Infection avec System Doctor, winpro, et autre :((

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

Double-clique VundoFix.exe afin de le lancer

Clique sur le bouton Scan for Vundo

Lorsque le scan est complété, clique sur le bouton Remove Vundo

Une invite te demandera si tu veux supprimer les fichiers, clique YES

Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers

Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK

Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Merci Angeldark.

Voilà donc le rapport VundoFix:

-----------------------------------------------------------------


VundoFix V6.5.9

Checking Java version...

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 13:53:35 03/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\tuvwvsr.dll
C:\WINDOWS\system32\yltoyguy.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tuvwvsr.dll
C:\WINDOWS\system32\tuvwvsr.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\yltoyguy.dll
C:\WINDOWS\system32\yltoyguy.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tuvwvsr.dll
C:\WINDOWS\system32\tuvwvsr.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\yltoyguy.dll
C:\WINDOWS\system32\yltoyguy.dll Has been deleted!

Performing Repairs to the registry.
Done!

---------------------------------------------------------------




Et voilà le HijackThis


---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:57, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMMES\CURSOR\CursorXP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SEC\MT4.0\GammaTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\SEC\MT4.0\MagicTune.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Lionel Hofert\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: MagicTune4.0.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - http://update.nprotect.net/sci/install_new/NPPWebInstal...
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/keycrypt/npkcx.c...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024

--
End of file - 9552 bytes

---------------------------------------------------------------


Merci encore de ton aide.
J'attend la suite de ta réponse.  

Re,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

  ... et voilà comme ça m'est arrivé souvent en voulant utiliser Ad-Aware ou Spybot ainsi que tout autre logiciels servant à virer malwares and co.

ça plante et j'ai droit à ce jolie message:

Freeware implementation of REG.EXE a rencontré un problème et doit fermer. Nous vous prions de nous excuser pour le désagrément encouru.

Tout ceci sans pouvoir dégager la fenêtre vue qu'en cliquant sur la croix pour fermer la fenêtre repop ...

avec un autre message d'erreur windows:

L'instruction à "0x0047312a" emploie l'adresse mémoire "0x01100de2". La mémoire ne peut pas être "read".


... au secour  

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.

Merci encore pour ta patience et ton aide.

Voilà pour le rapport du Scan Windows System Directory

-----------------------------------------------------------------


AntiVir PersonalEdition Classic
Report file date: mercredi 3 octobre 2007 15:04

Scanning for 863296 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Lionel Hofert
Computer name: MANA

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 12:57:49
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 12:57:49
ANTIVIR2.VDF : 7.0.0.32 315904 Bytes 28/09/2007 12:57:49
ANTIVIR3.VDF : 7.0.0.46 76800 Bytes 03/10/2007 12:57:49
AVEWIN32.DLL : 7.6.0.18 2810368 Bytes 03/10/2007 12:57:50
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysdir.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 3 octobre 2007 15:04

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'MagicTune.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'NaturalColorLoad.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GammaTray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'lxbbbmon.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'CursorXP.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'MagicPvt.exe' - '1' Module(s) have been scanned
Scan process 'WinSys2.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'lxbbbmgr.exe' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wbload.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Smc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\pmnlj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\pmnlj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
C:\WINDOWS\system32\tuvwvsr.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\tuvwvsr.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen

The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\Autorun.exe
[DETECTION] Contains detection pattern of a probably damaged sample CC/UKMalw.LB
[INFO] The file was moved to '477793ed.qua'!
C:\WINDOWS\system32\pmnlj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\sstqn.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47779420.qua'!
C:\WINDOWS\system32\tuvwvsr.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: mercredi 3 octobre 2007 15:07
Used time: 03:18 min

The scan has been done completely.

235 Scanning directories
8329 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
8323 Files not concerned
16 Archives were scanned
5 Warnings
0 Notes

-------------------------------------------------------------

Reposte un rapport Hijackthis.

