104 --a------ C:\WINDOWS\system32\xwmshxfu.dll
    2007-10-01 12:10 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\WinRAR
    2007-10-01 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
    2007-09-03 12:13 32 --a------ C:\WINDOWS\system32\driver.dat
    2007-09-03 12:05 <REP> d-------- C:\WINDOWS\NV31763484.TMP
    2007-09-03 12:01 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Bioshock
    2007-09-03 11:12 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield Installation Information

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-02 11:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-08-24 20:16 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\vlc
    2007-08-24 20:14 --------- d-------- C:\Program Files\Satsuki Decoder Pack
    2007-08-17 17:25 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2007-08-17 17:25 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
    2007-08-17 16:23 8478720 --a------ C:\WINDOWS\system32\nvcpl.dll
    2007-08-17 16:23 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
    2007-08-17 16:23 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
    2007-08-17 16:23 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
    2007-08-17 16:23 6842208 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
    2007-08-17 16:23 6746112 --a------ C:\WINDOWS\system32\nvoglnt.dll
    2007-08-17 16:23 6344704 --a------ C:\WINDOWS\system32\nvdisps.dll
    2007-08-17 16:23 5860736 --a------ C:\WINDOWS\system32\nv4_disp.dll
    2007-08-17 16:23 466944 --a------ C:\WINDOWS\system32\nvshell.dll
    2007-08-17 16:23 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
    2007-08-17 16:23 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
    2007-08-17 16:23 425984 --a------ C:\WINDOWS\system32\keystone.exe
    2007-08-17 16:23 36864 --a------ C:\WINDOWS\system32\nvcodins.dll
    2007-08-17 16:23 36864 --a------ C:\WINDOWS\system32\nvcod.dll
    2007-08-17 16:23 360448 --a------ C:\WINDOWS\system32\nvapi.dll
    2007-08-17 16:23 3551232 --a------ C:\WINDOWS\system32\nvvitvs.dll
    2007-08-17 16:23 3334144 --a------ C:\WINDOWS\system32\nvgames.dll
    2007-08-17 16:23 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
    2007-08-17 16:23 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
    2007-08-17 16:23 2371584 --a------ C:\WINDOWS\system32\nvwss.dll
    2007-08-17 16:23 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
    2007-08-17 16:23 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
    2007-08-17 16:23 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
    2007-08-17 16:23 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
    2007-08-17 16:23 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
    2007-08-17 16:23 1478656 --a------ C:\WINDOWS\system32\nview.dll
    2007-08-17 16:23 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
    2007-08-17 16:23 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
    2007-08-17 16:23 1150976 --a------ C:\WINDOWS\system32\nvmobls.dll
    2007-08-17 16:23 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
    2007-08-17 16:23 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
    2007-08-14 11:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-14 11:54 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield
    2007-08-14 10:45 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\GetRightToGo
    2007-08-13 11:16 127034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-08-06 12:56 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Logitech
    2007-08-06 12:52 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
    2007-08-06 12:52 --------- d-------- C:\Program Files\Logitech
    2007-08-06 12:51 --------- d-------- C:\Program Files\Fichiers communs\Logitech
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-07-28 18:43 751623 ---hs---- C:\WINDOWS\system32\srqss.bak2
    2007-06-26 20:00 21948 --a------ C:\Program Files\serial.zip
    2007-06-26 20:00 21948 --a------ C:\Program Files\serial.dat
    2007-06-26 16:56 0 --a------ C:\Program Files\vqesyyn.exe
    2007-06-26 16:56 0 --a------ C:\Program Files\secure32.html
    2006-12-28 20:10 7168 --ahs---- C:\Program Files\Thumbs.db
    2006-11-23 00:30 94080 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezplay.sys
    2006-11-23 00:30 81920 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezpinst.exe
    2006-11-23 00:30 47360 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\pcouffin.sys
    2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.zip
    2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.tbe
    2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.zip
    2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.tde
    2006-05-28 15:05 221099 -rahs---- C:\Program Files\serial.tde
    2006-02-19 04:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
    2006-01-15 15:33 9728 --------- C:\Program Files\vorbisfile.dll
    2006-01-15 15:32 8704 --------- C:\Program Files\ogg.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{449A7F9B-75AF-49E8-99BC-E7B3D78339C2}]
    C:\WINDOWS\system32\mlljk.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F75E47-94D2-48AC-8D32-863356FA6578}]
    2007-06-26 16:51 26166 --------- C:\WINDOWS\system32\tuvwvsr.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-04-24 10:53 C:\WINDOWS\SOUNDMAN.EXE]
    "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-09-01 15:32]
    "Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-11 19:41]
    "iTunesHelper"="D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe" [2005-05-14 00:20]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "nwiz"="nwiz.exe" [2007-08-17 16:23 C:\WINDOWS\system32\nwiz.exe]
    "SS1HelperStartUp"="C:\PROGRA~1\SEASID~1\SS1HEL~1.exe" []
    "IMEKRMIG6.1"="" []
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
    "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 12:13]
    "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 12:14]
    "WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-10-03 08:37]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
    "MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-12-26 17:23]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-17 16:23]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
    "CursorXP"="D:\PROGRAMMES\CURSOR\CursorXP.exe" [2005-01-19 17:34]
    "igndlm.exe"="D:\PROGRAMMES\Download Manager\dlm.exe" [2007-03-05 13:57]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-13 12:38]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{90F75E47-94D2-48AC-8D32-863356FA6578}"= C:\WINDOWS\system32\tuvwvsr.dll [2007-06-26 16:51 26166]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]
    C:\WINDOWS\system32\mlljk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwvsr]
    tuvwvsr.dll 2007-06-26 16:51 26166 C:\WINDOWS\system32\tuvwvsr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=wbsys.dll

