Se connecter / S'enregistrer
Votre question

Virus qui ne veut pas se supprimer

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Octobre 2008 19:15:53

Bonjour ! Depuis quelque jour j'ai un adware sur mon ordinateur ! J ai fai une analyse anti virus ac Advast et a-squared Anti-Malware mais il me signale rien de speciale ! pourtan a chaque fois que j allume mon PC avast se met en alerte ! J ai bo faire supprimer le virus sa ne marche pas ... ! Le virus me blok le fon d ecran ; ralenti mon PC , ... Je ne c'est pas trop quoi faire surtout que je sui un noob dc svp aidez moi

Autres pages sur : virus veut supprimer

a b 8 Sécurité
1 Octobre 2008 19:32:12

Bonjour,

Quel emplacement ?
1 Octobre 2008 20:15:01

"Bonjour,

Quel emplacement ?"

Euh ... C'est a dire ?

Contenus similaires
a b 8 Sécurité
1 Octobre 2008 20:26:58

Emplacement du virus = C:\...
Merci de me donner la suite :) 

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
1 Octobre 2008 21:04:37

Le Virus Est Dans :

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv3.tmp\euladlg.dll

Et le Rappor de hijackthis est :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:36, on 01/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qk...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {61166EBE-A296-4894-AE84-D9C18AEDA553} - C:\WINDOWS\system32\byXoomnL.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E2039728-7F91-4EF5-B084-FACACBFAC017} - (no file)
O2 - BHO: (no name) - {ECAD7F43-31EB-4E49-8158-F33F829B3611} - C:\WINDOWS\system32\jkkJayYs.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [inrhc7l7j0er1g] C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt1E.tmp.exe /CR=32BDDFA41AB960FB7FD33779695D38B44FE8E0ABF7E426138FBD9C73D1FB4928D8156548F93C086CF6964208984A019511D6B363DCA3AA6FA532F829F3CF6981FFCBA0F6A0781758A7391A16384442F071
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BMa33e3e73] Rundll32.exe "C:\WINDOWS\system32\eaaqqdku.dll",s
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xoztqweao] c:\windows\system32\xoztqweao.exe xoztqweao
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [epaykz] c:\windows\system32\epaykz.exe epaykz
O4 - HKCU\..\Run: [bhckdww] c:\windows\system32\bhckdww.exe bhckdww
O4 - HKCU\..\Run: [actcmjp] c:\windows\system32\actcmjp.exe actcmjp
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [sjtluerqt] c:\documents and settings\administrateur\local settings\application data\sjtluerqt.exe sjtluerqt
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O20 - Winlogon Notify: byXoomnL - byXoomnL.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 13001 bytes


Merci BCP de ton AIde !!
a b 8 Sécurité
2 Octobre 2008 18:11:34

Re,

[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    2 Octobre 2008 19:34:30

    Re , Encore merci de ton aide ! le rapport c est :

    ComboFix 08-10-01.06 - Administrateur 2008-10-02 19:03:41.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.303 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur\Cookies\administrateur@clickintext[2].txt
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\sjtluerqt.dat
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\SJTLUERQT.EXE
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\sjtluerqt_nav.dat
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\sjtluerqt_navps.dat
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco.dat
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco.exe
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco_nav.dat
    C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco_navps.dat
    C:\Program Files\winvi
    C:\Program Files\winvi\dsktp\AC_RunActiveContent.js
    C:\Program Files\winvi\dsktp\desktop.html
    C:\Program Files\winvi\dsktp\internetDetection.swf
    C:\Program Files\winvi\dsktp\settings.sol
    C:\Program Files\winvi\version.ini
    C:\Program Files\winvi\WUPDA.EXE
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\BMa33e3e73.txt
    C:\WINDOWS\BMa33e3e73.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    c:\WINDOWS\system32\actcmjp.dat
    C:\WINDOWS\system32\actcmjp_nav.dat
    C:\WINDOWS\system32\actcmjp_navps.dat
    C:\WINDOWS\system32\bhckdww.dat
    C:\WINDOWS\system32\bhckdww_nav.dat
    c:\WINDOWS\system32\bhckdww_navps.dat
    C:\WINDOWS\system32\epaykz.dat
    c:\WINDOWS\system32\epaykz_nav.dat
    c:\WINDOWS\system32\epaykz_navps.dat
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\phc3l7j0er1g.bmp
    C:\WINDOWS\system32\ryiehr.dat
    C:\WINDOWS\system32\RYIEHR.EXE
    C:\WINDOWS\system32\ryiehr_nav.dat
    C:\WINDOWS\system32\ryiehr_navps.dat
    C:\WINDOWS\system32\xoztqweao.dat
    C:\WINDOWS\system32\xoztqweao_nav.dat
    c:\WINDOWS\system32\xoztqweao_navps.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MCHINJDRV