J'ai pu faire le diagnostic avec COmbofix

Le voilà:

-----------------------------------------------------------------
ComboFix 07-10-03.7 - Lionel Hofert 2007-10-03 15:11:57.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1293 [GMT 2:00]
Running from: C:\Documents and Settings\Lionel Hofert\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bwyirxcw.dll
C:\WINDOWS\system32\cemqevwu.ini
C:\WINDOWS\system32\fnqyjpkl.dll
C:\WINDOWS\system32\ibdbrjat.dll
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.tmp
C:\WINDOWS\system32\lkpjyqnf.ini
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\qebyxwrv.ini
C:\WINDOWS\system32\SysPr.prx
C:\WINDOWS\system32\tajrbdbi.ini
C:\WINDOWS\system32\uwveqmec.dll
C:\WINDOWS\system32\vrwxybeq.dll
C:\WINDOWS\system32\wcxriywb.ini
C:\WINDOWS\system32\winsys.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers créés 2007-09-03 to 2007-10-03 ))))))))))))))))))))))))))))))))))))
.

2007-10-03 15:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 14:55 <REP> d-------- C:\Program Files\Avira
2007-10-03 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-03 14:13 77,376 --a------ C:\WINDOWS\system32\wnhjgckw.dll
2007-10-03 14:05 77,376 --a------ C:\WINDOWS\system32\loyugaml.dll
2007-10-03 13:53 <REP> d-------- C:\VundoFix Backups
2007-10-01 19:55 87,104 --a------ C:\WINDOWS\system32\xwmshxfu.dll
2007-10-01 12:10 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\WinRAR
2007-10-01 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-03 12:13 32 --a------ C:\WINDOWS\system32\driver.dat
2007-09-03 12:05 <REP> d-------- C:\WINDOWS\NV31763484.TMP
2007-09-03 12:01 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Bioshock
2007-09-03 11:12 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield Installation Information

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-02 11:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-08-24 20:16 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\vlc
2007-08-24 20:14 --------- d-------- C:\Program Files\Satsuki Decoder Pack
2007-08-17 17:25 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-08-17 17:25 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-17 16:23 8478720 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-08-17 16:23 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-08-17 16:23 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-08-17 16:23 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-08-17 16:23 6842208 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-08-17 16:23 6746112 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-08-17 16:23 6344704 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-08-17 16:23 5860736 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-08-17 16:23 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-08-17 16:23 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-08-17 16:23 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-08-17 16:23 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-08-17 16:23 36864 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-08-17 16:23 36864 --a------ C:\WINDOWS\system32\nvcod.dll
2007-08-17 16:23 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-08-17 16:23 3551232 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-08-17 16:23 3334144 --a------ C:\WINDOWS\system32\nvgames.dll
2007-08-17 16:23 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-08-17 16:23 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-08-17 16:23 2371584 --a------ C:\WINDOWS\system32\nvwss.dll
2007-08-17 16:23 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-08-17 16:23 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-08-17 16:23 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-08-17 16:23 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-08-17 16:23 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-08-17 16:23 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-08-17 16:23 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-08-17 16:23 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-08-17 16:23 1150976 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-08-17 16:23 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-08-17 16:23 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-08-14 11:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-14 11:54 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield
2007-08-14 10:45 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\GetRightToGo
2007-08-13 11:16 127034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-08-06 12:56 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Logitech
2007-08-06 12:52 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-08-06 12:52 --------- d-------- C:\Program Files\Logitech
2007-08-06 12:51 --------- d-------- C:\Program Files\Fichiers communs\Logitech
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-28 18:43 751623 ---hs---- C:\WINDOWS\system32\srqss.bak2
2007-06-26 20:00 21948 --a------ C:\Program Files\serial.zip
2007-06-26 20:00 21948 --a------ C:\Program Files\serial.dat
2007-06-26 16:56 0 --a------ C:\Program Files\vqesyyn.exe
2007-06-26 16:56 0 --a------ C:\Program Files\secure32.html
2006-12-28 20:10 7168 --ahs---- C:\Program Files\Thumbs.db
2006-11-23 00:30 94080 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezplay.sys
2006-11-23 00:30 81920 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezpinst.exe
2006-11-23 00:30 47360 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\pcouffin.sys
2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.zip
2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.tbe
2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.zip
2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.tde
2006-05-28 15:05 221099 -rahs---- C:\Program Files\serial.tde
2006-02-19 04:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
2006-01-15 15:33 9728 --------- C:\Program Files\vorbisfile.dll
2006-01-15 15:32 8704 --------- C:\Program Files\ogg.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{449A7F9B-75AF-49E8-99BC-E7B3D78339C2}]
C:\WINDOWS\system32\mlljk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F75E47-94D2-48AC-8D32-863356FA6578}]
2007-06-26 16:51 26166 --------- C:\WINDOWS\system32\tuvwvsr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 10:53 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-09-01 15:32]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-11 19:41]
"iTunesHelper"="D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe" [2005-05-14 00:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"nwiz"="nwiz.exe" [2007-08-17 16:23 C:\WINDOWS\system32\nwiz.exe]
"SS1HelperStartUp"="C:\PROGRA~1\SEASID~1\SS1HEL~1.exe" []
"IMEKRMIG6.1"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 12:13]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 12:14]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-10-03 08:37]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-12-26 17:23]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-17 16:23]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
"CursorXP"="D:\PROGRAMMES\CURSOR\CursorXP.exe" [2005-01-19 17:34]
"igndlm.exe"="D:\PROGRAMMES\Download Manager\dlm.exe" [2007-03-05 13:57]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-13 12:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{90F75E47-94D2-48AC-8D32-863356FA6578}"= C:\WINDOWS\system32\tuvwvsr.dll [2007-06-26 16:51 26166]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]
C:\WINDOWS\system32\mlljk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwvsr]
tuvwvsr.dll 2007-06-26 16:51 26166 C:\WINDOWS\system32\tuvwvsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S3 WINIO;WINIO;\??\F:\DRIVER\Audio\winio.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1840b2f2-3d5b-11da-a9c3-0010a7132ad6}]
AutoRun\command- G:\FahrenheitAutoRun.exe

*Newly Created Service* - SSMDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-26 16:00:00 C:\WINDOWS\Tasks\At1.job"
"2007-09-26 15:00:00 C:\WINDOWS\Tasks\At10.job"
"2007-09-26 16:00:00 C:\WINDOWS\Tasks\At11.job"
"2007-09-26 12:00:00 C:\WINDOWS\Tasks\At13.job"
"2007-09-26 18:00:00 C:\WINDOWS\Tasks\At14.job"
"2007-06-26 15:12:53 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-09-26 15:00:00 C:\WINDOWS\Tasks\At3.job"
"2007-09-26 18:00:00 C:\WINDOWS\Tasks\At4.job"
"2007-06-26 14:51:41 C:\WINDOWS\Tasks\At5.job"
"2007-09-26 12:00:00 C:\WINDOWS\Tasks\At6.job"
"2007-09-26 18:00:00 C:\WINDOWS\Tasks\At7.job"
"2007-09-26 08:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-09-26 08:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\Program Files\Internet Explorer\iexplore.exe -nohome http://www.amazon.de/exec/obidos/redirect-home?tag=forl...
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 15:26:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-03 15:29:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-03 15:28
.
--- E O F ---
--------------------------------------------------------------




Et voilà le log Hijack:



---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:10, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMMES\CURSOR\CursorXP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SEC\MT4.0\GammaTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\SEC\MT4.0\MagicTune.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lionel Hofert\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {449A7F9B-75AF-49E8-99BC-E7B3D78339C2} - C:\WINDOWS\system32\mlljk.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {90F75E47-94D2-48AC-8D32-863356FA6578} - C:\WINDOWS\system32\tuvwvsr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: MagicTune4.0.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - http://update.nprotect.net/sci/install_new/NPPWebInstal...
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/keycrypt/npkcx.c...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll (file missing)
O20 - Winlogon Notify: tuvwvsr - C:\WINDOWS\SYSTEM32\tuvwvsr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024

--
End of file - 10384 bytes
---------------------------------------------------------------


Malgrès tout ça les pop-up system doctor réapparaissent quand même :s







Accessoirement AntiVir sonne régulièrement pour la même alerte et ce quelque soit l'action que je préconise (move to quarantine, Delete, Rename, Etc ...)

celà concerne:

C:\WINDOWS\system32\tuvwvsr.dll

Elle reviens toutes les 10sec ... quelque soit l'action d'AntiVir


Ps: D'ailleur peut-on couper la sonnerie v_v

Refais un scan Combofix stp. Tu n'auras bientôt plus de sonnerie  

Voilà pour le Scan CoboFix:

------------------------------------------------------------------
ComboFix 07-10-03.7 - Lionel Hofert 2007-10-03 17:39:51.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1514 [GMT 2:00]
Running from: C:\Documents and Settings\Lionel Hofert\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\jityegns.dll
C:\WINDOWS\system32\sngeytij.ini
C:\WINDOWS\system32\vybeg.bak1
C:\WINDOWS\system32\vybeg.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-03 to 2007-10-03 ))))))))))))))))))))))))))))))))))))
.

2007-10-03 15:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 14:55 <REP> d-------- C:\Program Files\Avira
2007-10-03 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-03 14:13 77,376 --a------ C:\WINDOWS\system32\wnhjgckw.dll
2007-10-03 14:05 77,376 --a------ C:\WINDOWS\system32\loyugaml.dll
2007-10-03 13:53 <REP> d-------- C:\VundoFix Backups
2007-10-01 19:55 87,104 --a------ C:\WINDOWS\system32\xwmshxfu.dll
2007-10-01 12:10 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\WinRAR
2007-10-01 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-03 12:13 32 --a------ C:\WINDOWS\system32\driver.dat
2007-09-03 12:05 <REP> d-------- C:\WINDOWS\NV31763484.TMP
2007-09-03 12:01 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Bioshock
2007-09-03 11:12 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield Installation Information