    R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys
    R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
    R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
    R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
    R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
    S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
    S3 WINIO;WINIO;\??\F:\DRIVER\Audio\winio.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1840b2f2-3d5b-11da-a9c3-0010a7132ad6}]
    AutoRun\command- G:\FahrenheitAutoRun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-09-26 16:00:00 C:\WINDOWS\Tasks\At1.job"
    "2007-09-26 15:00:00 C:\WINDOWS\Tasks\At10.job"
    "2007-09-26 16:00:00 C:\WINDOWS\Tasks\At11.job"
    "2007-09-26 12:00:00 C:\WINDOWS\Tasks\At13.job"
    "2007-09-26 18:00:00 C:\WINDOWS\Tasks\At14.job"
    "2007-06-26 15:12:53 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2007-09-26 15:00:00 C:\WINDOWS\Tasks\At3.job"
    "2007-09-26 18:00:00 C:\WINDOWS\Tasks\At4.job"
    "2007-06-26 14:51:41 C:\WINDOWS\Tasks\At5.job"
    "2007-09-26 12:00:00 C:\WINDOWS\Tasks\At6.job"
    "2007-09-26 18:00:00 C:\WINDOWS\Tasks\At7.job"
    "2007-09-26 08:00:00 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2007-09-26 08:00:00 C:\WINDOWS\Tasks\At9.job"
    - C:\Program Files\Internet Explorer\iexplore.exe -nohome http://www.amazon.de/exec/obidos/redirect-home?tag=forl...
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-03 17:49:09
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-03 17:51:55 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-10-03 17:51
    C:\ComboFix2.txt ... 2007-10-03 15:29
    .
    --- E O F ---
    ----------------------------------------------------------------


    Accessoirement a chaque redémarrage j'ai des message d'alerte par vingtaines concernant encore et toujours la même dll.
    Chose qui bloque/ralentit considérablement le démarage de Windows.