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-30 19:58 . 2008-09-30 19:58 <REP> d-------- C:\Program Files\Lavasoft
    2008-09-30 19:57 . 2008-09-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-29 15:26 . 2008-09-29 18:32 <REP> d-------- C:\Program Files\a-squared Anti-Malware
    2008-09-29 14:06 . 2008-09-29 14:06 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-09-28 15:57 . 2008-09-28 15:57 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
    2008-09-28 09:14 . 2005-06-21 17:49 62,454 --a------ C:\WINDOWS\system32\igfx.hlp
    2008-09-27 16:53 . 2008-09-27 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-09-27 16:31 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
    2008-09-25 21:24 . 2008-09-25 21:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
    2008-09-25 21:19 . 2008-09-27 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-09-25 21:19 . 2008-09-27 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-09-25 18:53 . 2008-09-25 18:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InfraRecorder
    2008-09-24 22:05 . 2008-09-26 20:36 <REP> d-------- C:\Program Files\AskTBar
    2008-09-24 18:45 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\system32\BroSNMP.dll
    2008-09-24 18:45 . 2007-01-18 13:51 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
    2008-09-24 18:45 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\system32\BrDctF2.dll
    2008-09-24 18:45 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\system32\BrDctF2S.dll
    2008-09-24 18:45 . 2007-01-15 16:09 12,288 -r------- C:\WINDOWS\system32\BrDctF2L.dll
    2008-09-24 18:45 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
    2008-09-24 18:44 . 2008-09-24 18:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield
    2008-09-24 15:55 . 2008-09-24 15:55 <REP> dr------- C:\Documents and Settings\Administrateur\Application Data\Brother
    2008-09-24 15:14 . 2008-09-24 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
    2008-09-24 14:28 . 2008-09-24 18:49 434 --a------ C:\WINDOWS\BRWMARK.INI
    2008-09-24 14:28 . 2008-09-24 18:49 27 --a------ C:\WINDOWS\BRPP2KA.INI
    2008-09-24 14:27 . 2008-09-24 18:46 50 --a------ C:\WINDOWS\system32\bridf07a.dat
    2008-09-24 14:26 . 2007-01-26 16:14 57,856 --a------ C:\WINDOWS\system32\brinsstr.dll
    2008-09-24 14:25 . 2008-09-24 18:46 <REP> d-------- C:\Program Files\Brother
    2008-09-24 14:25 . 2007-02-15 13:54 131,072 --------- C:\WINDOWS\brunin03.dll
    2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Program Files\Nuance
    2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-09-24 14:23 . 2006-10-24 15:35 31,831 --a------ C:\WINDOWS\maxlink.ini
    2008-09-24 14:22 . 2008-09-24 14:22 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-09-24 14:22 . 2008-09-24 15:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-09-24 14:21 . 2008-09-24 14:21 <REP> d-------- C:\Program Files\ScanSoft
    2008-09-24 14:20 . 2008-09-24 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
    2008-09-16 15:54 . 2008-09-16 16:16 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-13 19:50 . 2008-09-13 19:57 <REP> d-------- C:\Program Files\Dictionnaire
    2008-09-13 16:11 . 2008-09-13 16:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON
    2008-09-13 16:07 . 2008-09-13 16:07 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-09-13 15:53 . 2008-09-13 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
    2008-09-13 15:53 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
    2008-09-13 15:53 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
    2008-09-13 15:53 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
    2008-09-13 10:50 . 2008-09-16 16:48 <REP> d-------- C:\Program Files\epson
    2008-09-13 10:50 . 2008-09-13 10:50 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
    2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a------ C:\WINDOWS\system32\srusd.dll
    2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
    2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a------ C:\WINDOWS\system32\fnfilter.dll
    2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
    2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
    2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
    2008-09-04 21:02 . 2008-09-04 21:02 268 --ah----- C:\sqmdata10.sqm
    2008-09-04 21:02 . 2008-09-04 21:02 244 --ah----- C:\sqmnoopt09.sqm
    2008-09-04 16:20 . 2008-09-30 20:34 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-09-04 14:33 . 2008-09-28 10:09 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
    2008-09-04 14:32 . 2008-09-04 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
    2008-09-04 14:28 . 2008-09-25 21:19 <REP> d-------- C:\Program Files\Nero

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-02 17:11 --------- d-----w C:\Program Files\Wanadoo
    2008-10-02 17:11 --------- d-----w C:\Program Files\SPAMfighter
    2008-10-02 10:52 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-09-30 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-30 14:57 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
    2008-09-28 12:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
    2008-09-25 17:48 --------- d-----w C:\Program Files\Yahoo!
    2008-09-25 17:47 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
    2008-09-24 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-24 12:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-09-05 18:09 --------- d-----w C:\Program Files\McDonaldsDragons
    2008-08-21 14:36 --------- d-----w C:\Program Files\LimeWire
    2008-08-16 17:23 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-08-12 09:37 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
    2008-08-09 07:58 --------- d-----w C:\Program Files\Java
    2008-08-05 19:41 921,632 ----a-w C:\PA7311.DAT
    2008-08-03 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-08-03 09:04 --------- d-----w C:\Program Files\Ulead Systems
    2008-08-03 09:02 --------- d-----w C:\Program Files\Samsung
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-05-13 11:24 513,951 --sha-w C:\WINDOWS\system32\rBcbLRqr.ini2
    2008-05-19 20:26 659,372 --sha-w C:\WINDOWS\system32\sYyaJkkj.ini2
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 15360]
    "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-14 321160]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
    "DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
    "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
    "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-08-02 15360]
    "DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=NVDESK32.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YUY2"= wb9967.dll
    "msacm.l3fhg"= mp3fhg.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "VIDC.YV12"= yv12vfw.dll
    "msacm.ac3filter"= ac3filter.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.WJPG"= wb9967.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 W9967CAM;%W9967CAM.Dev%;C:\WINDOWS\system32\DRIVERS\W9967STI.SYS [2001-10-30 10256]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-14 184968]
    R3 PAC7311;PLEOMAX PWC-2000;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
    S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [ ]
    S3 USBW9967;SAMSUNG DIGITAL CAMCORDER D5 II;C:\WINDOWS\system32\DRIVERS\2kw9967.sys [2002-07-03 113330]
    .
    Contenu du dossier 'Tâches planifiées'
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    BHO-{E2039728-7F91-4EF5-B084-FACACBFAC017} - (no file)
    BHO-{ECAD7F43-31EB-4E49-8158-F33F829B3611} - C:\WINDOWS\system32\jkkJayYs.dll
    HKCU-Run-yyiumco - c:\documents and settings\administrateur\local settings\application data\yyiumco.exe
    HKLM-Run-inrhc7l7j0er1g - C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt1E.tmp.exe
    HKLM-Run-BMa33e3e73 - C:\WINDOWS\system32\eaaqqdku.dll
    HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    Notify-byXoomnL - byXoomnL.dll


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fqc8uv7u.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-02 19:08:51
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\WINDOWS\system32\PAStiSvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-02 19:15:45 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-02 17:15:34

    Avant-CF: 2ÿ914ÿ062ÿ336 octets libres
    Après-CF: 6,227,181,568 octets libres

    270 --- E O F --- 2008-10-01 19:05:56



    A+
    a b 8 Sécurité
    2 Octobre 2008 19:55:45

    Reposte un rapport Hijackthis.
    2 Octobre 2008 20:27:41

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:26:34, on 02/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    --
    End of file - 10671 bytes
    3 Octobre 2008 20:09:44



    Avira AntiVir Personal
    Report file date: vendredi 3 octobre 2008 19:20

    Scanning for 1657543 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: Administrateur
    Computer name: UTILISAT-82BE9B

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 19:01:39
    ANTIVIR3.VDF : 7.0.6.241 167936 Bytes 02/10/2008 19:01:40
    Engineversion : 8.1.1.35
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.76 319867 Bytes 02/10/2008 19:01:46
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.1.2 438644 Bytes 02/10/2008 19:01:45
    AEPACK.DLL : 8.1.2.3 364918 Bytes 02/10/2008 19:01:44
    AEOFFICE.DLL : 8.1.0.25 196986 Bytes 02/10/2008 19:01:43
    AEHEUR.DLL : 8.1.0.59 1438071 Bytes 02/10/2008 19:01:43
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 02/10/2008 19:01:41
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.11 172406 Bytes 02/10/2008 19:01:41
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 02/10/2008 19:01:40
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Local Hard Disks
    Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 3 octobre 2008 19:20

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    12 processes with 12 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '59' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!