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-02 11:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-08-24 20:16 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\vlc
2007-08-24 20:14 --------- d-------- C:\Program Files\Satsuki Decoder Pack
2007-08-17 17:25 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-08-17 17:25 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-17 16:23 8478720 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-08-17 16:23 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-08-17 16:23 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-08-17 16:23 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-08-17 16:23 6842208 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-08-17 16:23 6746112 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-08-17 16:23 6344704 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-08-17 16:23 5860736 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-08-17 16:23 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-08-17 16:23 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-08-17 16:23 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-08-17 16:23 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-08-17 16:23 36864 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-08-17 16:23 36864 --a------ C:\WINDOWS\system32\nvcod.dll
2007-08-17 16:23 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-08-17 16:23 3551232 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-08-17 16:23 3334144 --a------ C:\WINDOWS\system32\nvgames.dll
2007-08-17 16:23 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-08-17 16:23 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-08-17 16:23 2371584 --a------ C:\WINDOWS\system32\nvwss.dll
2007-08-17 16:23 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-08-17 16:23 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-08-17 16:23 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-08-17 16:23 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-08-17 16:23 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-08-17 16:23 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-08-17 16:23 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-08-17 16:23 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-08-17 16:23 1150976 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-08-17 16:23 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-08-17 16:23 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-08-14 11:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-14 11:54 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield
2007-08-14 10:45 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\GetRightToGo
2007-08-13 11:16 127034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-08-06 12:56 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Logitech
2007-08-06 12:52 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-08-06 12:52 --------- d-------- C:\Program Files\Logitech
2007-08-06 12:51 --------- d-------- C:\Program Files\Fichiers communs\Logitech
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-28 18:43 751623 ---hs---- C:\WINDOWS\system32\srqss.bak2
2007-06-26 20:00 21948 --a------ C:\Program Files\serial.zip
2007-06-26 20:00 21948 --a------ C:\Program Files\serial.dat
2007-06-26 16:56 0 --a------ C:\Program Files\vqesyyn.exe
2007-06-26 16:56 0 --a------ C:\Program Files\secure32.html
2006-12-28 20:10 7168 --ahs---- C:\Program Files\Thumbs.db
2006-11-23 00:30 94080 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezplay.sys
2006-11-23 00:30 81920 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezpinst.exe
2006-11-23 00:30 47360 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\pcouffin.sys
2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.zip
2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.tbe
2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.zip
2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.tde
2006-05-28 15:05 221099 -rahs---- C:\Program Files\serial.tde
2006-02-19 04:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
2006-01-15 15:33 9728 --------- C:\Program Files\vorbisfile.dll
2006-01-15 15:32 8704 --------- C:\Program Files\ogg.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{449A7F9B-75AF-49E8-99BC-E7B3D78339C2}]
C:\WINDOWS\system32\mlljk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F75E47-94D2-48AC-8D32-863356FA6578}]
2007-06-26 16:51 26166 --------- C:\WINDOWS\system32\tuvwvsr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 10:53 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-09-01 15:32]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-11 19:41]
"iTunesHelper"="D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe" [2005-05-14 00:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"nwiz"="nwiz.exe" [2007-08-17 16:23 C:\WINDOWS\system32\nwiz.exe]
"SS1HelperStartUp"="C:\PROGRA~1\SEASID~1\SS1HEL~1.exe" []
"IMEKRMIG6.1"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 12:13]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 12:14]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-10-03 08:37]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-12-26 17:23]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-17 16:23]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
"CursorXP"="D:\PROGRAMMES\CURSOR\CursorXP.exe" [2005-01-19 17:34]
"igndlm.exe"="D:\PROGRAMMES\Download Manager\dlm.exe" [2007-03-05 13:57]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-13 12:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{90F75E47-94D2-48AC-8D32-863356FA6578}"= C:\WINDOWS\system32\tuvwvsr.dll [2007-06-26 16:51 26166]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]
C:\WINDOWS\system32\mlljk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwvsr]
tuvwvsr.dll 2007-06-26 16:51 26166 C:\WINDOWS\system32\tuvwvsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S3 WINIO;WINIO;\??\F:\DRIVER\Audio\winio.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1840b2f2-3d5b-11da-a9c3-0010a7132ad6}]
AutoRun\command- G:\FahrenheitAutoRun.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-26 16:00:00 C:\WINDOWS\Tasks\At1.job"
"2007-09-26 15:00:00 C:\WINDOWS\Tasks\At10.job"
"2007-09-26 16:00:00 C:\WINDOWS\Tasks\At11.job"
"2007-09-26 12:00:00 C:\WINDOWS\Tasks\At13.job"
"2007-09-26 18:00:00 C:\WINDOWS\Tasks\At14.job"
"2007-06-26 15:12:53 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-09-26 15:00:00 C:\WINDOWS\Tasks\At3.job"
"2007-09-26 18:00:00 C:\WINDOWS\Tasks\At4.job"
"2007-06-26 14:51:41 C:\WINDOWS\Tasks\At5.job"
"2007-09-26 12:00:00 C:\WINDOWS\Tasks\At6.job"
"2007-09-26 18:00:00 C:\WINDOWS\Tasks\At7.job"
"2007-09-26 08:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-09-26 08:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\Program Files\Internet Explorer\iexplore.exe -nohome http://www.amazon.de/exec/obidos/redirect-home?tag=forl...
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 17:49:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-03 17:51:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-03 17:51
C:\ComboFix2.txt ... 2007-10-03 15:29
.
--- E O F ---
----------------------------------------------------------------


Accessoirement a chaque redémarrage j'ai des message d'alerte par vingtaines concernant encore et toujours la même dll.
Chose qui bloque/ralentit considérablement le démarage de Windows.