    C:\WINDOWS\system32\tuvwvsr.dll
    a b 8 Sécurité
    3 Octobre 2007 18:13:43

    Re,

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\wnhjgckw.dll
    C:\WINDOWS\system32\loyugaml.dll
    C:\WINDOWS\system32\xwmshxfu.dll
    C:\WINDOWS\system32\mlljk.dll
    C:\WINDOWS\system32\tuvwvsr.dll
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job
    C:\Program Files\serial.zip
    C:\Program Files\serial.dat
    C:\Program Files\vqesyyn.exe
    C:\Program Files\secure32.html

    Folder::
    C:\VundoFix Backups

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{449A7F9B-75AF-49E8-99BC-E7B3D78339C2}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F75E47-94D2-48AC-8D32-863356FA6578}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{90F75E47-94D2-48AC-8D32-863356FA6578}"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwvsr]


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    [#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
    3 Octobre 2007 20:59:11

    Voilà le rapport :p 

    -----------------------------------------------------------------
    ComboFix 07-10-03.7 - Lionel Hofert 2007-10-03 20:44:40.3 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1462 [GMT 2:00]
    Running from: C:\Documents and Settings\Lionel Hofert\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Lionel Hofert\Bureau\CFScript.txt
    * Created a new restore point

    FILE::
    C:\Program Files\secure32.html
    C:\Program Files\serial.dat
    C:\Program Files\serial.zip
    C:\Program Files\vqesyyn.exe
    C:\WINDOWS\system32\loyugaml.dll
    C:\WINDOWS\system32\mlljk.dll
    C:\WINDOWS\system32\tuvwvsr.dll
    C:\WINDOWS\system32\wnhjgckw.dll
    C:\WINDOWS\system32\xwmshxfu.dll
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\secure32.html
    C:\Program Files\serial.dat
    C:\Program Files\serial.zip
    C:\Program Files\vqesyyn.exe
    C:\VundoFix Backups
    C:\VundoFix Backups\kjllm.bak1.bad
    C:\VundoFix Backups\kjllm.ini.bad
    C:\VundoFix Backups\pmnlj.dll.bad
    C:\VundoFix Backups\tuvwvsr.dll.bad
    C:\VundoFix Backups\yltoyguy.dll.bad
    C:\WINDOWS\system32\loyugaml.dll
    C:\WINDOWS\system32\tuvwvsr.dll
    C:\WINDOWS\system32\wnhjgckw.dll
    C:\WINDOWS\system32\xwmshxfu.dll
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At10.job
    C:\WINDOWS\Tasks\At11.job
    C:\WINDOWS\Tasks\At13.job
    C:\WINDOWS\Tasks\At14.job
    C:\WINDOWS\Tasks\At15.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\At4.job
    C:\WINDOWS\Tasks\At5.job
    C:\WINDOWS\Tasks\At6.job
    C:\WINDOWS\Tasks\At7.job
    C:\WINDOWS\Tasks\At8.job
    C:\WINDOWS\Tasks\At9.job

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-03 to 2007-10-03 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-03 15:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-03 14:55 <REP> d-------- C:\Program Files\Avira
    2007-10-03 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-10-01 12:10 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\WinRAR
    2007-10-01 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
    2007-09-03 12:13 32 --a------ C:\WINDOWS\system32\driver.dat
    2007-09-03 12:05 <REP> d-------- C:\WINDOWS\NV31763484.TMP
    2007-09-03 12:01 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Bioshock
    2007-09-03 11:12 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield Installation Information

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-02 11:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-08-24 20:16 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\vlc
    2007-08-24 20:14 --------- d-------- C:\Program Files\Satsuki Decoder Pack
    2007-08-17 16:23 6842208 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
    2007-08-14 11:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-14 11:54 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield
    2007-08-14 10:45 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\GetRightToGo
    2007-08-13 11:16 127034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-08-06 12:56 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Logitech
    2007-08-06 12:52 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
    2007-08-06 12:52 --------- d-------- C:\Program Files\Logitech
    2007-08-06 12:51 --------- d-------- C:\Program Files\Fichiers communs\Logitech
    2006-12-28 20:10 7168 --ahs---- C:\Program Files\Thumbs.db
    2006-11-23 00:30 94080 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezplay.sys
    2006-11-23 00:30 81920 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezpinst.exe
    2006-11-23 00:30 47360 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\pcouffin.sys
    2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.zip
    2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.tbe
    2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.zip
    2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.tde
    2006-05-28 15:05 221099 -rahs---- C:\Program Files\serial.tde
    2006-01-15 15:33 9728 --------- C:\Program Files\vorbisfile.dll
    2006-01-15 15:32 8704 --------- C:\Program Files\ogg.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2003-04-24 10:53 C:\WINDOWS\SOUNDMAN.EXE]
    "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-09-01 15:32]
    "Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-11 19:41]
    "iTunesHelper"="D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe" [2005-05-14 00:20]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "nwiz"="nwiz.exe" [2007-08-17 16:23 C:\WINDOWS\system32\nwiz.exe]
    "SS1HelperStartUp"="C:\PROGRA~1\SEASID~1\SS1HEL~1.exe" []
    "IMEKRMIG6.1"="" []
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
    "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 12:13]
    "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 12:14]
    "WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-10-03 08:37]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
    "MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-12-26 17:23]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-17 16:23]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
    "CursorXP"="D:\PROGRAMMES\CURSOR\CursorXP.exe" [2005-01-19 17:34]
    "igndlm.exe"="D:\PROGRAMMES\Download Manager\dlm.exe" [2007-03-05 13:57]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-13 12:38]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]
    C:\WINDOWS\system32\mlljk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=wbsys.dll

