Virus malwarewipe

Bonsoir Régis

voila les elements demandes

rapportVBG


[07/26/2006, 23:57:51] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\roland\Bureau\VirtumundoBeGone.exe" )
[07/26/2006, 23:57:59] - Detected System Information:
[07/26/2006, 23:57:59] - Windows Version: 5.1.2600, Service Pack 2
[07/26/2006, 23:57:59] - Current Username: roland (Admin)
[07/26/2006, 23:57:59] - Windows is in NORMAL mode.
[07/26/2006, 23:57:59] - Searching for Browser Helper Objects:
[07/26/2006, 23:57:59] - BHO 1: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} (DAPHelper Class)
[07/26/2006, 23:57:59] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/26/2006, 23:57:59] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2006, 23:57:59] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/26/2006, 23:57:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2006, 23:57:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/26/2006, 23:57:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/26/2006, 23:57:59] - BHO 5: {ACC73579-2FC4-4580-863D-D8A4C08DC963} ()
[07/26/2006, 23:57:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2006, 23:57:59] - Checking for HKLM\...\Winlogon\Notify\jkhff
[07/26/2006, 23:57:59] - Found: HKLM\...\Winlogon\Notify\jkhff - This is probably Virtumundo.
[07/26/2006, 23:57:59] - Assigning {ACC73579-2FC4-4580-863D-D8A4C08DC963} MSEvents Object
[07/26/2006, 23:57:59] - BHO list has been changed! Starting over...
[07/26/2006, 23:57:59] - BHO 1: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} (DAPHelper Class)
[07/26/2006, 23:57:59] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/26/2006, 23:57:59] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2006, 23:57:59] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/26/2006, 23:57:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2006, 23:57:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/26/2006, 23:57:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/26/2006, 23:57:59] - BHO 5: {ACC73579-2FC4-4580-863D-D8A4C08DC963} (MSEvents Object)
[07/26/2006, 23:57:59] - ALERT: Found MSEvents Object!
[07/26/2006, 23:57:59] - BHO 6: {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} ()
[07/26/2006, 23:57:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2006, 23:57:59] - No filename found. Continuing.
[07/26/2006, 23:57:59] - Finished Searching Browser Helper Objects
[07/26/2006, 23:57:59] - *** Detected MSEvents Object
[07/26/2006, 23:57:59] - Trying to remove MSEvents Object...
[07/26/2006, 23:58:00] - Terminating Process: IEXPLORE.EXE
[07/26/2006, 23:58:04] - Terminating Process: RUNDLL32.EXE
[07/26/2006, 23:58:05] - Disabling Automatic Shell Restart
[07/26/2006, 23:58:05] - Terminating Process: EXPLORER.EXE
[07/26/2006, 23:58:06] - Suspending the NT Session Manager System Service
[07/26/2006, 23:58:09] - Terminating Windows NT Logon/Logoff Manager
[07/26/2006, 23:58:15] - Re-enabling Automatic Shell Restart
[07/26/2006, 23:58:15] - File to disable: C:\WINDOWS\system32\jkhff.dll
[07/26/2006, 23:58:15] - Renaming C:\WINDOWS\system32\jkhff.dll -> C:\WINDOWS\system32\jkhff.dll.vir
[07/26/2006, 23:58:15] - File successfully renamed!
[07/26/2006, 23:58:15] - Removing HKLM\...\Browser Helper Objects\{ACC73579-2FC4-4580-863D-D8A4C08DC963}
[07/26/2006, 23:58:15] - Removing HKCR\CLSID\{ACC73579-2FC4-4580-863D-D8A4C08DC963}
[07/26/2006, 23:58:15] - Adding Kill Bit for ActiveX for GUID: {ACC73579-2FC4-4580-863D-D8A4C08DC963}
[07/26/2006, 23:58:15] - Deleting ATLEvents/MSEvents Registry entries
[07/26/2006, 23:58:15] - Removing HKLM\...\Winlogon\Notify\jkhff
[07/26/2006, 23:58:15] - Searching for Browser Helper Objects:
[07/26/2006, 23:58:15] - BHO 1: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} (DAPHelper Class)
[07/26/2006, 23:58:15] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/26/2006, 23:58:15] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/26/2006, 23:58:15] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/26/2006, 23:58:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2006, 23:58:15] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/26/2006, 23:58:15] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/26/2006, 23:58:15] - BHO 5: {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} ()
[07/26/2006, 23:58:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/26/2006, 23:58:15] - No filename found. Continuing.
[07/26/2006, 23:58:15] - Finished Searching Browser Helper Objects
[07/26/2006, 23:58:15] - Finishing up...
[07/26/2006, 23:58:15] - A restart is needed.
[07/26/2006, 23:58:20] - Attempting to Restart via STOP error (Blue Screen!)

[07/27/2006, 0:03:49] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\roland\Bureau\VirtumundoBeGone.exe" )
[07/27/2006, 0:04:03] - Detected System Information:
[07/27/2006, 0:04:03] - Windows Version: 5.1.2600, Service Pack 2
[07/27/2006, 0:04:03] - Current Username: roland (Admin)
[07/27/2006, 0:04:03] - Windows is in NORMAL mode.
[07/27/2006, 0:04:03] - Searching for Browser Helper Objects:
[07/27/2006, 0:04:03] - BHO 1: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} (DAPHelper Class)
[07/27/2006, 0:04:03] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/27/2006, 0:04:03] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/27/2006, 0:04:03] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/27/2006, 0:04:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2006, 0:04:03] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/27/2006, 0:04:03] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/27/2006, 0:04:03] - BHO 5: {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} ()
[07/27/2006, 0:04:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2006, 0:04:03] - No filename found. Continuing.
[07/27/2006, 0:04:03] - Finished Searching Browser Helper Objects
[07/27/2006, 0:04:03] - Finishing up...
[07/27/2006, 0:04:03] - Nothing found! Exiting...

[07/27/2006, 0:04:46] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\roland\Bureau\VirtumundoBeGone.exe" )
[07/27/2006, 0:05:01] - Detected System Information:
[07/27/2006, 0:05:01] - Windows Version: 5.1.2600, Service Pack 2
[07/27/2006, 0:05:02] - Current Username: roland (Admin)
[07/27/2006, 0:05:02] - Windows is in NORMAL mode.
[07/27/2006, 0:05:02] - Searching for Browser Helper Objects:
[07/27/2006, 0:05:02] - BHO 1: {0000CC75-ACF3-4cac-A0A9-DD3868E06852} (DAPHelper Class)
[07/27/2006, 0:05:02] - BHO 2: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/27/2006, 0:05:02] - BHO 3: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/27/2006, 0:05:02] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/27/2006, 0:05:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2006, 0:05:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/27/2006, 0:05:02] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/27/2006, 0:05:02] - BHO 5: {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} ()
[07/27/2006, 0:05:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/27/2006, 0:05:02] - No filename found. Continuing.
[07/27/2006, 0:05:02] - Finished Searching Browser Helper Objects
[07/27/2006, 0:05:02] - Finishing up...
[07/27/2006, 0:05:02] - Nothing found! Exiting...

Rapport HijackThis

ogfile of HijackThis v1.99.1
Scan saved at 00:06:12, on 27/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {308A2D36-B5F4-9E74-A145-E72B51C082C9} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\cmd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winxzl32 - winxzl32.dll (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Merci et plus encore

Je viens de découvrir le lien vers le site d'entraide et je trouve cela formidable. J'aimerai m'investir dans cette démarche mais je ne maitrise pas encore assez le sujet ; donc je bosse, merci pour les lecons sur le site, je ne sais pas encore comment participer mais je sais que je vais participer (j'ai du temps !)

Merci encore a vous tous Roland

Bonjour Regis,

Merci pour cette aide au nettoyage, en ce qui concerne la dernière partie sur le site de virustotal, je n'ai pas de fichier cmd.dll dans windows/system32 (tout au plus un cmd.exe) je ne sais pas si c'est grave !

Merci encore - cordialement
Roland

Salut Regis,
Zut je vais mal dormir
voila le rapport hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 22:20:17, on 27/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\cmd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Merci de me concsacrer autant d'energie

Roland