C:\WINDOWS\system32\tuvwvsr.dll

Re,

Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Voilà le rapport  

-----------------------------------------------------------------
ComboFix 07-10-03.7 - Lionel Hofert 2007-10-03 20:44:40.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1462 [GMT 2:00]
Running from: C:\Documents and Settings\Lionel Hofert\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lionel Hofert\Bureau\CFScript.txt
* Created a new restore point

FILE::
C:\Program Files\secure32.html
C:\Program Files\serial.dat
C:\Program Files\serial.zip
C:\Program Files\vqesyyn.exe
C:\WINDOWS\system32\loyugaml.dll
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\tuvwvsr.dll
C:\WINDOWS\system32\wnhjgckw.dll
C:\WINDOWS\system32\xwmshxfu.dll
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\secure32.html
C:\Program Files\serial.dat
C:\Program Files\serial.zip
C:\Program Files\vqesyyn.exe
C:\VundoFix Backups
C:\VundoFix Backups\kjllm.bak1.bad
C:\VundoFix Backups\kjllm.ini.bad
C:\VundoFix Backups\pmnlj.dll.bad
C:\VundoFix Backups\tuvwvsr.dll.bad
C:\VundoFix Backups\yltoyguy.dll.bad
C:\WINDOWS\system32\loyugaml.dll
C:\WINDOWS\system32\tuvwvsr.dll
C:\WINDOWS\system32\wnhjgckw.dll
C:\WINDOWS\system32\xwmshxfu.dll
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-03 to 2007-10-03 ))))))))))))))))))))))))))))))))))))
.

2007-10-03 15:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 14:55 <REP> d-------- C:\Program Files\Avira
2007-10-03 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-01 12:10 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\WinRAR
2007-10-01 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-03 12:13 32 --a------ C:\WINDOWS\system32\driver.dat
2007-09-03 12:05 <REP> d-------- C:\WINDOWS\NV31763484.TMP
2007-09-03 12:01 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Bioshock
2007-09-03 11:12 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield Installation Information

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-02 11:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-08-24 20:16 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\vlc
2007-08-24 20:14 --------- d-------- C:\Program Files\Satsuki Decoder Pack
2007-08-17 16:23 6842208 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-08-14 11:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-14 11:54 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield
2007-08-14 10:45 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\GetRightToGo
2007-08-13 11:16 127034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-08-06 12:56 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Logitech
2007-08-06 12:52 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-08-06 12:52 --------- d-------- C:\Program Files\Logitech
2007-08-06 12:51 --------- d-------- C:\Program Files\Fichiers communs\Logitech
2006-12-28 20:10 7168 --ahs---- C:\Program Files\Thumbs.db
2006-11-23 00:30 94080 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezplay.sys
2006-11-23 00:30 81920 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezpinst.exe
2006-11-23 00:30 47360 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\pcouffin.sys
2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.zip
2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.tbe
2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.zip
2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.tde
2006-05-28 15:05 221099 -rahs---- C:\Program Files\serial.tde
2006-01-15 15:33 9728 --------- C:\Program Files\vorbisfile.dll
2006-01-15 15:32 8704 --------- C:\Program Files\ogg.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 10:53 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-09-01 15:32]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-11 19:41]
"iTunesHelper"="D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe" [2005-05-14 00:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"nwiz"="nwiz.exe" [2007-08-17 16:23 C:\WINDOWS\system32\nwiz.exe]
"SS1HelperStartUp"="C:\PROGRA~1\SEASID~1\SS1HEL~1.exe" []
"IMEKRMIG6.1"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 12:13]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 12:14]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-10-03 08:37]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-12-26 17:23]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-17 16:23]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
"CursorXP"="D:\PROGRAMMES\CURSOR\CursorXP.exe" [2005-01-19 17:34]
"igndlm.exe"="D:\PROGRAMMES\Download Manager\dlm.exe" [2007-03-05 13:57]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-13 12:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]
C:\WINDOWS\system32\mlljk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S3 WINIO;WINIO;\??\F:\DRIVER\Audio\winio.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1840b2f2-3d5b-11da-a9c3-0010a7132ad6}]
AutoRun\command- G:\FahrenheitAutoRun.exe

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 20:52:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-03 20:54:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-03 20:53
C:\ComboFix2.txt ... 2007-10-03 17:51
C:\ComboFix3.txt ... 2007-10-03 15:29
.
--- E O F ---
---------------------------------------------------------------



Remarques: Je n'ai plus les bib et autres allertes intempestive à ce dernier démarage (de même je peux lancer Firefox ou ouvrir explorer sans avoir d'alerte à tout bous de champs, ... serais ce la bonne voix   . En tout cas déjà merci beacoup pour tout ça !!!!    


Par contre une question : ??? sérieusement jme serais jamais immaginé devoir faire autant de manip juste pour dégager quelques malware et autre bots ... jsuis vraiment impressionné par les démarches à suivre (Je suis Infographiste de formation, jm'y connais peu en architecture windows ... )

Je me demande juste / et j'espère ne pas avoir à réitérer toutes ces manips dans 1 semaines juste parce que j'aurais surfé un peu et que mon ordi se sera de nouveau choper pleins de saloperie    

En tout cas merci. Je reste à l'écoute de la suite  

Re,


Quelques malwares ? Une trouzaines oui  


Pourquoi tu penses te faire réinfecter ?

  ... Ben jpensais être à l'abrit avec Spybot et Ad-Aware  



Et bien je me dit tout simplement que j'avais un antivirus (Avast) que je passais régulièrement l'aspirateur (via Spybot et Ad-Aware) et que je me suis fait sérieusement -c'est indéniable- infecter, ...
Donc la question est, est ce qu'avec toutes ces manip je suis au peu plus à l'abri aujourd'hui ou vais devoir faire ce genre de manip souvent à l'avenir. La question exacte serais: Quel est la bonne attitude à prendre dorénavant  

Ps: Encore merci !!!!!!

Adepte des carcks, xxx ?

... euh pas spécialement (mis à par les MMO je suis pas un grand joueur sur PC), mais ça m'est arrivé une fois ou deux oui ...

Reposte un rapport Hijackthis  

Voilà ce que ça donne  


-----------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:02, on 04/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMMES\CURSOR\CursorXP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SEC\MT4.0\GammaTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\SEC\MT4.0\MagicTune.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lionel Hofert\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: MagicTune4.0.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - http://update.nprotect.net/sci/install_new/NPPWebInstal...
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/keycrypt/npkcx.c...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024

--
End of file - 10113 bytes
----------------------------------------------------------------

Re,

Analyse le fichier ci-dessous chez VirusTotal puis poste le rapport :
C:\WINDOWS\system32\winsys2.exe

Voilà le rapport de VirusTotal:

-----------------------------------------------------------------
Fichier winsys2.exe reçu le 2007.10.04 13:31:21 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 6.
L'heure estimée de démarrage est entre 61 et 87 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.10.4.0 2007.10.04 -
AntiVir 7.6.0.18 2007.10.04 -
Authentium 4.93.8 2007.10.03 -
Avast 4.7.1051.0 2007.10.04 -
AVG 7.5.0.488 2007.10.04 -
BitDefender 7.2 2007.10.04 -
CAT-QuickHeal 9.00 2007.10.03 -
ClamAV 0.91.2 2007.10.04 -
DrWeb 4.44.0.09170 2007.10.04 -
eSafe 7.0.15.0 2007.10.02 -
eTrust-Vet 31.2.5185 2007.10.04 -
Ewido 4.0 2007.10.04 -
FileAdvisor 1 2007.10.04 -
Fortinet 3.11.0.0 2007.10.03 -
F-Prot 4.3.2.48 2007.10.03 -
F-Secure 6.70.13030.0 2007.10.04 -
Ikarus T3.1.1.12 2007.10.04 -
Kaspersky 7.0.0.125 2007.10.04 -
McAfee 5133 2007.10.03 -
Microsoft 1.2908 2007.10.04 -
NOD32v2 2571 2007.10.04 -
Norman 5.80.02 2007.10.03 -
Panda 9.0.0.4 2007.10.04 -
Prevx1 V2 2007.10.04 -
Rising 19.43.30.00 2007.10.04 -
Sophos 4.22.0 2007.10.04 -
Sunbelt 2.2.907.0 2007.10.04 -
Symantec 10 2007.10.04 -
TheHacker 6.2.6.076 2007.10.03 -
VBA32 3.12.2.4 2007.10.03 -
VirusBuster 4.3.26:9 2007.10.03 -
Webwasher-Gateway 6.0.1 2007.10.04 -
Information additionnelle
File size: 217088 bytes
MD5: 246ed5328f940e4fdaab0b2fc987da01
SHA1: d5e2592cf25b48efb1225e37c45bce99a13466c8
--------------------------------------------------------------

Tu as bien attendu la fin du scan ?

Euh .. oui absolument  

Tu peux le scanner le fichier à l'adresse ci-dessous ?
http://virusscan.jotti.org/

Voilà le résultat du Scan  

------------------------------------------------------------------
Service load:
0% 100%
File: winsys2.exe
Status:
OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 246ed5328f940e4fdaab0b2fc987da01
Packers detected:
-
Bit9 reports: No threat detected (more info)
Scanner results
Scan taken on 07 Oct 2007 10:22:31 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
---------------------------------------------------------------

Reposte un rapport Hijackthis  

Voilà  

-----------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:29, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMMES\CURSOR\CursorXP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SEC\MT4.0\GammaTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\SEC\MT4.0\MagicTune.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lionel Hofert\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: MagicTune4.0.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - http://update.nprotect.net/sci/install_new/NPPWebInstal...
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/keycrypt/npkcx.c...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024

--
End of file - 10375 bytes
---------------------------------------------------------------

Re,

Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - http://update.nprotect.net/sci/ins [...] tallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll (file missing)

J'ai fait tout ça.
Voilà le rapport Hijckthis  

-----------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:29, on 09/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMMES\CURSOR\CursorXP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SEC\MT4.0\GammaTray.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\SEC\MT4.0\MagicTune.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lionel Hofert\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\RunOnce: [LogiSPSetupNeedReboot] rundll32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune4.0.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/keycrypt/npkcx.c...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024

--
End of file - 10090 bytes
---------------------------------------------------------------

Ton pc se comporte mieux ?

Oui. Je le trouve un peu plus rapide (bon pas comme un DualCore   ) mais plus rapide au démarrage.

Ensuite j'ai de vastes répertoires qui composent un jeux de rôles que je réalise la taille s'élève à plusieurs vingtaines de Gigas d'images, de Mp3 et autres vidéos. Avant que tu ne me vienne en aide, je peinais à ouvrir certains répertoires (temps de chargement des images et des aperçut, relativement long).

Enfin à chaque foi que je surfais un peu sur le net, je me faisait plomber à coup de pop up (3 à 4 en moyenne) de system doctor et autres sites ...


Depuis je n'ai plus de problèmes de ce genre.

Accessoirement, je ne sais pas si ça à un rapport, mais mon pc avait tendance à reboot sans raison, sans plantage, ni rien d'autre de ce genre, juste un reset inexpliqué. J'avais pensé à l'alim ou aux multiprises bon marché, vois encore à la tension du secteur ...
Mais depuis que j'ai netoyé mon Pc avec ton aide, je n'ai plus relevé ce genre de ~panne~.

         

Il devait surchauffer  

Salut  

Je pourais te demander de jetter vite fait un oeil à mon rapport HiJack STP. Merci beaucoup !!

---------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:25, on 30/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMMES\CURSOR\CursorXP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\SEC\MT4.0\GammaTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\SEC\MT4.0\MagicTune.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lionel Hofert\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune4.0.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.c...
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProtect/keycrypt/npkcx.c...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024

--
End of file - 10625 bytes

----------------------------------------------------------------------------------------