    End of the scan: vendredi 3 octobre 2008 20:04
    Used time: 44:03 Minute(s)

    The scan has been done completely.

    4437 Scanning directories
    225015 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    225014 Files not concerned
    1972 Archives were scanned
    1 Warnings
    0 Notes

    a b 8 Sécurité
    3 Octobre 2008 20:11:45

    Reposte un rapport Hijackthis.
    3 Octobre 2008 21:38:57

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:37:55, on 03/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    --
    End of file - 10847 bytes
    a b 8 Sécurité
    4 Octobre 2008 12:55:23

    Re,

    Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)


    Refais un scan Combofix.
    5 Octobre 2008 12:16:57

    ComboFix 08-10-04.07 - Administrateur 2008-10-05 12:04:16.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.353 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MCHINJDRV


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-03 18:35 . 2008-10-03 18:35 268 --ah----- C:\sqmdata11.sqm
    2008-10-03 18:35 . 2008-10-03 18:35 244 --ah----- C:\sqmnoopt10.sqm
    2008-10-03 18:35 . 2008-10-03 18:35 148 --ah----- C:\sqmdata12.sqm
    2008-10-03 18:35 . 2008-10-03 18:35 136 --ah----- C:\sqmnoopt11.sqm
    2008-10-02 20:59 . 2008-10-02 20:59 <REP> d-------- C:\Program Files\Avira
    2008-10-02 20:59 . 2008-10-02 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-30 19:58 . 2008-09-30 19:58 <REP> d-------- C:\Program Files\Lavasoft
    2008-09-30 19:57 . 2008-09-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-29 15:26 . 2008-10-04 13:07 <REP> d-------- C:\Program Files\a-squared Anti-Malware
    2008-09-29 14:06 . 2008-09-29 14:06 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-09-28 15:57 . 2008-09-28 15:57 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
    2008-09-28 09:14 . 2005-06-21 17:49 62,454 --a------ C:\WINDOWS\system32\igfx.hlp
    2008-09-27 16:53 . 2008-09-27 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-09-27 16:31 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
    2008-09-25 21:24 . 2008-09-25 21:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
    2008-09-25 21:19 . 2008-09-27 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-09-25 21:19 . 2008-09-27 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-09-25 18:53 . 2008-09-25 18:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InfraRecorder
    2008-09-24 22:05 . 2008-09-26 20:36 <REP> d-------- C:\Program Files\AskTBar
    2008-09-24 18:45 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\system32\BroSNMP.dll
    2008-09-24 18:45 . 2007-01-18 13:51 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
    2008-09-24 18:45 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\system32\BrDctF2.dll
    2008-09-24 18:45 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\system32\BrDctF2S.dll
    2008-09-24 18:45 . 2007-01-15 16:09 12,288 -r------- C:\WINDOWS\system32\BrDctF2L.dll
    2008-09-24 18:45 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
    2008-09-24 18:44 . 2008-09-24 18:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield
    2008-09-24 15:55 . 2008-09-24 15:55 <REP> dr------- C:\Documents and Settings\Administrateur\Application Data\Brother
    2008-09-24 15:14 . 2008-09-24 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
    2008-09-24 14:28 . 2008-09-24 18:49 434 --a------ C:\WINDOWS\BRWMARK.INI
    2008-09-24 14:28 . 2008-09-24 18:49 27 --a------ C:\WINDOWS\BRPP2KA.INI
    2008-09-24 14:27 . 2008-09-24 18:46 50 --a------ C:\WINDOWS\system32\bridf07a.dat
    2008-09-24 14:26 . 2007-01-26 16:14 57,856 --a------ C:\WINDOWS\system32\brinsstr.dll
    2008-09-24 14:25 . 2008-09-24 18:46 <REP> d-------- C:\Program Files\Brother
    2008-09-24 14:25 . 2007-02-15 13:54 131,072 --------- C:\WINDOWS\brunin03.dll
    2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Program Files\Nuance
    2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-09-24 14:23 . 2006-10-24 15:35 31,831 --a------ C:\WINDOWS\maxlink.ini
    2008-09-24 14:22 . 2008-09-24 14:22 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-09-24 14:22 . 2008-10-04 17:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-09-24 14:21 . 2008-09-24 14:21 <REP> d-------- C:\Program Files\ScanSoft
    2008-09-24 14:20 . 2008-09-24 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
    2008-09-16 15:54 . 2008-09-16 16:16 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-13 19:50 . 2008-09-13 19:57 <REP> d-------- C:\Program Files\Dictionnaire
    2008-09-13 16:11 . 2008-09-13 16:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON
    2008-09-13 16:07 . 2008-09-13 16:07 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-09-13 15:53 . 2008-09-13 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
    2008-09-13 15:53 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
    2008-09-13 15:53 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
    2008-09-13 15:53 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
    2008-09-13 10:50 . 2008-09-16 16:48 <REP> d-------- C:\Program Files\epson
    2008-09-13 10:50 . 2008-09-13 10:50 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
    2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a------ C:\WINDOWS\system32\srusd.dll
    2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
    2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a------ C:\WINDOWS\system32\fnfilter.dll
    2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
    2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
    2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-05 10:10 --------- d-----w C:\Program Files\Wanadoo
    2008-10-05 10:09 --------- d-----w C:\Program Files\SPAMfighter
    2008-10-05 08:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
    2008-10-04 11:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
    2008-10-02 10:52 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-09-30 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-28 08:09 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
    2008-09-25 19:19 --------- d-----w C:\Program Files\Nero
    2008-09-25 17:48 --------- d-----w C:\Program Files\Yahoo!
    2008-09-25 17:47 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
    2008-09-24 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-24 12:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-09-05 18:09 --------- d-----w C:\Program Files\McDonaldsDragons
    2008-09-04 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
    2008-08-21 14:36 --------- d-----w C:\Program Files\LimeWire
    2008-08-16 17:23 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-08-12 09:37 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
    2008-08-09 07:58 --------- d-----w C:\Program Files\Java
    2008-08-05 19:41 921,632 ----a-w C:\PA7311.DAT
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-05-13 11:24 513,951 --sha-w C:\WINDOWS\system32\rBcbLRqr.ini2
    2008-05-19 20:26 659,372 --sha-w C:\WINDOWS\system32\sYyaJkkj.ini2
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-02_19.15.01.68 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-12-11 16:22:23 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    + 2008-10-02 18:44:05 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    + 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 15360]
    "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-14 321160]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
    "DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
    "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
    "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-08-02 15360]
    "DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Contr“leur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-08-03 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=NVDESK32.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YUY2"= wb9967.dll
    "msacm.l3fhg"= mp3fhg.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "VIDC.YV12"= yv12vfw.dll
    "msacm.ac3filter"= ac3filter.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.WJPG"= wb9967.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 W9967CAM;%W9967CAM.Dev%;C:\WINDOWS\system32\DRIVERS\W9967STI.SYS [2001-10-30 10256]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-14 184968]
    R3 PAC7311;PLEOMAX PWC-2000;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
    S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [ ]
    S3 USBW9967;SAMSUNG DIGITAL CAMCORDER D5 II;C:\WINDOWS\system32\DRIVERS\2kw9967.sys [2002-07-03 113330]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .
    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fqc8uv7u.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-05 12:08:50
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\PAStiSvc.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-05 12:14:38 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-05 10:14:32
    ComboFix2.txt 2008-10-04 21:35:38
    ComboFix3.txt 2008-10-02 17:15:46

    Avant-CF: 5 814 890 496 octets libres
    Après-CF: 5,819,531,264 octets libres

    228 --- E O F --- 2008-10-05 09:00:24
    a b 8 Sécurité
    5 Octobre 2008 15:39:16

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINDOWS\system32\rBcbLRqr.ini2
    C:\WINDOWS\system32\sYyaJkkj.ini2


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de "CFScript.txt" [#ff0000](les guillemets sont importantes)[/#f].

    Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :


    Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
    [#ff0000]NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.[/#f]
    * le nom de la partition peut changer
    5 Octobre 2008 18:09:24

    ComboFix 08-10-04.07 - Administrateur 2008-10-05 17:42:39.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.329 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\WINDOWS\system32\rBcbLRqr.ini2
    C:\WINDOWS\system32\sYyaJkkj.ini2
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\rBcbLRqr.ini2
    C:\WINDOWS\system32\sYyaJkkj.ini2

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MCHINJDRV


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-03 18:35 . 2008-10-03 18:35 268 --ah----- C:\sqmdata11.sqm
    2008-10-03 18:35 . 2008-10-03 18:35 244 --ah----- C:\sqmnoopt10.sqm
    2008-10-03 18:35 . 2008-10-03 18:35 148 --ah----- C:\sqmdata12.sqm
    2008-10-03 18:35 . 2008-10-03 18:35 136 --ah----- C:\sqmnoopt11.sqm
    2008-10-02 20:59 . 2008-10-02 20:59 <REP> d-------- C:\Program Files\Avira
    2008-10-02 20:59 . 2008-10-02 20:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-09-30 19:58 . 2008-09-30 19:58 <REP> d-------- C:\Program Files\Lavasoft
    2008-09-30 19:57 . 2008-09-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-29 15:26 . 2008-10-04 13:07 <REP> d-------- C:\Program Files\a-squared Anti-Malware
    2008-09-29 14:06 . 2008-09-29 14:06 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
    2008-09-28 15:57 . 2008-09-28 15:57 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
    2008-09-28 09:14 . 2005-06-21 17:49 62,454 --a------ C:\WINDOWS\system32\igfx.hlp
    2008-09-27 16:53 . 2008-09-27 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-09-27 16:31 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
    2008-09-25 21:24 . 2008-09-25 21:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
    2008-09-25 21:19 . 2008-09-27 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-09-25 21:19 . 2008-09-27 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-09-25 18:53 . 2008-09-25 18:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InfraRecorder
    2008-09-24 22:05 . 2008-09-26 20:36 <REP> d-------- C:\Program Files\AskTBar
    2008-09-24 18:45 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\system32\BroSNMP.dll
    2008-09-24 18:45 . 2007-01-18 13:51 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
    2008-09-24 18:45 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\system32\BrDctF2.dll
    2008-09-24 18:45 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\system32\BrDctF2S.dll
    2008-09-24 18:45 . 2007-01-15 16:09 12,288 -r------- C:\WINDOWS\system32\BrDctF2L.dll
    2008-09-24 18:45 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
    2008-09-24 18:44 . 2008-09-24 18:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield
    2008-09-24 15:55 . 2008-09-24 15:55 <REP> dr------- C:\Documents and Settings\Administrateur\Application Data\Brother
    2008-09-24 15:14 . 2008-09-24 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
    2008-09-24 14:28 . 2008-09-24 18:49 434 --a------ C:\WINDOWS\BRWMARK.INI
    2008-09-24 14:28 . 2008-09-24 18:49 27 --a------ C:\WINDOWS\BRPP2KA.INI
    2008-09-24 14:27 . 2008-09-24 18:46 50 --a------ C:\WINDOWS\system32\bridf07a.dat
    2008-09-24 14:26 . 2007-01-26 16:14 57,856 --a------ C:\WINDOWS\system32\brinsstr.dll
    2008-09-24 14:25 . 2008-09-24 18:46 <REP> d-------- C:\Program Files\Brother
    2008-09-24 14:25 . 2007-02-15 13:54 131,072 --------- C:\WINDOWS\brunin03.dll
    2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Program Files\Nuance
    2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-09-24 14:23 . 2006-10-24 15:35 31,831 --a------ C:\WINDOWS\maxlink.ini
    2008-09-24 14:22 . 2008-09-24 14:22 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
    2008-09-24 14:22 . 2008-10-04 17:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-09-24 14:21 . 2008-09-24 14:21 <REP> d-------- C:\Program Files\ScanSoft
    2008-09-24 14:20 . 2008-09-24 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
    2008-09-16 15:54 . 2008-09-16 16:16 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
    2008-09-13 19:50 . 2008-09-13 19:57 <REP> d-------- C:\Program Files\Dictionnaire
    2008-09-13 16:11 . 2008-09-13 16:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON
    2008-09-13 16:07 . 2008-09-13 16:07 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-09-13 15:53 . 2008-09-13 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
    2008-09-13 15:53 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
    2008-09-13 15:53 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
    2008-09-13 15:53 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
    2008-09-13 10:50 . 2008-09-16 16:48 <REP> d-------- C:\Program Files\epson
    2008-09-13 10:50 . 2008-09-13 10:50 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
    2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a------ C:\WINDOWS\system32\srusd.dll
    2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
    2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a------ C:\WINDOWS\system32\fnfilter.dll
    2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
    2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
    2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-05 15:49 --------- d-----w C:\Program Files\Wanadoo
    2008-10-05 15:47 --------- d-----w C:\Program Files\SPAMfighter
    2008-10-05 13:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
    2008-10-04 11:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
    2008-10-02 10:52 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-09-30 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-09-28 08:09 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Ahead
    2008-09-25 19:19 --------- d-----w C:\Program Files\Nero
    2008-09-25 17:48 --------- d-----w C:\Program Files\Yahoo!
    2008-09-25 17:47 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
    2008-09-24 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-24 12:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-09-05 18:09 --------- d-----w C:\Program Files\McDonaldsDragons
    2008-09-04 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
    2008-08-21 14:36 --------- d-----w C:\Program Files\LimeWire
    2008-08-16 17:23 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-08-12 09:37 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
    2008-08-09 07:58 --------- d-----w C:\Program Files\Java
    2008-08-05 19:41 921,632 ----a-w C:\PA7311.DAT
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-02_19.15.01.68 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-12-11 16:22:23 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    + 2008-10-02 18:44:05 237,568 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
    + 2008-05-09 11:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
    + 2008-01-21 16:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
    + 2008-06-27 13:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
    + 2007-03-01 08:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 15360]
    "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-14 321160]
    "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
    "DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
    "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
    "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-08-02 15360]
    "DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Contr“leur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2008-08-03 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=NVDESK32.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YUY2"= wb9967.dll
    "msacm.l3fhg"= mp3fhg.acm
    "VIDC.X264"= x264vfw.dll
    "VIDC.HFYU"= huffyuv.dll
    "vidc.i263"= i263_32.drv
    "VIDC.YV12"= yv12vfw.dll
    "msacm.ac3filter"= ac3filter.acm
    "msacm.divxa32"= divxa32.acm
    "VIDC.WJPG"= wb9967.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\WINDOWS\\system32\\sessmgr.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 W9967CAM;%W9967CAM.Dev%;C:\WINDOWS\system32\DRIVERS\W9967STI.SYS [2001-10-30 10256]
    R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-14 184968]
    R3 PAC7311;PLEOMAX PWC-2000;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
    S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [ ]
    S3 USBW9967;SAMSUNG DIGITAL CAMCORDER D5 II;C:\WINDOWS\system32\DRIVERS\2kw9967.sys [2002-07-03 113330]

    *Newly Created Service* - MCHINJDRV
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-05 17:47:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\PAStiSvc.exe
    C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\imapi.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-05 17:58:56 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-05 15:58:46
    ComboFix2.txt 2008-10-05 10:14:39
    ComboFix3.txt 2008-10-04 21:35:38
    ComboFix4.txt 2008-10-02 17:15:46

    Avant-CF: 5 765 566 464 octets libres
    Après-CF: 5,754,613,760 octets libres

    226 --- E O F --- 2008-10-05 13:30:09





    rapport hijakthis :


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:06:51, on 05/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\SPAMfighter\sfus.exe
    C:\Program Files\SPAMfighter\SFAgent.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=6...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    --
    End of file - 10122 bytes
    a b 8 Sécurité
    5 Octobre 2008 18:11:45

    Encore des soucis ?
    8 Mars 2009 16:19:50

    bonjour
    Moi j'ai un souci avec ( Avast a trouver un cheval de troie ) j'essey de le supprimer mais sa marche pas
    8 Mars 2009 18:43:31

    bon jour
    j'ai un tres grand probleme et j'espere que vous m'aider a le resourdre
    voila a chaque fois que je demarre mon ordi il ya une fenetre qui saffiche "arret du systeme dans une heure" il ya un message dans la fenetre qui dit "wassim joke with you ........ and you can't do anything!!!"
    voila je ne sais pas quoi faire :??: 
    aidez moi s'il vous plait :cry: 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS