Spyware plutot lourd ...

J'ai fait une analyse via Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 21:00:26, on 07/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS1\System32\vvgeowbv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\System32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS1\System32\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS1\System32\nvsvc32.exe
C:\WINDOWS1\System32\PnkBstrA.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS1\System32\wuauclt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS1\System32\vvgeowbv.exe,C:\WINDOWS1\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS1\system32\aivskurq.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS1\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users.WINDOWS1\Application Data\Software rule flag owns\FACE LICENSE.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS1\System32\PnkBstrA.exe

Bonjour,

Télécharge Lop S&D.zip.
Dézippe-le sur ton Bureau uniquement.
Ouvre le dossier Lop S&D puis double-clique sur Scan.bat. Tape sur "R" puis valide en appuyant sur "Entrée".
Un rapport sera généré, poste son contenu ici.

Je senmble avoir un bug.
La console ne se ferme pas toute seule et ma barre des taches ansi que mes icones ont disparus du bureau ...

Probleme resolu, voici le rapport :

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 21:10:00
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f6,0e,e6,5b,50,4c,63,49,63,09,cf,48,17,77,c3,2b,d2,9a,d9,61,8d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1d,08,e4,0c,fa,cc,72,ff,25,59,b1,7c,0b,7c,2b,87,63,..
"khjeh"=hex:8d,aa,56,74,ae,ff,d0,29,20,94,7c,ba,a9,27,04,bf,e9,0e,7d,c6,98,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a7,9c,3c,95,7c,54,1a,44,4f,26,56,8c,b1,58,d3,79,79,28,b6,85,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:f6,0e,e6,5b,50,4c,63,49,63,09,cf,48,17,77,c3,2b,d2,9a,d9,61,8d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,1d,08,e4,0c,fa,cc,72,ff,25,59,b1,7c,0b,7c,2b,87,63,..
"khjeh"=hex:8d,aa,56,74,ae,ff,d0,29,20,94,7c,ba,a9,27,04,bf,e9,0e,7d,c6,98,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a7,19,c7,70,f6,68,cc,d0,d8,2e,22,2e,67,b7,81,75,aa,6f,90,bd,61,..

scanning hidden files ...

scan completed successfully
hidden files: 0

C'est normal que la console ne se ferme pas et que le bureau disparaissent.
Tu as patienté ?

Oui j'ai patienté, mais vu que mon ordinateur ne donnais plus aucun sign d'activit, j'ai essayé de le retablir. J'ai lancé le poste de travail depuis ma dock.
Maintenant le probleme est reglé.
J'attend les prochaines instructions ^^.

Reposte un rapport Hijackthis

Le voici :

Logfile of HijackThis v1.99.1
Scan saved at 20:30:33, on 08/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS1\System32\vvgeowbv.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\System32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS1\System32\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS1\System32\nvsvc32.exe
C:\WINDOWS1\System32\PnkBstrA.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS1\System32\wuauclt.exe
C:\Program Files\Windows NT\Accessoires\wordpad.exe
C:\Program Files\Windows NT\Accessoires\wordpad.exe
C:\Program Files\Adobe\Adobe Photoshop CS2 US\Photoshop.exe
C:\DOCUME~1\Korann\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Korann\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS1\System32\vvgeowbv.exe,C:\WINDOWS1\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS1\system32\aivskurq.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS1\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users.WINDOWS1\Application Data\Software rule flag owns\FACE LICENSE.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS1\System32\PnkBstrA.exe

Re,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

Double clique combofix.exe.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Voici le rapport :

