Bonjour à tous.
 
Je me doute que mon post vas certainement parraitre récurent, mais j'ai vraiment besoin d'un coup de pouce de la part de personnes s'y connaissant vraiment en matière, de malware et autre saletés du genre qui pourrisse progressivement nos ptit PC adoré    
 
 
En gros voilà ma situation:
 
Possesseur de Windows Xp-Pro.
Depuis quelques mois j'ai été infecté par System Doctor, WinPro et autre autres ... Jusqu'alors ça ne touchais que Internet Explorer. Mais depuis peu Firefox en à egalement été la victime. ...    
 
 
Plus embêtant depuis peu Winrar plante lors de l'ouverture des archives ... pas moyen de le relancer sans avoir à reboot.
(et encore au bout d'un moment ça plante à nouveau ...)
 
Plus ennuyeux et étrange lorsque Winrar plante et bien Spybot et Ad-Aware plantent également au lancement. Le message d'erreur s'affiche et ne peux être fermé (enfin si mais le message d'erreur persiste et réaparaissant -> Message typique qui propose l'envoie de l'erreur à Microsoft, rien de plus)
 
... Alors j'ai un peu trainé sur le net jusqu'à tomber sur un ou deux topics ici. Dans l'espoir d'être entendu j'ai pris les devant en téléchargeant Hijack et en vous copiant le Log que voici ...
(auquel -navré- je ne comprend rien   )
 
 
---------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:26, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMMES\CURSOR\CursorXP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SEC\MT4.0\GammaTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SEC\MT4.0\MagicTune.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lionel Hofert\Bureau\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\qmafgoeb.dll",sitypnow
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: MagicTune4.0.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - http://update.nprotect.net/sci/ins [...] tallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ [...] .6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProt [...] /npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 0: (no name) - file:///CDocuments%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024
 
--
End of file - 9700 bytes
---------------------------------------------------------------
 
 
Voilà pourriez vous m'aidez -a l'occaliser et erradiquer le/les problèmes- s'il vous plais.
 
Merci d'avance !

Bonjour,
 
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

• Double-clique VundoFix.exe afin de le lancer
• Clique sur le bouton Scan for Vundo
• Lorsque le scan est complété, clique sur le bouton Remove Vundo
• Une invite te demandera si tu veux supprimer les fichiers, clique YES
• Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
• Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
• Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Merci Angeldark.
 
Voilà donc le rapport VundoFix:
 
-----------------------------------------------------------------
 
 
VundoFix V6.5.9
 
Checking Java version...
 
Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.
 
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
 
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
 
Scan started at 13:53:35 03/10/2007
 
Listing files found while scanning....
 
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\tuvwvsr.dll
C:\WINDOWS\system32\yltoyguy.dll
 
Beginning removal...
 
 Attempting to delete C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak1 Has been deleted!
 
 Attempting to delete C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini Has been deleted!
 
 Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Could not be deleted.
 
 Attempting to delete C:\WINDOWS\system32\tuvwvsr.dll
C:\WINDOWS\system32\tuvwvsr.dll Could not be deleted.
 
 Attempting to delete C:\WINDOWS\system32\yltoyguy.dll
C:\WINDOWS\system32\yltoyguy.dll Could not be deleted.
 
Performing Repairs to the registry.
Done!
 
Beginning removal...
 
 Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Could not be deleted.
 
 Attempting to delete C:\WINDOWS\system32\tuvwvsr.dll
C:\WINDOWS\system32\tuvwvsr.dll Could not be deleted.
 
 Attempting to delete C:\WINDOWS\system32\yltoyguy.dll
C:\WINDOWS\system32\yltoyguy.dll Has been deleted!
 
Performing Repairs to the registry.
Done!
 
---------------------------------------------------------------
 
 
 
 
Et voilà le HijackThis
 
 
---------------------------------------------------------------
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:57, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\MagicRotation\MagicPvt.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRAMMES\CURSOR\CursorXP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SEC\MT4.0\GammaTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
C:\Program Files\SEC\MT4.0\MagicTune.exe
C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Lionel Hofert\Mes documents\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SS1HelperStartUp] "C:\PROGRA~1\SEASID~1\SS1HEL~1.EXE" /partner SS1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] D:\PROGRAMMES\CURSOR\CursorXP.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\PROGRAMMES\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: MagicTune4.0.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?e4f6014a832d4931859663a7781ecbf6
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?e4f6014a832d4931859663a7781ecbf6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C72835A-34C5-4273-A700-A2347E784B58} - http://update.nprotect.net/sci/ins [...] tallV2.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ [...] .6.108.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://package.hyosungcdn.com/download/p3xset.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://rohan.cachenet.com/nProtect/Netizen/npx.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://nprotect.ncsoft.co.kr/nProt [...] /npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\Software\..\Telephony: DomainName = VAMPIRE
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VAMPIRE
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = VAMPIRE
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 0: (no name) - file:///CDocuments%20and%20Settings/Lionel%20Hofert/Mes%20documents/Mes%20images/daeya.org_magna_carta_the_wings_of_light_1280x1024
 
--
End of file - 9552 bytes
 
---------------------------------------------------------------
 
 
Merci encore de ton aide.
J'attend la suite de ta réponse.  

Re,
 

• Télécharge combofix.exe (par sUBs) sur ton Bureau.
• Double clique combofix.exe.
• Tape sur la touche 1 (Yes) pour démarrer le scan.
• Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

... et voilà comme ça m'est arrivé souvent en voulant utiliser Ad-Aware ou Spybot ainsi que tout autre logiciels servant à virer malwares and co.  
 
ça plante et j'ai droit à ce jolie message:
 
Freeware implementation of REG.EXE a rencontré un problème et doit fermer. Nous vous prions de nous excuser pour le désagrément encouru.
 
Tout ceci sans pouvoir dégager la fenêtre vue qu'en cliquant sur la croix pour fermer la fenêtre repop ...
 
avec un autre message d'erreur windows:
 
L'instruction à "0x0047312a" emploie l'adresse mémoire "0x01100de2". La mémoire ne peut pas être "read".
 
 
... au secour  

Re,
 
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
 
Fais un scan complet puis poste le rapport en fin d'analyse.

Merci encore pour ta patience et ton aide.
 
Voilà pour le rapport du Scan Windows System Directory
 
-----------------------------------------------------------------
 
 
AntiVir PersonalEdition Classic
Report file date: mercredi 3 octobre 2007  15:04
 
Scanning for 863296 virus strains and unwanted programs.
 
Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         Lionel Hofert
Computer name:    MANA
 
Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 12:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 11:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 14:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 12:57:49
ANTIVIR1.VDF : 7.0.0.0     1640448 Bytes  13/09/2007 12:57:49
ANTIVIR2.VDF : 7.0.0.32     315904 Bytes  28/09/2007 12:57:49
ANTIVIR3.VDF : 7.0.0.46      76800 Bytes  03/10/2007 12:57:49
AVEWIN32.DLL : 7.6.0.18    2810368 Bytes  03/10/2007 12:57:50
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 09:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 06:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes  03/08/2007 07:46:00
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 06:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 06:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 10:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 11:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 11:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 08:37:21
 
Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysdir.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,  
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
 
Start of the scan: mercredi 3 octobre 2007  15:04
 
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'MagicTune.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'NaturalColorLoad.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GammaTray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'lxbbbmon.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'CursorXP.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'MagicPvt.exe' - '1' Module(s) have been scanned
Scan process 'WinSys2.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'lxbbbmgr.exe' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wbload.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Smc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned
 
Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
 
Starting to scan the registry.
C:\WINDOWS\system32\pmnlj.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [WARNING]   An error has occurred and the file was not deleted. ErrorID: 16003
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\pmnlj.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
C:\WINDOWS\system32\tuvwvsr.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [WARNING]   An error has occurred and the file was not deleted. ErrorID: 16003
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\tuvwvsr.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
 
The registry was scanned ( '54' files ).
 
 
Starting the file scan:
 
Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\Autorun.exe
      [DETECTION] Contains detection pattern of a probably damaged sample CC/UKMalw.LB
      [INFO]      The file was moved to '477793ed.qua'!
C:\WINDOWS\system32\pmnlj.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [WARNING]   An error has occurred and the file was not deleted. ErrorID: 16003
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\sstqn.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was moved to '47779420.qua'!
C:\WINDOWS\system32\tuvwvsr.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [WARNING]   An error has occurred and the file was not deleted. ErrorID: 16003
      [WARNING]   The file could not be deleted!
C:\WINDOWS\system32\drivers\sptd.sys
      [WARNING]   The file could not be opened!
 
 
End of the scan: mercredi 3 octobre 2007  15:07
Used time: 03:18 min
 
The scan has been done completely.
 
    235 Scanning directories
   8329 Files were scanned
      6 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      2 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
   8323 Files not concerned
     16 Archives were scanned
      5 Warnings
      0 Notes
 
-------------------------------------------------------------

Reposte un rapport Hijackthis.

J'ai pu faire le diagnostic avec COmbofix
 
Le voilà:
 
-----------------------------------------------------------------
ComboFix 07-10-03.7 - Lionel Hofert 2007-10-03 15:11:57.1 - NTFSx86  
Microsoft Windows XP Professionnel  5.1.2600.2.1252.1.1036.18.1293 [GMT 2:00]
Running from: C:\Documents and Settings\Lionel Hofert\Bureau\ComboFix.exe
 * Created a new restore point
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bwyirxcw.dll
C:\WINDOWS\system32\cemqevwu.ini
C:\WINDOWS\system32\fnqyjpkl.dll
C:\WINDOWS\system32\ibdbrjat.dll
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.tmp
C:\WINDOWS\system32\lkpjyqnf.ini
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\qebyxwrv.ini
C:\WINDOWS\system32\SysPr.prx
C:\WINDOWS\system32\tajrbdbi.ini
C:\WINDOWS\system32\uwveqmec.dll
C:\WINDOWS\system32\vrwxybeq.dll
C:\WINDOWS\system32\wcxriywb.ini
C:\WINDOWS\system32\winsys.exe
 
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
-------\LEGACY_DOMAINSERVICE
-------\DomainService
 
 
(((((((((((((((((((((((((((((   Fichiers créés 2007-09-03 to 2007-10-03  ))))))))))))))))))))))))))))))))))))
.
 
2007-10-03 15:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 14:55 <REP> d-------- C:\Program Files\Avira
2007-10-03 14:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-03 14:13 77,376 --a------ C:\WINDOWS\system32\wnhjgckw.dll
2007-10-03 14:05 77,376 --a------ C:\WINDOWS\system32\loyugaml.dll
2007-10-03 13:53 <REP> d-------- C:\VundoFix Backups
2007-10-01 19:55 87,104 --a------ C:\WINDOWS\system32\xwmshxfu.dll
2007-10-01 12:10 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\WinRAR
2007-10-01 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-03 12:13 32 --a------ C:\WINDOWS\system32\driver.dat
2007-09-03 12:05 <REP> d-------- C:\WINDOWS\NV31763484.TMP
2007-09-03 12:01 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Bioshock
2007-09-03 11:12 <REP> d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield Installation Information
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-02 11:08 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-08-24 20:16 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\vlc
2007-08-24 20:14 --------- d-------- C:\Program Files\Satsuki Decoder Pack
2007-08-17 17:25 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-08-17 17:25 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-08-17 16:23 8478720 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-08-17 16:23 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-08-17 16:23 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-08-17 16:23 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-08-17 16:23 6842208 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-08-17 16:23 6746112 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-08-17 16:23 6344704 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-08-17 16:23 5860736 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-08-17 16:23 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-08-17 16:23 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-08-17 16:23 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-08-17 16:23 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-08-17 16:23 36864 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-08-17 16:23 36864 --a------ C:\WINDOWS\system32\nvcod.dll
2007-08-17 16:23 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-08-17 16:23 3551232 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-08-17 16:23 3334144 --a------ C:\WINDOWS\system32\nvgames.dll
2007-08-17 16:23 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-08-17 16:23 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-08-17 16:23 2371584 --a------ C:\WINDOWS\system32\nvwss.dll
2007-08-17 16:23 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-08-17 16:23 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-08-17 16:23 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-08-17 16:23 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-08-17 16:23 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-08-17 16:23 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-08-17 16:23 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2007-08-17 16:23 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-08-17 16:23 1150976 --a------ C:\WINDOWS\system32\nvmobls.dll
2007-08-17 16:23 1073152 --a------ C:\WINDOWS\system32\nvcpluir.dll
2007-08-17 16:23 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-08-14 11:55 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-14 11:54 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\InstallShield
2007-08-14 10:45 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\GetRightToGo
2007-08-13 11:16 127034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-08-06 12:56 --------- d-------- C:\Documents and Settings\Lionel Hofert\Application Data\Logitech
2007-08-06 12:52 118784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-08-06 12:52 --------- d-------- C:\Program Files\Logitech
2007-08-06 12:51 --------- d-------- C:\Program Files\Fichiers communs\Logitech
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-28 18:43 751623 ---hs---- C:\WINDOWS\system32\srqss.bak2
2007-06-26 20:00 21948 --a------ C:\Program Files\serial.zip
2007-06-26 20:00 21948 --a------ C:\Program Files\serial.dat
2007-06-26 16:56 0 --a------ C:\Program Files\vqesyyn.exe
2007-06-26 16:56 0 --a------ C:\Program Files\secure32.html
2006-12-28 20:10 7168 --ahs---- C:\Program Files\Thumbs.db
2006-11-23 00:30 94080 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezplay.sys
2006-11-23 00:30 81920 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\ezpinst.exe
2006-11-23 00:30 47360 --a------ C:\Documents and Settings\Lionel Hofert\Application Data\pcouffin.sys
2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.zip
2006-05-28 17:46 397306 --a------ C:\Program Files\wunauclt.tbe
2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.zip
2006-05-28 15:45 115459 -rahs---- C:\Program Files\andame.tde
2006-05-28 15:05 221099 -rahs---- C:\Program Files\serial.tde
2006-02-19 04:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
2006-01-15 15:33 9728 --------- C:\Program Files\vorbisfile.dll
2006-01-15 15:32 8704 --------- C:\Program Files\ogg.dll
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{449A7F9B-75AF-49E8-99BC-E7B3D78339C2}]
   C:\WINDOWS\system32\mlljk.dll
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F75E47-94D2-48AC-8D32-863356FA6578}]
2007-06-26 16:51 26166 --------- C:\WINDOWS\system32\tuvwvsr.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 10:53 C:\WINDOWS\SOUNDMAN.EXE]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-09-01 15:32]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-11 19:41]
"iTunesHelper"="D:\PROGRAMMES\QUICKTIME\iTunesHelper.exe" [2005-05-14 00:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"nwiz"="nwiz.exe" [2007-08-17 16:23 C:\WINDOWS\system32\nwiz.exe]
"SS1HelperStartUp"="C:\PROGRA~1\SEASID~1\SS1HEL~1.exe" []
"IMEKRMIG6.1"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 12:13]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 12:14]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-10-03 08:37]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2005-12-26 17:23]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 09:48 C:\WINDOWS\KHALMNPR.Exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-17 16:23]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
"CursorXP"="D:\PROGRAMMES\CURSOR\CursorXP.exe" [2005-01-19 17:34]
"igndlm.exe"="D:\PROGRAMMES\Download Manager\dlm.exe" [2007-03-05 13:57]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-08-13 12:38]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{90F75E47-94D2-48AC-8D32-863356FA6578}"= C:\WINDOWS\system32\tuvwvsr.dll [2007-06-26 16:51 26166]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]  
C:\WINDOWS\system32\mlljk.dll  
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwvsr]  
tuvwvsr.dll 2007-06-26 16:51 26166 C:\WINDOWS\system32\tuvwvsr.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]  
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
 
R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S3 WINIO;WINIO;\??\F:\DRIVER\Audio\winio.sys
 
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1840b2f2-3d5b-11da-a9c3-0010a7132ad6}]
AutoRun\command- G:\FahrenheitAutoRun.exe
 
*Newly Created Service* - SSMDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-26 16:00:00 C:\WINDOWS\Tasks\At1.job"
"2007-09-26 15:00:00 C:\WINDOWS\Tasks\At10.job"
"2007-09-26 16:00:00 C:\WINDOWS\Tasks\At11.job"
"2007-09-26 12:00:00 C:\WINDOWS\Tasks\At13.job"
"2007-09-26 18:00:00 C:\WINDOWS\Tasks\At14.job"
"2007-06-26 15:12:53 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-09-26 15:00:00 C:\WINDOWS\Tasks\At3.job"
"2007-09-26 18:00:00 C:\WINDOWS\Tasks\At4.job"
"2007-06-26 14:51:41 C:\WINDOWS\Tasks\At5.job"
"2007-09-26 12:00:00 C:\WINDOWS\Tasks\At6.job"
"2007-09-26 18:00:00 C:\WINDOWS\Tasks\At7.job"
"2007-09-26 08:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-09-26 08:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\Program Files\Internet Explorer\iexplore.exe -nohome http://www.amazon.de/exec/obidos/r [...] &sit