    R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys
    R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
    R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
    R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
    R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
    S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
    S3 WINIO;WINIO;\??\F:\DRIVER\Audio\winio.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1840b2f2-3d5b-11da-a9c3-0010a7132ad6}]
    AutoRun\command- G:\FahrenheitAutoRun.exe

    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-03 20:52:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-03 20:54:15 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-10-03 20:53
    C:\ComboFix2.txt ... 2007-10-03 17:51
    C:\ComboFix3.txt ... 2007-10-03 15:29
    .
    --- E O F ---
    ---------------------------------------------------------------



    Remarques: Je n'ai plus les bib et autres allertes intempestive à ce dernier démarage (de même je peux lancer Firefox ou ouvrir explorer sans avoir d'alerte à tout bous de champs, ... serais ce la bonne voix :D  . En tout cas déjà merci beacoup pour tout ça !!!! :p  :p 


    Par contre une question : ??? sérieusement jme serais jamais immaginé devoir faire autant de manip juste pour dégager quelques malware et autre bots ... jsuis vraiment impressionné par les démarches à suivre (Je suis Infographiste de formation, jm'y connais peu en architecture windows ... )

    Je me demande juste / et j'espère ne pas avoir à réitérer toutes ces manips dans 1 semaines juste parce que j'aurais surfé un peu et que mon ordi se sera de nouveau choper pleins de saloperie :(  :??: 

    En tout cas merci. Je reste à l'écoute de la suite :p 
    a b 8 Sécurité
    3 Octobre 2007 21:13:34

    Re,

    Citation :
    Par contre une question : ??? sérieusement jme serais jamais immaginé devoir faire autant de manip juste pour dégager quelques malware et autre bots ... jsuis vraiment impressionné par les démarches à suivre (Je suis Infographiste de formation, jm'y connais peu en architecture windows ... )

    Quelques malwares ? Une trouzaines oui :lol: 

    Citation :
    Je me demande juste / et j'espère ne pas avoir à réitérer toutes ces manips dans 1 semaines juste parce que j'aurais surfé un peu et que mon ordi se sera de nouveau choper pleins de saloperie

    Pourquoi tu penses te faire réinfecter ?
    3 Octobre 2007 21:23:50

    Citation :
    Quelques malwares ? Une trouzaines oui :lol: 


    :)  ... Ben jpensais être à l'abrit avec Spybot et Ad-Aware :sarcastic: 

    Citation :

    Pourquoi tu penses te faire réinfecter ?


    Et bien je me dit tout simplement que j'avais un antivirus (Avast) que je passais régulièrement l'aspirateur (via Spybot et Ad-Aware) et que je me suis fait sérieusement -c'est indéniable- infecter, ...
    Donc la question est, est ce qu'avec toutes ces manip je suis au peu plus à l'abri aujourd'hui ou vais devoir faire ce genre de manip souvent à l'avenir. La question exacte serais: Quel est la bonne attitude à prendre dorénavant :D 

    Ps: Encore merci !!!!!!
    a b 8 Sécurité
    3 Octobre 2007 21:53:13

    Adepte des carcks, xxx ?
    3 Octobre 2007 21:59:27

    ... euh pas spécialement (mis à par les MMO je suis pas un grand joueur sur PC), mais ça m'est arrivé une fois ou deux oui ...
    a b 8 Sécurité
    3 Octobre 2007 22:04:36

    Reposte un rapport Hijackthis :) 
    4 Octobre 2007 10:21:37

    Voilà ce que ça donne :p 


    -----------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:21:02, on 04/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\winsys2.exe
    C:\Program Files\MagicRotation\MagicPvt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\PROGRAMMES\CURSOR\CursorXP.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\SEC\MT4.0\GammaTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    C:\Program Files\SEC\MT4.0\MagicTune.exe
    C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Lionel Hofert\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
    O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: MagicTune4.0.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - http://update.nprotect.net/sci/install_new/NPPWebInstal...
    O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/keycrypt/npkcx.c...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
    O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024

    --
    End of file - 10113 bytes
    ----------------------------------------------------------------
    a b 8 Sécurité
    4 Octobre 2007 13:10:43

    Re,

    Analyse le fichier ci-dessous chez VirusTotal puis poste le rapport :
    C:\WINDOWS\system32\winsys2.exe
    4 Octobre 2007 13:49:50

    Voilà le rapport de VirusTotal:

    -----------------------------------------------------------------
    Fichier winsys2.exe reçu le 2007.10.04 13:31:21 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
    Résultat: 0/32 (0%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: 6.
    L'heure estimée de démarrage est entre 61 et 87 secondes.
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Formaté
    Impression des résultats Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.10.4.0 2007.10.04 -
    AntiVir 7.6.0.18 2007.10.04 -
    Authentium 4.93.8 2007.10.03 -
    Avast 4.7.1051.0 2007.10.04 -
    AVG 7.5.0.488 2007.10.04 -
    BitDefender 7.2 2007.10.04 -
    CAT-QuickHeal 9.00 2007.10.03 -
    ClamAV 0.91.2 2007.10.04 -
    DrWeb 4.44.0.09170 2007.10.04 -
    eSafe 7.0.15.0 2007.10.02 -
    eTrust-Vet 31.2.5185 2007.10.04 -
    Ewido 4.0 2007.10.04 -
    FileAdvisor 1 2007.10.04 -
    Fortinet 3.11.0.0 2007.10.03 -
    F-Prot 4.3.2.48 2007.10.03 -
    F-Secure 6.70.13030.0 2007.10.04 -
    Ikarus T3.1.1.12 2007.10.04 -
    Kaspersky 7.0.0.125 2007.10.04 -
    McAfee 5133 2007.10.03 -
    Microsoft 1.2908 2007.10.04 -
    NOD32v2 2571 2007.10.04 -
    Norman 5.80.02 2007.10.03 -
    Panda 9.0.0.4 2007.10.04 -
    Prevx1 V2 2007.10.04 -
    Rising 19.43.30.00 2007.10.04 -
    Sophos 4.22.0 2007.10.04 -
    Sunbelt 2.2.907.0 2007.10.04 -
    Symantec 10 2007.10.04 -
    TheHacker 6.2.6.076 2007.10.03 -
    VBA32 3.12.2.4 2007.10.03 -
    VirusBuster 4.3.26:9 2007.10.03 -
    Webwasher-Gateway 6.0.1 2007.10.04 -
    Information additionnelle
    File size: 217088 bytes
    MD5: 246ed5328f940e4fdaab0b2fc987da01
    SHA1: d5e2592cf25b48efb1225e37c45bce99a13466c8
    --------------------------------------------------------------
    a b 8 Sécurité
    4 Octobre 2007 18:03:55

    Tu as bien attendu la fin du scan ?
    6 Octobre 2007 01:43:39

    Euh .. oui absolument :p 
    7 Octobre 2007 12:26:17

    Voilà le résultat du Scan :) 

    ------------------------------------------------------------------
    Service load:
    0% 100%
    File: winsys2.exe
    Status:
    OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5: 246ed5328f940e4fdaab0b2fc987da01
    Packers detected:
    -
    Bit9 reports: No threat detected (more info)
    Scanner results
    Scan taken on 07 Oct 2007 10:22:31 (GMT)
    A-Squared
    Found nothing
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found nothing
    ClamAV
    Found nothing
    CPsecure
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    F-Secure Anti-Virus
    Found nothing
    Fortinet
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    Panda Antivirus
    Found nothing
    Rising Antivirus
    Found nothing
    Sophos Antivirus
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found nothing
    ---------------------------------------------------------------
    a b 8 Sécurité
    7 Octobre 2007 19:52:36

    Reposte un rapport Hijackthis :) 
    8 Octobre 2007 19:28:20

    Voilà :p 

    -----------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:28:29, on 08/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\winsys2.exe
    C:\Program Files\MagicRotation\MagicPvt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\PROGRAMMES\CURSOR\CursorXP.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SEC\MT4.0\GammaTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    C:\Program Files\SEC\MT4.0\MagicTune.exe
    C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Lionel Hofert\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
    O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: MagicTune4.0.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - http://update.nprotect.net/sci/install_new/NPPWebInstal...
    O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/keycrypt/npkcx.c...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
    O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024

    --
    End of file - 10375 bytes
    ---------------------------------------------------------------
    a b 8 Sécurité
    8 Octobre 2007 19:42:56

    Re,

    Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - http://update.nprotect.net/sci/ins [...] tallV2.cab
    O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
    O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll (file missing)
    9 Octobre 2007 11:56:41

    J'ai fait tout ça.
    Voilà le rapport Hijckthis :D 

    -----------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:56:29, on 09/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
    C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
    D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\winsys2.exe
    C:\Program Files\MagicRotation\MagicPvt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\PROGRAMMES\CURSOR\CursorXP.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SEC\MT4.0\GammaTray.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    C:\Program Files\SEC\MT4.0\MagicTune.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Lionel Hofert\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
    O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: MagicTune4.0.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/keycrypt/npkcx.c...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
    O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024

    --
    End of file - 10090 bytes
    ---------------------------------------------------------------
    a b 8 Sécurité
    9 Octobre 2007 12:03:06

    Ton pc se comporte mieux ?
    9 Octobre 2007 12:40:50

    Oui. Je le trouve un peu plus rapide (bon pas comme un DualCore :??:  ) mais plus rapide au démarrage.

    Ensuite j'ai de vastes répertoires qui composent un jeux de rôles que je réalise la taille s'élève à plusieurs vingtaines de Gigas d'images, de Mp3 et autres vidéos. Avant que tu ne me vienne en aide, je peinais à ouvrir certains répertoires (temps de chargement des images et des aperçut, relativement long).

    Enfin à chaque foi que je surfais un peu sur le net, je me faisait plomber à coup de pop up (3 à 4 en moyenne) de system doctor et autres sites ...


    Depuis je n'ai plus de problèmes de ce genre.

    Accessoirement, je ne sais pas si ça à un rapport, mais mon pc avait tendance à reboot sans raison, sans plantage, ni rien d'autre de ce genre, juste un reset inexpliqué. J'avais pensé à l'alim ou aux multiprises bon marché, vois encore à la tension du secteur ...
    Mais depuis que j'ai netoyé mon Pc avec ton aide, je n'ai plus relevé ce genre de ~panne~.

    :)  :)  :)  :)  :) 
    a b 8 Sécurité
    9 Octobre 2007 12:45:33

    Il devait surchauffer ;) 
    30 Octobre 2007 12:08:32

    Salut :) 

    Je pourais te demander de jetter vite fait un oeil à mon rapport HiJack STP. Merci beaucoup !!

    ---------------------------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:08:25, on 30/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\winsys2.exe
    C:\Program Files\MagicRotation\MagicPvt.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\PROGRAMMES\CURSOR\CursorXP.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\SEC\MT4.0\GammaTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
    C:\Program Files\SEC\MT4.0\MagicTune.exe
    C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Lionel Hofert\Mes documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
    O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
    O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
    O4 - Global Startup: Color Calibration.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: MagicTune4.0.lnk = ?
    O4 - Global Startup: NaturalColorLoad.lnk = ?
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
    O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
    O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/keycrypt/npkcx.c...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
    O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024

    --
    End of file - 10625 bytes

    ----------------------------------------------------------------------------------------
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS