Votre question

pop up intempestifs et trojans

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
13 Juin 2007 12:27:41

bonjour j'ai souvent des pop-up ki apparaissent et aussi bit defender me trouve des trojans mais ne me les supprime pas tout comme les scas de ad-aware , ccleaner et spybot j'ai un rapport HijackThis en esperant que vous pourriez m'aider a regler mon probleme
ps :spy bot me trouve : doubleclick, mediaplex, avenue a, inc. , virtumonde, smitfraud-c. toolbar888, vundo
rapport HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 12:17:43, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\jcghrjvk.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Raph\Bureau\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\ehymnndv.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.safety.live.com/resource/download/scann...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\jcghrjvk.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Autres pages sur : pop intempestifs trojans

a b 8 Sécurité
13 Juin 2007 13:17:12

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    13 Juin 2007 17:57:16

    voila le rapport vundofix:

    VundoFix V6.4.2

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 12:12:34 04/06/2007

    Listing files found while scanning....


    VundoFix V6.5.0

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 17:47:48 13/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\bammrddd.dll
    C:\windows\system32\bntkcewu.dll
    C:\WINDOWS\system32\jkkheby.dll
    C:\WINDOWS\system32\knnmp.bak1
    C:\WINDOWS\system32\knnmp.bak2
    C:\WINDOWS\system32\knnmp.ini
    C:\WINDOWS\system32\knnmp.ini2
    C:\WINDOWS\system32\knnmp.tmp
    C:\WINDOWS\system32\pmnnk.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\bntkcewu.dll
    C:\windows\system32\bntkcewu.dll Has been deleted!
    et le rapport HijackThis:
    Logfile of HijackThis v1.99.1
    Scan saved at 17:55:57, on 13/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\jcghrjvk.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Softwin\BitDefender9\bdmcon.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Softwin\BitDefender9\bdnagent.exe
    C:\Program Files\Softwin\BitDefender9\bdswitch.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSI\Core Center\CoreCenter.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Raph\Bureau\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {34B31130-5FF9-440B-B42B-401CAAA06D61} - C:\WINDOWS\system32\pmnnk.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8A70E2DB-606D-4962-B0A2-D1D5EE905CFf} - C:\WINDOWS\system32\ddgglnwy.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\bntkcewu.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\hawycohm.dll",realset
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jcghrjvk.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    Merci de ton aide :) 
    Contenus similaires
    a b 8 Sécurité
    13 Juin 2007 17:59:43

    Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    13 Juin 2007 20:55:42

    ComboFix 07-06-13.3 - C:\Documents and Settings\Raph\Bureau\ComboFix.exe
    "Raph" - 2007-06-13 20:46:19 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\bpmbsvui.dll
    C:\WINDOWS\system32\ehymnndv.dll
    C:\WINDOWS\system32\hawycohm.dll
    C:\WINDOWS\system32\iuvsbmpb.ini
    C:\WINDOWS\system32\vdnnmyhe.ini
    C:\WINDOWS\system32\mhocywah.ini


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\install.log


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_NWSAPAGENT
    -------\nm
    -------\NwSapAgent


    ((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))


    2007-06-13 20:45 49,152 --a------ C:\WINDOWS\nircmd.exe
    2007-06-13 17:47 <REP> d-------- C:\VundoFix Backups
    2007-06-13 12:32 122,900 --a------ C:\WINDOWS\system32\uuifrxtp.exe
    2007-06-13 12:10 122,900 --a------ C:\WINDOWS\system32\tcgptaas.exe
    2007-06-13 11:56 3,172 --a------ C:\WINDOWS\system32\tmp.reg
    2007-06-13 11:53 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-06-13 11:53 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-06-13 11:53 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-06-13 11:41 122,900 --a------ C:\WINDOWS\system32\jcghrjvk.exe
    2007-06-12 20:41 <REP> d-------- C:\DOCUME~1\Raph\APPLIC~1\StarOffice8
    2007-06-12 20:37 <REP> d-------- C:\adabas
    2007-06-12 20:23 <REP> d-------- C:\DOCUME~1\Raph\.SunDownloadManager
    2007-06-09 19:38 <REP> d-------- C:\DOCUME~1\Raph\APPLIC~1\Logitech
    2007-06-09 19:38 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
    2007-06-09 19:37 79,376 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
    2007-06-09 19:37 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
    2007-06-09 19:37 63,248 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
    2007-06-09 19:37 56,080 --a------ C:\WINDOWS\KHALMNPR.Exe
    2007-06-09 19:37 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
    2007-06-09 19:37 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
    2007-06-09 19:37 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
    2007-06-09 19:37 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
    2007-06-09 19:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
    2007-06-08 22:19 <REP> d-------- C:\Program Files\Windows Live
    2007-06-08 22:19 <REP> d-------- C:\Program Files\Adverts
    2007-06-04 12:38 <REP> d-------- C:\Program Files\iPod
    2007-06-03 18:02 <REP> d-------- C:\Program Files\ModTheSims2.com
    2007-06-03 17:06 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
    2007-06-03 17:06 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
    2007-06-03 17:06 <REP> d-------- C:\Program Files\D-Tools
    2007-06-03 16:40 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-06-01 18:54 <REP> d-------- C:\Program Files\ABC Amber XML Converter
    2007-05-31 13:00 <REP> d-------- C:\DOCUME~1\Raph\AbiSuite
    2007-05-31 12:59 <REP> d-------- C:\Program Files\AbiSuite2
    2007-05-28 08:57 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-05-28 08:57 <REP> d-------- C:\Program Files\GetData
    2007-05-18 21:42 <REP> dr-h----- C:\DOCUME~1\Raph\APPLIC~1\SecuROM
    2007-05-18 20:54 <REP> d-------- C:\Program Files\Atari
    2007-05-17 22:01 <REP> d-------- C:\Anuman Interactive