ComboFix 07-11-08.1 - Korann 2007-11-08 20:58:20.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.551 [GMT 1:00]
Running from: C:\Documents and Settings\Korann\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS1\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS1\764.exe
C:\WINDOWS1\7search.dll
C:\WINDOWS1\aconti.exe
C:\WINDOWS1\adbar.dll
C:\WINDOWS1\cbinst$.exe
C:\WINDOWS1\daxtime.dll
C:\WINDOWS1\dp0.dll
C:\WINDOWS1\eventlowg.dll
C:\WINDOWS1\fhfmm-Uninstaller.exe
C:\WINDOWS1\fhfmm.exe
C:\WINDOWS1\flt.dll
C:\WINDOWS1\hcwprn.exe
C:\WINDOWS1\hotporn.exe
C:\WINDOWS1\ie_32.exe
C:\WINDOWS1\iexplorr23.dll
C:\WINDOWS1\jd2002.dll
C:\WINDOWS1\kkcomp$.exe
C:\WINDOWS1\kkcomp.dll
C:\WINDOWS1\kkcomp.exe
C:\WINDOWS1\kvnab$.exe
C:\WINDOWS1\kvnab.dll
C:\WINDOWS1\kvnab.exe
C:\WINDOWS1\liqad$.exe
C:\WINDOWS1\liqad.dll
C:\WINDOWS1\liqad.exe
C:\WINDOWS1\liqui-Uninstaller.exe
C:\WINDOWS1\liqui.dll
C:\WINDOWS1\liqui.exe
C:\WINDOWS1\ngd.dll
C:\WINDOWS1\pbar.dll
C:\WINDOWS1\pbsysie.dll
C:\WINDOWS1\settn.dll
C:\WINDOWS1\spredirect.dll
C:\WINDOWS1\system32\.exe
C:\WINDOWS1\system32\drivers\blank.gif
C:\WINDOWS1\system32\drivers\box_1.gif
C:\WINDOWS1\system32\drivers\box_2.gif
C:\WINDOWS1\system32\drivers\box_3.gif
C:\WINDOWS1\system32\drivers\button_buynow.gif
C:\WINDOWS1\system32\drivers\button_freescan.gif
C:\WINDOWS1\system32\drivers\cell_bg.gif
C:\WINDOWS1\system32\drivers\cell_footer.gif
C:\WINDOWS1\system32\drivers\cell_header_block.gif
C:\WINDOWS1\system32\drivers\cell_header_remove.gif
C:\WINDOWS1\system32\drivers\cell_header_scan.gif
C:\WINDOWS1\system32\drivers\detect.htm
C:\WINDOWS1\system32\drivers\download_box.gif
C:\WINDOWS1\system32\drivers\download_btn.jpg
C:\WINDOWS1\system32\drivers\download_now_btn.gif
C:\WINDOWS1\system32\drivers\footer_back.jpg
C:\WINDOWS1\system32\drivers\header_1.gif
C:\WINDOWS1\system32\drivers\header_2.gif
C:\WINDOWS1\system32\drivers\header_3.gif
C:\WINDOWS1\system32\drivers\header_4.gif
C:\WINDOWS1\system32\drivers\header_red_bg.gif
C:\WINDOWS1\system32\drivers\header_red_free_scan.gif
C:\WINDOWS1\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS1\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS1\system32\drivers\infected.gif
C:\WINDOWS1\system32\drivers\main_back.gif
C:\WINDOWS1\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS1\system32\drivers\product_1_header.gif
C:\WINDOWS1\system32\drivers\product_1_name_small.gif
C:\WINDOWS1\system32\drivers\product_2_header.gif
C:\WINDOWS1\system32\drivers\product_2_name_small.gif
C:\WINDOWS1\system32\drivers\product_3_header.gif
C:\WINDOWS1\system32\drivers\product_3_name_small.gif
C:\WINDOWS1\system32\drivers\product_features.gif
C:\WINDOWS1\system32\drivers\pt.htm
C:\WINDOWS1\system32\drivers\rating.gif
C:\WINDOWS1\system32\drivers\s_detect.htm
C:\WINDOWS1\system32\drivers\screenshot.jpg
C:\WINDOWS1\system32\drivers\sep_hor.gif
C:\WINDOWS1\system32\drivers\sep_vert.gif
C:\WINDOWS1\system32\drivers\shadow.jpg
C:\WINDOWS1\system32\drivers\shadow_bg.gif
C:\WINDOWS1\system32\drivers\spacer.gif
C:\WINDOWS1\system32\drivers\spy_away_box.jpg
C:\WINDOWS1\system32\drivers\star.gif
C:\WINDOWS1\system32\drivers\star_gray.gif
C:\WINDOWS1\system32\drivers\star_gray_small.gif
C:\WINDOWS1\system32\drivers\star_small.gif
C:\WINDOWS1\system32\drivers\style.css
C:\WINDOWS1\system32\drivers\v.gif
C:\WINDOWS1\system32\drivers\warning_icon.gif
C:\WINDOWS1\system32\drivers\win_logo.gif
C:\WINDOWS1\system32\drivers\x.gif
C:\WINDOWS1\system32\ESHOPEE.exe
C:\WINDOWS1\system32\explorer.exe
C:\WINDOWS1\system32\KB835409.log
C:\WINDOWS1\system32\KB842773.log
C:\WINDOWS1\system32\KB873339.log
C:\WINDOWS1\system32\KB885835.log
C:\WINDOWS1\system32\KB885836.log
C:\WINDOWS1\system32\KB888302.log
C:\WINDOWS1\system32\KB890046.log
C:\WINDOWS1\system32\KB890859.log
C:\WINDOWS1\system32\KB891781.log
C:\WINDOWS1\system32\KB892130.log
C:\WINDOWS1\system32\KB892944.log
C:\WINDOWS1\system32\KB893756.log
C:\WINDOWS1\system32\KB893803v2.log
C:\WINDOWS1\system32\KB896358.log
C:\WINDOWS1\system32\KB896423.log
C:\WINDOWS1\system32\KB896424.log
C:\WINDOWS1\system32\KB896428.log
C:\WINDOWS1\system32\KB898461.log
C:\WINDOWS1\system32\KB898715.log
C:\WINDOWS1\system32\KB899587.log
C:\WINDOWS1\system32\KB899589.log
C:\WINDOWS1\system32\KB899591.log
C:\WINDOWS1\system32\KB900725.log
C:\WINDOWS1\system32\KB901017.log
C:\WINDOWS1\system32\KB901214.log
C:\WINDOWS1\system32\KB902400.log
C:\WINDOWS1\system32\KB905414.log
C:\WINDOWS1\system32\KB905495.log
C:\WINDOWS1\system32\KB905749.log
C:\WINDOWS1\system32\KB908519.log
C:\WINDOWS1\system32\KB908531.log
C:\WINDOWS1\system32\KB911280.log
C:\WINDOWS1\system32\KB911562.log
C:\WINDOWS1\system32\KB911927.log
C:\WINDOWS1\system32\KB912919.log
C:\WINDOWS1\system32\KB913580.log
C:\WINDOWS1\system32\KB914388.log
C:\WINDOWS1\system32\KB914389.log
C:\WINDOWS1\system32\KB917344.log
C:\WINDOWS1\system32\KB917422.log
C:\WINDOWS1\system32\KB917953.log
C:\WINDOWS1\system32\KB919007.log
C:\WINDOWS1\system32\KB920670.log
C:\WINDOWS1\system32\KB920683.log
C:\WINDOWS1\system32\KB920685.log
C:\WINDOWS1\system32\KB921398.log
C:\WINDOWS1\system32\KB921883.log
C:\WINDOWS1\system32\KB922616.log
C:\WINDOWS1\system32\KB922819.log
C:\WINDOWS1\system32\KB923191.log
C:\WINDOWS1\system32\KB923414.log
C:\WINDOWS1\system32\KB924191.log
C:\WINDOWS1\system32\KB924496.log
C:\WINDOWS1\system32\msole32.exe
C:\WINDOWS1\system32\vxddsk.exe
C:\WINDOWS1\system32\winhelp.exe
C:\WINDOWS1\system32\wml.exe
C:\WINDOWS1\vxddsk.exe
C:\WINDOWS1\wbeCheck.exe
C:\WINDOWS1\wbeInst$.exe
C:\WINDOWS1\wml.exe
C:\WINDOWS1\xadbrk.dll
C:\WINDOWS1\xadbrk.exe
C:\WINDOWS1\xadbrk_.exe
C:\WINDOWS1\xxxvideo.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-08 to 2007-11-08 ))))))))))))))))))))))))))))))))))))
.

2007-11-08 20:57 51,200 --a------ C:\WINDOWS1\NirCmd.exe
2007-11-07 20:59 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-11-07 15:05 <REP> d-------- C:\WINDOWS1\BDOSCAN8
2007-11-07 14:58 <REP> d-------- C:\Program Files\DAEMON Tools
2007-11-07 14:54 685,816 --a------ C:\WINDOWS1\system32\drivers\sptd.sys
2007-11-07 13:35 18,944 --a------ C:\WINDOWS1\system32\ace16win.dll
2007-11-07 12:45 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Spybot - Search & Destroy
2007-11-07 12:40 <REP> d--h----- C:\WINDOWS1\system32\GroupPolicy
2007-11-07 12:39 4 --a------ C:\WINDOWS1\system32\stfv.bin
2007-11-07 12:30 <REP> d-------- C:\WINDOWS1\system32\acespy
2007-11-07 12:09 12 --a------ C:\WINDOWS1\system32\dpqaqlqx.bin
2007-11-07 12:08 123,912 --a------ C:\WINDOWS1\system32\vvgeowbv.exe
2007-11-07 12:08 21,504 --a------ C:\WINDOWS1\system32\aivskurq.dll
2007-11-07 11:57 <REP> d-------- C:\WINDOWS1\Sun
2007-11-06 11:29 <REP> dr-h----- C:\Documents and Settings\Korann\Application Data\SecuROM
2007-11-06 11:28 3,495,784 --a------ C:\WINDOWS1\system32\d3dx9_33.dll
2007-11-06 11:28 1,123,696 --a------ C:\WINDOWS1\system32\D3DCompiler_33.dll
2007-11-06 11:28 443,752 --a------ C:\WINDOWS1\system32\d3dx10_33.dll
2007-11-06 11:28 81,768 --a------ C:\WINDOWS1\system32\xinput1_3.dll
2007-11-06 11:20 <REP> d-------- C:\Documents and Settings\Korann\Application Data\InstallShield
2007-11-06 10:33 <REP> d-------- C:\Documents and Settings\Korann\Application Data\Nero
2007-11-06 10:29 <REP> d-------- C:\Program Files\Nero
2007-11-06 10:29 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2007-11-06 10:29 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Nero
2007-11-05 15:11 <REP> d-------- C:\Documents and Settings\Korann\Application Data\Skype
2007-11-05 11:26 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\NFS Underground
2007-11-04 19:56 <REP> d-------- C:\Program Files\Alwil Software
2007-11-04 19:56 801,144 --a------ C:\WINDOWS1\system32\aswBoot.exe
2007-11-04 19:56 95,608 --a------ C:\WINDOWS1\system32\AvastSS.scr
2007-11-04 19:56 94,416 --a------ C:\WINDOWS1\system32\drivers\aswmon2.sys
2007-11-04 19:56 92,848 --a------ C:\WINDOWS1\system32\drivers\aswmon.sys
2007-11-04 19:56 42,912 --a------ C:\WINDOWS1\system32\drivers\aswTdi.sys
2007-11-04 19:56 26,624 --a------ C:\WINDOWS1\system32\drivers\aavmker4.sys
2007-11-04 19:56 23,152 --a------ C:\WINDOWS1\system32\drivers\aswRdr.sys
2007-11-04 17:28 <REP> d-------- C:\Documents and Settings\Korann\Application Data\Azureus
2007-11-04 17:28 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Azureus
2007-11-04 17:27 <REP> d-------- C:\Program Files\Azureus
2007-11-04 16:57 <REP> d-------- C:\Documents and Settings\Korann\Application Data\FlashGet
2007-11-04 15:29 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Software rule flag owns
2007-11-04 15:28 <REP> d-------- C:\Documents and Settings\Korann\Application Data\NetPumper
2007-11-04 15:28 <REP> d-------- C:\Documents and Settings\Korann\Application Data\gramlogowma
2007-10-24 13:47 <REP> d-------- C:\Documents and Settings\Korann\Application Data\Canon
2007-10-24 13:45 <REP> d--h----- C:\Documents and Settings\All Users.WINDOWS1\Application Data\CanonBJ
2007-10-24 13:45 140,288 --a------ C:\WINDOWS1\system32\CNMLM7J.DLL
2007-10-24 13:45 14,208 --a------ C:\WINDOWS1\system32\drivers\usbscan.sys
2007-10-24 13:45 14,208 --a--c--- C:\WINDOWS1\system32\dllcache\usbscan.sys
2007-10-24 13:45 8,704 --a------ C:\WINDOWS1\system32\CNMVS7J.DLL
2007-10-24 13:44 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2007-10-24 13:44 <REP> d-------- C:\Documents and Settings\Korann\Application Data\ScanSoft
2007-10-24 13:44 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\SSScanWizard
2007-10-24 13:44 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\SSScanAppDataDir
2007-10-24 13:43 <REP> d-------- C:\Program Files\ArcSoft
2007-10-24 13:43 212,480 --a------ C:\WINDOWS1\PCDLIB32.DLL
2007-10-24 13:42 <REP> d--h----- C:\WINDOWS1\system32\CanonMP Uninstaller Information
2007-10-24 13:42 <REP> d-------- C:\WINDOWS1\StartHtmico
2007-10-24 13:42 1,060,864 --a------ C:\WINDOWS1\system32\MFC71.dll
2007-10-24 13:42 499,712 --a------ C:\WINDOWS1\system32\msvcp71.dll
2007-10-24 13:42 348,160 --a------ C:\WINDOWS1\system32\msvcr71.dll
2007-10-24 13:42 308,224 --a------ C:\WINDOWS1\IsUn040c.exe
2007-10-22 11:21 <REP> d-------- C:\Program Files\id Software
2007-10-21 19:22 <REP> d-------- C:\Program Files\Activision
2007-10-21 18:57 <REP> d-------- C:\WINDOWS1\LastGood
2007-10-21 14:21 <REP> d-------- C:\Documents and Settings\Korann\Shared
2007-10-21 14:21 <REP> d-------- C:\Documents and Settings\Korann\Incomplete
2007-10-21 14:21 <REP> d-------- C:\Documents and Settings\Korann\Application Data\LimeWire
2007-10-21 14:12 671 --a------ C:\WINDOWS1\mozver.dat
2007-10-20 21:36 <REP> d-------- C:\WINDOWS1\system32\LogFiles
2007-10-20 21:36 22,328 --a------ C:\WINDOWS1\system32\drivers\PnkBstrK.sys
2007-10-20 20:52 242,368 --a------ C:\WINDOWS1\system32\GDIPFONTCACHEV1.DAT
2007-10-20 20:52 107,888 --a------ C:\WINDOWS1\system32\CmdLineExt.dll
2007-10-20 20:52 103,736 --a------ C:\WINDOWS1\system32\PnkBstrB.exe
2007-10-20 20:52 81,984 --a------ C:\WINDOWS1\system32\bdod.bin
2007-10-20 20:52 66,872 --a------ C:\WINDOWS1\system32\PnkBstrA.exe
2007-10-20 20:52 339 --a------ C:\WINDOWS1\system32\tablet.dat
2007-10-20 20:52 15 --a------ C:\WINDOWS1\system32\getfile.dat
2007-10-20 20:40 <REP> d-------- C:\Program Files\Electronic Arts
2007-10-20 20:35 664 --a------ C:\WINDOWS1\system32\d3d9caps.dat
2007-10-20 20:34 3,426,072 --a------ C:\WINDOWS1\system32\d3dx9_32.dll
2007-10-20 20:34 2,414,360 --a------ C:\WINDOWS1\system32\d3dx9_31.dll
2007-10-20 20:34 2,297,552 --a------ C:\WINDOWS1\system32\d3dx9_26.dll
2007-10-20 20:28 1,703,936 --a------ C:\WINDOWS1\system32\d3d9.dll
2007-10-20 20:16 659,968 --a------ C:\WINDOWS1\system32\RGSS100J.dll
2007-10-20 09:46 <REP> d---s---- C:\Documents and Settings\Korann\UserData
2007-10-19 20:22 <REP> d-------- C:\Documents and Settings\Korann\Application Data\Apple Computer
2007-10-19 20:20 <REP> d-------- C:\Program Files\Apple Software Update
2007-10-19 20:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Apple Computer
2007-10-19 20:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS1\Application Data\Apple
2007-10-17 16:21 <REP> d-------- C:\Documents and Settings\Korann\Application Data\vlc
2007-10-17 15:11 24,960 --a------ C:\WINDOWS1\system32\drivers\usbprint.sys
2007-10-17 15:11 24,960 --a--c--- C:\WINDOWS1\system32\dllcache\usbprint.sys
2007-10-17 14:42 10,752 --a------ C:\WINDOWS1\system32\WhoisCL.exe
2007-10-17 13:25 <REP> d-------- C:\Documents and Settings\Korann\Contacts
2007-10-17 13:24 <REP> d----c--- C:\WINDOWS1\system32\DRVSTORE
2007-10-17 13:22 <REP> d-------- C:\Program Files\MSN Messenger
2007-10-16 20:13 <REP> d-------- C:\Program Files\Realtek AC97
2007-10-16 17:47 297,728 --a------ C:\WINDOWS1\system32\drivers\ac97sis.sys
2007-10-16 17:47 297,728 --a--c--- C:\WINDOWS1\system32\dllcache\ac97sis.sys
2007-10-16 17:38 <REP> d-------- C:\Documents and Settings\Korann\Application Data\Winamp
2007-10-16 17:27 182,880 --a------ C:\WINDOWS1\system32\iuengine.dll
2007-10-16 17:27 182,880 --a--c--- C:\WINDOWS1\system32\dllcache\iuengine.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 19:30 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-11-06 10:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-05 10:25 12,400 ----a-w C:\WINDOWS1\system32\drivers\secdrv.sys
2007-11-05 10:19 --------- d-----w C:\Program Files\EA GAMES
2007-10-24 12:42 --------- d-----w C:\Program Files\Canon
2007-10-21 13:13 --------- d-----w C:\Program Files\Java
2007-10-20 19:13 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2007-10-19 19:21 --------- d-----w C:\Program Files\QuickTime
2007-10-09 16:41 --------- d-----w C:\Program Files\Corel
2007-09-24 08:05 132,904 ----a-w C:\WINDOWS1\system32\drivers\imagesrv.sys
2007-09-24 08:05 11,304 ----a-w C:\WINDOWS1\system32\drivers\imagedrv.sys
2007-09-23 14:39 --------- d-----w C:\Program Files\DivX
2007-09-20 08:59 972,072 ----a-w C:\WINDOWS1\UNRecode.exe
2007-09-20 08:55 972,072 ----a-w C:\WINDOWS1\UNNeroMediaHome.exe
2007-09-20 08:55 95,600 ----a-w C:\WINDOWS1\system32\NeroCo.dll
2007-09-17 00:10 356,352 ----a-w C:\WINDOWS1\system32\NVUNINST.EXE
2007-09-16 23:07 81,920 ----a-w C:\WINDOWS1\system32\nvwddi.dll
2007-09-16 23:07 81,920 ----a-w C:\WINDOWS1\system32\nvmctray.dll
2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS1\system32\nvcpl.dll
2007-09-16 23:07 753,664 ----a-w C:\WINDOWS1\system32\nvcplui.exe
2007-09-16 23:07 6,853,088 ----a-w C:\WINDOWS1\system32\drivers\nv4_mini.sys
2007-09-16 23:07 6,746,112 ----a-w C:\WINDOWS1\system32\nvoglnt.dll
2007-09-16 23:07 6,344,704 ----a-w C:\WINDOWS1\system32\nvdisps.dll
2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS1\system32\nv4_disp.dll
2007-09-16 23:07 5,509,120 ----a-w C:\WINDOWS1\system32\nvdispsr.dll
2007-09-16 23:07 466,944 ----a-w C:\WINDOWS1\system32\nvshell.dll
2007-09-16 23:07 458,752 ----a-w C:\WINDOWS1\system32\nvmccssr.dll
2007-09-16 23:07 45,056 ----a-w C:\WINDOWS1\system32\nvmccsrs.dll
2007-09-16 23:07 442,368 ----a-w C:\WINDOWS1\system32\nvappbar.exe
2007-09-16 23:07 425,984 ----a-w C:\WINDOWS1\system32\keystone.exe
2007-09-16 23:07 364,544 ----a-w C:\WINDOWS1\system32\nvapi.dll
2007-09-16 23:07 36,864 ----a-w C:\WINDOWS1\system32\nvcodins.dll
2007-09-16 23:07 36,864 ----a-w C:\WINDOWS1\system32\nvcod.dll
2007-09-16 23:07 356,352 ----a-w C:\WINDOWS1\system32\nvudisp.exe
2007-09-16 23:07 335,872 ----a-w C:\WINDOWS1\system32\nvwrses.dll
2007-09-16 23:07 335,872 ----a-w C:\WINDOWS1\system32\nvwrsel.dll
2007-09-16 23:07 327,680 ----a-w C:\WINDOWS1\system32\nvwrsfr.dll
2007-09-16 23:07 327,680 ----a-w C:\WINDOWS1\system32\nvwrsesm.dll
2007-09-16 23:07 327,680 ----a-w C:\WINDOWS1\system32\nvrshe.dll
2007-09-16 23:07 327,680 ----a-w C:\WINDOWS1\system32\nvrsar.dll
2007-09-16 23:07 323,584 ----a-w C:\WINDOWS1\system32\nvwrspt.dll
2007-09-16 23:07 323,584 ----a-w C:\WINDOWS1\system32\nvwrsit.dll
2007-09-16 23:07 319,488 ----a-w C:\WINDOWS1\system32\nvwrsptb.dll
2007-09-16 23:07 319,488 ----a-w C:\WINDOWS1\system32\nvwrsnl.dll
2007-09-16 23:07 315,392 ----a-w C:\WINDOWS1\system32\nvwrsru.dll
2007-09-16 23:07 315,392 ----a-w C:\WINDOWS1\system32\nvwrshu.dll
2007-09-16 23:07 311,296 ----a-w C:\WINDOWS1\system32\nvwrsde.dll
2007-09-16 23:07 307,200 ----a-w C:\WINDOWS1\system32\nvexpbar.dll
2007-09-16 23:07 303,104 ----a-w C:\WINDOWS1\system32\nvwrstr.dll
2007-09-16 23:07 303,104 ----a-w C:\WINDOWS1\system32\nvwrssl.dll
2007-09-16 23:07 303,104 ----a-w C:\WINDOWS1\system32\nvwrsfi.dll
2007-09-16 23:07 3,629,056 ----a-w C:\WINDOWS1\system32\nvvitvsr.dll
2007-09-16 23:07 3,551,232 ----a-w C:\WINDOWS1\system32\nvvitvs.dll
2007-09-16 23:07 3,334,144 ----a-w C:\WINDOWS1\system32\nvgames.dll
2007-09-16 23:07 3,166,208 ----a-w C:\WINDOWS1\system32\nvgamesr.dll
2007-09-16 23:07 299,008 ----a-w C:\WINDOWS1\system32\nvwrssk.dll
2007-09-16 23:07 299,008 ----a-w C:\WINDOWS1\system32\nvwrsno.dll
2007-09-16 23:07 294,912 ----a-w C:\WINDOWS1\system32\nvwrssv.dll
2007-09-16 23:07 294,912 ----a-w C:\WINDOWS1\system32\nvwrspl.dll
2007-09-16 23:07 294,912 ----a-w C:\WINDOWS1\system32\nvwrsda.dll
2007-09-16 23:07 290,816 ----a-w C:\WINDOWS1\system32\nvwrsth.dll
2007-09-16 23:07 286,720 ----a-w C:\WINDOWS1\system32\nvwrseng.dll
2007-09-16 23:07 286,720 ----a-w C:\WINDOWS1\system32\nvwrscs.dll
2007-09-16 23:07 286,720 ----a-w C:\WINDOWS1\system32\nvnt4cpl.dll
2007-09-16 23:07 282,624 ----a-w C:\WINDOWS1\system32\nvwrsar.dll
2007-09-16 23:07 282,624 ----a-w C:\WINDOWS1\system32\nvrsfr.dll
2007-09-16 23:07 282,624 ----a-w C:\WINDOWS1\system32\nvrses.dll
2007-09-16 23:07 282,624 ----a-w C:\WINDOWS1\system32\nvrsel.dll
2007-09-16 23:07 278,528 ----a-w C:\WINDOWS1\system32\nvwrshe.dll
2007-09-16 23:07 278,528 ----a-w C:\WINDOWS1\system32\nvrsit.dll
2007-09-16 23:07 278,528 ----a-w C:\WINDOWS1\system32\nvrsde.dll
2007-09-16 23:07 274,432 ----a-w C:\WINDOWS1\system32\nvrspt.dll
2007-09-16 23:07 274,432 ----a-w C:\WINDOWS1\system32\nvrsnl.dll
2007-09-16 23:07 274,432 ----a-w C:\WINDOWS1\system32\nvrsesm.dll
2007-09-16 23:07 270,336 ----a-w C:\WINDOWS1\system32\nvrsru.dll
2007-09-16 23:07 266,240 ----a-w C:\WINDOWS1\system32\nvrsptb.dll
2007-09-16 23:07 266,240 ----a-w C:\WINDOWS1\system32\nvrsja.dll
2007-09-16 23:07 258,048 ----a-w C:\WINDOWS1\system32\nvrstr.dll
2007-09-16 23:07 258,048 ----a-w C:\WINDOWS1\system32\nvrssl.dll
2007-09-16 23:07 258,048 ----a-w C:\WINDOWS1\system32\nvrssk.dll
2007-09-16 23:07 258,048 ----a-w C:\WINDOWS1\system32\nvrsko.dll
2007-09-16 23:07 258,048 ----a-w C:\WINDOWS1\system32\nvrshu.dll
2007-09-16 23:07 253,952 ----a-w C:\WINDOWS1\system32\nvrsth.dll
2007-09-16 23:07 253,952 ----a-w C:\WINDOWS1\system32\nvrssv.dll
2007-09-16 23:07 253,952 ----a-w C:\WINDOWS1\system32\nvrspl.dll
2007-09-16 23:07 253,952 ----a-w C:\WINDOWS1\system32\nvrsno.dll
2007-09-16 23:07 253,952 ----a-w C:\WINDOWS1\system32\nvrsda.dll
2007-09-16 23:07 249,856 ----a-w C:\WINDOWS1\system32\nvrsfi.dll
2007-09-16 23:07 249,856 ----a-w C:\WINDOWS1\system32\nvrscs.dll
2007-09-16 23:07 245,760 ----a-w C:\WINDOWS1\system32\nvrseng.dll
2007-09-16 23:07 229,376 ----a-w C:\WINDOWS1\system32\nvmccs.dll
2007-09-16 23:07 225,280 ----a-w C:\WINDOWS1\system32\nvrszhc.dll
2007-09-16 23:07 212,992 ----a-w C:\WINDOWS1\system32\nvwrsja.dll
2007-09-16 23:07 2,854,912 ----a-w C:\WINDOWS1\system32\nvmoblsr.dll
2007-09-16 23:07 2,441,216 ----a-w C:\WINDOWS1\system32\nvwssr.dll
2007-09-16 23:07 2,371,584 ----a-w C:\WINDOWS1\system32\nvwss.dll
2007-09-16 23:07 196,608 ----a-w C:\WINDOWS1\system32\nvwrsko.dll
2007-09-16 23:07 188,416 ----a-w C:\WINDOWS1\system32\nvmccss.dll
2007-09-16 23:07 167,936 ----a-w C:\WINDOWS1\system32\nvwrszht.dll
2007-09-16 23:07 163,840 ----a-w C:\WINDOWS1\system32\nvwrszhc.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
2007-11-07 12:08 21504 --a------ C:\WINDOWS1\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS1\System32\NvCpl.dll" [2007-09-17 00:07]
"nwiz"="nwiz.exe" [2007-09-17 00:07 C:\WINDOWS1\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS1\System32\NvMcTray.dll" [2007-09-17 00:07]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 04:01 C:\WINDOWS1\system32\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00]
"Flag Owns Live Grim"="C:\Documents and Settings\All Users.WINDOWS1\Application Data\Software rule flag owns\FACE LICENSE.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
"NetPumper"="C:\Program Files\NetPumper\NetPumperIEProxy.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-18 23:05]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 12:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
@=

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS1\\System32\\vvgeowbv.exe,C:\\WINDOWS1\\system32\\userinit.exe"

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
S3 azt2320;Pilote audio Aztech 2320 (WDM);C:\WINDOWS1\System32\drivers\aztw2320.sys

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-08 20:00:00 C:\WINDOWS1\Tasks\AD3258E891C1CD3C.job"
- c:\docume~1\korann\applic~1\gramlo~1\16 Coal Stupid.exe
"2007-10-19 19:20:35 C:\WINDOWS1\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 21:04:59
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 21:05:48 - machine was rebooted
.
--- E O F ---

Reposte un rapport Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 21:14:46, on 08/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS1\System32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS1\System32\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS1\System32\nvsvc32.exe
C:\WINDOWS1\System32\PnkBstrA.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS1\system32\notepad.exe
C:\WINDOWS1\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS1\system32\aivskurq.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS1\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users.WINDOWS1\Application Data\Software rule flag owns\FACE LICENSE.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS1\System32\PnkBstrA.exe

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.

Daccord. Je ferait ça demain car la je dois me deconnecter. Mais mon gestionaire des taches fonctionne de nouveau, je peut remettre mon wallpaper et je n'ai plus de Pop-up.
Je vous remercie, j'espere que l'analyse anti-virus eradiquera definitivement ce foutu spyware ^^.

Ok  

AntiVir PersonalEdition Classic
Report file date: vendredi 9 novembre 2007 07:56

Scanning for 1036370 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: SYSTEM
Computer name: GRAVITAT-YLNT9L

Version information:
BUILD.DAT : 269 15604 Bytes 10/09/2007 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 12:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 12:32:46
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 25/08/2007 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 28/08/2007 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 29/08/2007 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 9 novembre 2007 07:56

The scan of running processes will be started
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'vvgeowbv.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS1\System32\vvgeowbv.exe'
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'vvgeowbv.exe' has been terminated
C:\WINDOWS1\System32\vvgeowbv.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!

40 processes with 39 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '26' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users.WINDOWS1\Application Data\Spybot - Search & Destroy\Recovery\AdBreak4.zip
[DETECTION] Contains suspicious code HEUR/PwdZIP
[INFO] The file was moved to '477605c9.qua'!
C:\Documents and Settings\All Users.WINDOWS1\Application Data\Spybot - Search & Destroy\Recovery\AdBreak5.zip
[DETECTION] Contains suspicious code HEUR/PwdZIP
[INFO] The file was moved to '477605cd.qua'!
C:\Documents and Settings\All Users.WINDOWS1\Application Data\Spybot - Search & Destroy\Recovery\AdBreak6.zip
[DETECTION] Contains suspicious code HEUR/PwdZIP
[INFO] The file was moved to '477605cf.qua'!
C:\Documents and Settings\All Users.WINDOWS1\Application Data\Spybot - Search & Destroy\Recovery\AdBreak7.zip
[DETECTION] Contains suspicious code HEUR/PwdZIP
[INFO] The file was moved to '477605d1.qua'!
C:\Documents and Settings\All Users.WINDOWS1\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip
[DETECTION] Contains suspicious code HEUR/PwdZIP
[INFO] The file was moved to '479d05dd.qua'!
C:\Documents and Settings\All Users.WINDOWS1\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip
[DETECTION] Contains suspicious code HEUR/PwdZIP
[INFO] The file was moved to '479d05df.qua'!
C:\Documents and Settings\Gaetan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-4c2afa45.zip
[0] Archive type: ZIP
--> HiPointInstallShieldRT.class
[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS1\system32\.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6B45BAD8-E76E-4F45-937C-6C5496A2A904}\RP28\A0017017.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '476498a5.qua'!
C:\System Volume Information\_restore{6B45BAD8-E76E-4F45-937C-6C5496A2A904}\RP29\A0017077.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '476498a8.qua'!
C:\System Volume Information\_restore{6B45BAD8-E76E-4F45-937C-6C5496A2A904}\RP30\A0017079.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '476498a9.qua'!
C:\System Volume Information\_restore{6B45BAD8-E76E-4F45-937C-6C5496A2A904}\RP30\A0017354.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '476498ad.qua'!
C:\System Volume Information\_restore{6B45BAD8-E76E-4F45-937C-6C5496A2A904}\RP31\A0017420.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\WINDOWS1\system32\aivskurq.dll
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '47aa9af0.qua'!
C:\WINDOWS1\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\_RESTORE\ARCHIVE\FS20.CAB
[0] Archive type: CAB (Microsoft)
--> A0005223.CPY
[DETECTION] Contains detection pattern of the dial-up program DIAL/000636
[INFO] The file was moved to '47669bb4.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\XDQFS56J\bondagefrance[1]
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud
[INFO] The file was moved to '47a29dc3.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\GHIJKLMN\newmenu2[2].htm
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud
[INFO] The file was moved to '47ab9de2.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\KHYZGDQZ\bondagefrance[1]
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud
[INFO] The file was moved to '47a29e01.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\61U1UE1V\bondage_secr%E9taires[2].htm
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud
[INFO] The file was moved to '47a29e41.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\CT2R0T27\menu2[1].htm
[0] Archive type: GZ
--> menu2[1]
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud
[INFO] The file was moved to '47a29e5b.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\CT2R0T27\menu2[2].htm
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud
[INFO] The file was moved to '47a29e5e.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\GWAB2EDB\acceuil[1].htm
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud
[INFO] The file was moved to '47979e7f.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\7Q7UYBWG\bondagefrance[1]
[0] Archive type: GZ
--> unkwn
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud
[INFO] The file was moved to '47a29e9e.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\C5UNGHAF\menu_lien[1].htm
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud
[INFO] The file was moved to '47a29eba.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\3H5FKKLW\fetish_panty2[1].htm
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud
[INFO] The file was moved to '47a89ed0.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\5945NMHU\bondage_ded2[2].htm
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud
[INFO] The file was moved to '47a29f05.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\0XU3SDAB\Sadomasochisme[1].exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/000636
[INFO] The file was moved to '47989f1d.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\ERQBQTUJ\i[1].php
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.A
[INFO] The file was moved to '47659f38.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\0D2N0LAV\menu_bondage[1].htm
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud
[INFO] The file was moved to '47a29f5f.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\VRDBPWNZ\eu_cax[1].cab
[0] Archive type: CAB (Microsoft)
--> cax.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.ds
[INFO] The file was moved to '47939fa5.qua'!
D:\WINDOWS\Temporary Internet Files\Content.IE5\IX23MJO7\bondage_ded[1].htm
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/Bankfraud
[INFO] The file was moved to '47a29fd2.qua'!
D:\System Volume Information\_restore{6B45BAD8-E76E-4F45-937C-6C5496A2A904}\RP31\A0017471.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/000636
[INFO] The file was moved to '4764ab58.qua'!
Begin scan in 'E:\'


End of the scan: vendredi 9 novembre 2007 20:15
Used time: 12:18:48 min

The scan has been done completely.

10760 Scanning directories
535615 Files were scanned
27 viruses and/or unwanted programs were found
7 Files were classified as suspicious:
4 files were deleted
0 files were repaired
29 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
535588 Files not concerned
4129 Archives were scanned
2 Warnings
19 Notes

Voilà, enfin.

Reposte un rapport Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 20:57:19, on 09/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\System32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS1\System32\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS1\System32\nvsvc32.exe
C:\WINDOWS1\System32\PnkBstrA.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS1\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS1\System32\vvgeowbv.exe,C:\WINDOWS1\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS1\system32\aivskurq.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS1\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users.WINDOWS1\Application Data\Software rule flag owns\FACE LICENSE.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS1\System32\PnkBstrA.exe

Re,

Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES

F2 - REG:system.ini: UserInit=C:\WINDOWS1\System32\vvgeowbv.exe,C:\WINDOWS1\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: aivskurq.msdn_hlp - {A6E432B4-D4C2-43B3-BF55-C364F8F7362A} - C:\WINDOWS1\system32\aivskurq.dll (file missing)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C'est fait mais pendant l'operation il m'a affiché un message d'alerte concernant E ou il me demandait de le fermer je crois, sauf que je suis sous Firefox.

Reposte un rapport Hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 12:45:08, on 10/11/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\System32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS1\System32\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS1\System32\nvsvc32.exe
C:\WINDOWS1\System32\PnkBstrA.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS1\System32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe
C:\DOCUME~1\Korann\LOCALS~1\Temp\~e5.0001
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS1\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS1\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS1\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users.WINDOWS1\Application Data\Software rule flag owns\FACE LICENSE.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS1\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS1\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS1\System32\PnkBstrA.exe

C'est pas mieux ?

Et bien je vais essayer de rebooter pour voir si ils me change toujours mon wallpaper. Sinon, c'est OK.
Edit : Ben il reste le fond d'ecran, mais il se retire quand je remet le mien. Je verrait si il revien a chaque demarrage.
Je vous remercie de votre aide et de votre efficacité ^^. Merci a vous.

On n'a pas terminé  

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**

Ah bah je me disait aussi ^^.

Voici le rapport :


SmitFraudFix v2.252

Rapport fait à 16:46:20,06, 10/11/2007
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS1\System32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS1\System32\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS1\System32\nvsvc32.exe
C:\WINDOWS1\System32\PnkBstrA.exe
C:\WINDOWS1\System32\PnkBstrB.exe
C:\WINDOWS1\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS1\System32\wuauclt.exe
C:\WINDOWS1\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1\system32

C:\WINDOWS1\system32\ace16win.dll PRESENT !
C:\WINDOWS1\system32\msole32.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS1\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Korann


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Korann\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Korann\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B639AED0-8FAB-40E3-BA96-C5E28A1BFED7}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B639AED0-8FAB-40E3-BA96-C5E28A1BFED7}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B639AED0-8FAB-40E3-BA96-C5E28A1BFED7}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Re,

Redémarre en mode sans échec

Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.

Redémarre normalement.

Poste les rapports Hijackthis et SmitfraudFix.