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-06-13 18:49:49 32 ----a-w C:\WINDOWS\system32\driver.dat
    2007-06-13 18:49:23 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
    2007-06-13 17:57:40 28 ----a-w C:\WINDOWS\system32\getfile.dat
    2007-06-13 09:29:34 -------- d-----w C:\Program Files\a-squared Anti-Malware
    2007-06-12 12:03:31 -------- d-----w C:\Program Files\DAEMON Tools
    2007-06-11 20:27:54 -------- d-----w C:\Program Files\LimeWire
    2007-06-11 17:18:12 -------- d-----w C:\Program Files\Warcraft III
    2007-06-09 17:37:19 -------- d-----w C:\Program Files\Fichiers communs\Logitech
    2007-06-09 17:37:06 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-09 17:37:06 -------- d-----w C:\Program Files\Logitech
    2007-06-09 17:30:06 -------- d-----w C:\Program Files\HardwareDetection
    2007-06-08 20:19:02 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-08 20:19:02 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-06-04 10:38:14 -------- d-----w C:\Program Files\iTunes
    2007-06-04 10:36:15 -------- d-----w C:\Program Files\QuickTime
    2007-06-04 10:34:00 -------- d-----w C:\Program Files\Apple Software Update
    2007-06-02 16:29:15 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-05-20 16:44:27 -------- d-----w C:\DOCUME~1\Raph\APPLIC~1\dvdcss
    2007-05-18 19:42:17 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-05-16 18:56:47 -------- d-----w C:\DOCUME~1\Raph\APPLIC~1\LimeWire
    2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-14 19:34:56 -------- d-----w C:\Program Files\TribalWeb
    2007-05-08 13:08:00 -------- d-----w C:\DOCUME~1\Raph\APPLIC~1\Google
    2007-05-08 13:07:35 -------- d-----w C:\Program Files\Google
    2007-04-28 13:01:57 -------- d-----w C:\DOCUME~1\Raph\APPLIC~1\DataCast
    2007-04-28 13:01:54 -------- d-----w C:\DOCUME~1\Raph\APPLIC~1\InstallShield
    2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-22 16:11:03 -------- d-----w C:\Program Files\Motherboard Monitor 5
    2007-04-22 15:43:07 -------- d-----w C:\Program Files\CpuIdle
    2007-04-22 15:43:06 4,484 ----a-w C:\WINDOWS\system32\drivers\cpuidlep.sys
    2007-04-22 15:13:19 1,411 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
    2007-04-22 15:13:17 48,831 ----a-w C:\WINDOWS\BricoPackUninst.cmd
    2007-04-22 15:13:16 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2007-04-20 16:24:46 -------- d-----w C:\Program Files\Steam
    2007-04-18 18:41:27 -------- d-----w C:\DOCUME~1\Raph\APPLIC~1\TribalWeb
    2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-15 19:11:32 -------- d-----w C:\Program Files\Fichiers communs\ACD Systems
    2007-04-15 19:08:56 -------- d-----w C:\DOCUME~1\Raph\APPLIC~1\ACD Systems
    2007-04-06 06:36:28 471,040 ----a-w C:\WINDOWS\system32\muzapp.dll
    2007-04-06 06:36:28 167,936 ----a-w C:\WINDOWS\system32\muzapp.exe
    2007-03-25 12:52:45 83,046 ----a-w C:\WINDOWS\system32\perfc00C.dat
    2007-03-25 12:52:45 504,492 ----a-w C:\WINDOWS\system32\perfh00C.dat
    2007-03-23 04:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
    2007-03-23 04:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
    2007-03-22 18:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
    2007-03-21 18:27:56 16 ----a-w C:\WINDOWS\system32\magicpvt.dat
    2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
    2007-03-14 17:23:27 313,344 ----a-w C:\WINDOWS\system32\omrwjgypv.exe
    2007-03-13 10:49:48 41 ----a-w C:\WINDOWS\system32\winitn.dll
    2007-03-13 10:49:47 196,608 ----a-w C:\WINDOWS\system32\maag.dll
    2007-03-13 10:49:47 1,245,184 ----a-w C:\WINDOWS\system32\bkll.dll
    2007-03-13 10:49:47 1,212,416 ----a-w C:\WINDOWS\system32\ckll.dll
    2007-03-13 10:49:46 90,112 ----a-w C:\WINDOWS\system32\agsaami.dll
    2007-03-13 10:49:46 610,304 ----a-w C:\WINDOWS\system32\agsaamg.dll
    2007-03-13 10:49:46 372,736 ----a-w C:\WINDOWS\system32\agsaamc.dll
    2007-03-13 10:49:46 2,535,424 ----a-w C:\WINDOWS\system32\agsaamj.dll
    2007-03-13 10:49:46 1,986,560 ----a-w C:\WINDOWS\system32\akll.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {34B31130-5FF9-440B-B42B-401CAAA06D61}=C:\WINDOWS\system32\pmnnk.dll []
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
    {8A70E2DB-606D-4962-B0A2-D1D5EE905CFf}=C:\WINDOWS\system32\ddgglnwy.dll []
    {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-05-01 15:43]
    "nwiz"="nwiz.exe" [2006-11-17 18:29 C:\WINDOWS\system32\nwiz.exe]
    "BDMCon"="C:\Program Files\Softwin\BitDefender9\bdmcon.exe" [2006-10-16 22:22]
    "BDOESRV"="C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" [2005-03-11 18:53]
    "BDNewsAgent"="C:\Program Files\Softwin\BitDefender9\bdnagent.exe" [2005-06-09 11:28]
    "BDSwitchAgent"="C:\Program Files\Softwin\BitDefender9\bdswitch.exe" [2005-04-06 14:09]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-24 10:27]
    "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 18:21 C:\WINDOWS\RTHDCPL.exe]
    "Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 C:\WINDOWS\Alcmtr.exe]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"="C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 17:51]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=sockspy.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
    backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk
    backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
    backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MagicTune 3.5.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MagicTune 3.5.lnk
    backup=C:\WINDOWS\pss\MagicTune 3.5.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Raph^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Raph\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Raph^Menu Démarrer^Programmes^Démarrage^StarOffice 8.lnk]
    path=C:\Documents and Settings\Raph\Menu Démarrer\Programmes\Démarrage\StarOffice 8.lnk
    backup=C:\WINDOWS\pss\StarOffice 8.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Raph^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
    path=C:\Documents and Settings\Raph\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
    backup=C:\WINDOWS\pss\TribalWeb.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Raph^Menu Démarrer^Programmes^Démarrage^Xfire.lnk]
    path=C:\Documents and Settings\Raph\Menu Démarrer\Programmes\Démarrage\Xfire.lnk
    backup=C:\WINDOWS\pss\Xfire.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
    C:\Program Files\MSI\Live Update 3\LMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
    C:\Program Files\MarkAny\ContentSafer\MAAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation]
    C:\Program Files\MagicRotation\MagicPvt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
    C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    C:\WINDOWS\system32\\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    SkyTel.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
    C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    "C:\Program Files\Steam\Steam.exe" -silent

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
    C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe -s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
    C:\PROGRA~1\Wanadoo\CnxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "SSScsiSV"=3 (0x3)
    "Pml Driver HPZ12"=3 (0x3)
    "LVPrcSrv"=2 (0x2)
    "Adobe LM Service"=3 (0x3)


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    AutoRun\command- D:\autoplay.exe

    *Newly Created Service* - NVR0DEV

    Contents of the 'Scheduled Tasks' folder
    2007-06-07 18:39:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-06-13 18:28:00 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1159468070.job

    **************************************************************************

    catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-13 20:50:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-06-13 20:53:05 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-06-13 20:52

    --- E O F ---
    a b 8 Sécurité
    13 Juin 2007 21:17:13

    Reposte un rapport Hijackthis.
    13 Juin 2007 21:18:48

    Logfile of HijackThis v1.99.1
    Scan saved at 21:18:23, on 13/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\jcghrjvk.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\program files\softwin\bitdefender9\bdnagent.exe
    C:\program files\softwin\bitdefender9\bdswitch.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSI\Core Center\CoreCenter.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    c:\program files\softwin\bitdefender9\bdmcon.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Raph\Bureau\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {34B31130-5FF9-440B-B42B-401CAAA06D61} - C:\WINDOWS\system32\pmnnk.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8A70E2DB-606D-4962-B0A2-D1D5EE905CFf} - C:\WINDOWS\system32\ddgglnwy.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "c:\program files\softwin\bitdefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jcghrjvk.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    a b 8 Sécurité
    13 Juin 2007 21:19:50

    Re,

    Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES

    O2 - BHO: (no name) - {34B31130-5FF9-440B-B42B-401CAAA06D61} - C:\WINDOWS\system32\pmnnk.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8A70E2DB-606D-4962-B0A2-D1D5EE905CFf} - C:\WINDOWS\system32\ddgglnwy.dll (file missing)

    13 Juin 2007 22:27:03

    J'ai fait ce que tu m'as dit voici le nouveau rapport :

    Logfile of HijackThis v1.99.1
    Scan saved at 22:26:02, on 13/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\jcghrjvk.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
    C:\program files\softwin\bitdefender9\bdnagent.exe
    C:\program files\softwin\bitdefender9\bdswitch.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSI\Core Center\CoreCenter.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender9\vsserv.exe
    c:\program files\softwin\bitdefender9\bdmcon.exe
    C:\Documents and Settings\Raph\Bureau\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
    O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
    O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] "c:\program files\softwin\bitdefender9\bdswitch.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
    O11 - Options group: [INTERNATIONAL] International*
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.safety.live.com/resource/download/scann...
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://tw.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jcghrjvk.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

    a b 8 Sécurité
    13 Juin 2007 22:32:19

    Tu as toujours des problèmes ?
    13 Juin 2007 23:32:13

    malheureusement oui .. bit defender m'alerte car jai :
    trojan.fotomoto.A j'en ai beaucoup et ils se trouvnet tous dans le meme dossier c:\windows\system32\(nom du fichier)
    et spybot me trouve aussi : Avenue A, Inc. , doubleclick , mediaplex , reliablestats , systemdoctor2006 , tradedoubler , winsoftware.winantiviruspro2006 , Zedo
    ^^ voila jsai pas si tu pourrais m'aider pour ca mai merci car jai moins des problemes qu'avant :) 
    13 Juin 2007 23:46:31

    spybot dit qu'il corrige les problemes mais quand je refais un scan il sont toujours present :??: 
    voila le rapport de bit defender

    //-----------------------------------------------------------------
    //
    // Product: BitDefender 9 Professional Plus
    // Version: 9.5
    //
    // Créé le: 13/06/2007 23:42:36
    //
    //-----------------------------------------------------------------


    Statistiques

    Chemin cible: C:\WINDOWS\system32
    Dossiers : 294
    Fichiers : 6638
    Archives : 13
    Fichiers empaquetés : 329
    Virus trouvés : 2
    Fichiers infectés : 3
    Alertes : 0
    Fichiers suspects : 0
    Fichiers désinfectés : 0
    Fichiers effacés : 6
    Fichiers copiés : 0
    Fichiers déplacés : 0
    Fichiers renommés : 0
    Erreurs I/O : 11
    Temps d'analyse := 00:02:50
    Fichiers/seconde :39

    Statistiques Spywares

    Processus Mémoire analysés : 14
    Processus Mémoire infectés : 0
    Clés de registres analysées : 1941
    Clés de registres infectés : 3
    Cookies analysés : 30
    Cookies infectés : 0
    Fichiers spyware infectés : 0
    Menaces Spyware détectées : 1


    Définitions virus : 561672
    Plugins d'analyse : 16
    Plugins archives : 41
    Plug-ins décompression : 6
    Plug-ins messagerie : 6
    Plug-ins système : 5

    Options d'analyse

    Détection
    [X] Analyser le secteur de boot
    [X] Analyser les archives
    [X] Analyser les fichiers en paquets
    [X] Analyser la messagerie

    Masque fichiers
    [ ] Programmes
    [X] Tous les fichiers
    [ ] Extensions définies par l'utilisateur:
    [ ] Exclure les extensions: ;

    Action

    Objets infectés
    [ ] Ignorer
    [X] Désinfecter
    [ ] Effacer
    [ ] Copier
    [ ] Déplacer dans le dossier infectés
    [ ] Renommer
    [ ] Demander l'action

    Seconde action
    [ ] Ignorer
    [X] Effacer
    [ ] Copier
    [ ] Déplacer dans le dossier infectés
    [ ] Renommer
    [ ] Demander l'action

    Options d'analyse
    [X] Activer les alertes
    [X] Activer l'heuristique
    [ ] Afficher tous les fichiers dans le journal
    [X] Fichier journal : C:\Program Files\Softwin\BitDefender9\Logs\vscan_1181770956.log

    Options d'analyse Spyware

    [X] Processus mémoire
    [X] Clés de registres
    [X] Cookies


    Sommaire :

    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\JCGHRJVK.EXE Détecté: Trojan.Fotomoto.A
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\JCGHRJVK.EXE Désinfection impossible
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\JCGHRJVK.EXE Effacé
    <System> Mise à jour impossible
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\JCGHRJVK.EXE Détecté: Trojan.Fotomoto.A
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\JCGHRJVK.EXE Désinfection impossible
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\JCGHRJVK.EXE Effacé
    <System> Mise à jour impossible
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\JCGHRJVK.EXE Détecté: Trojan.Fotomoto.A
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\JCGHRJVK.EXE Désinfection impossible
    <System>=>HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET003\SERVICES\DOMAINSERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\JCGHRJVK.EXE Effacé
    <System> Mise à jour impossible
    C:\WINDOWS\system32\jcghrjvk.exe Infecté avec: Trojan.Fotomoto.A
    C:\WINDOWS\system32\jcghrjvk.exe Désinfection impossible
    C:\WINDOWS\system32\jcghrjvk.exe Effacé
    C:\WINDOWS\system32\tcgptaas.exe Infecté avec: Trojan.Fotomoto.A
    C:\WINDOWS\system32\tcgptaas.exe Désinfection impossible
    C:\WINDOWS\system32\tcgptaas.exe Effacé
    C:\WINDOWS\system32\uuifrxtp.exe Infecté avec: Trojan.Fotomoto.A
    C:\WINDOWS\system32\uuifrxtp.exe Désinfection impossible
    C:\WINDOWS\system32\uuifrxtp.exe Effacé
    a b 8 Sécurité
    14 Juin 2007 00:07:25

    Tu peux refaire un scan Bitdefender ?
    14 Juin 2007 00:16:27


    //-----------------------------------------------------------------
    //
    // Product: BitDefender 9 Professional Plus
    // Version: 9.5
    //
    // Créé le: 14/06/2007 00:12:06
    //
    //-----------------------------------------------------------------


    Statistiques

    Chemin cible: C:\WINDOWS\system32
    Dossiers : 294
    Fichiers : 6633
    Archives : 13
    Fichiers empaquetés : 329
    Virus trouvés : 0
    Fichiers infectés : 0
    Alertes : 0
    Fichiers suspects : 0
    Fichiers désinfectés : 0
    Fichiers effacés : 0
    Fichiers copiés : 0
    Fichiers déplacés : 0
    Fichiers renommés : 0
    Erreurs I/O : 11
    Temps d'analyse := 00:02:20
    Fichiers/seconde :47

    Statistiques Spywares

    Processus Mémoire analysés : 13
    Processus Mémoire infectés : 0
    Clés de registres analysées : 1938
    Clés de registres infectés : 0
    Cookies analysés : 30
    Cookies infectés : 0
    Fichiers spyware infectés : 0
    Menaces Spyware détectées : 0


    Définitions virus : 561672
    Plugins d'analyse : 16
    Plugins archives : 41
    Plug-ins décompression : 6
    Plug-ins messagerie : 6
    Plug-ins système : 5

    Options d'analyse

    Détection
    [X] Analyser le secteur de boot
    [X] Analyser les archives
    [X] Analyser les fichiers en paquets
    [X] Analyser la messagerie

    Masque fichiers
    [ ] Programmes
    [X] Tous les fichiers
    [ ] Extensions définies par l'utilisateur:
    [ ] Exclure les extensions: ;

    Action

    Objets infectés
    [ ] Ignorer
    [X] Désinfecter
    [ ] Effacer
    [ ] Copier
    [ ] Déplacer dans le dossier infectés
    [ ] Renommer
    [ ] Demander l'action

    Seconde action
    [ ] Ignorer
    [X] Effacer
    [ ] Copier
    [ ] Déplacer dans le dossier infectés
    [ ] Renommer
    [ ] Demander l'action

    Options d'analyse
    [X] Activer les alertes
    [X] Activer l'heuristique
    [ ] Afficher tous les fichiers dans le journal
    [X] Fichier journal : C:\Program Files\Softwin\BitDefender9\Logs\vscan_1181772726.log

    Options d'analyse Spyware

    [X] Processus mémoire
    [X] Clés de registres
    [X] Cookies

    Je n'ai plus de trojan :)  merci beaucoup Angeldark
    et pour les logiciels espion de spybot t'as une idée de comment les supprimer ?
    a b 8 Sécurité
    14 Juin 2007 12:09:27

    Quel est leur emplacement ?
    21 Juin 2007 11:47:35

    Ce sont tous des cookies traceur de firefox
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS