Bonjour ! Depuis quelque jour j'ai un adware sur mon ordinateur ! J ai fai une analyse anti virus ac Advast et a-squared Anti-Malware mais il me signale rien de speciale ! pourtan a chaque fois que j allume mon PC avast se met en alerte ! J ai bo faire supprimer le virus sa ne marche pas ... ! Le virus me blok le fon d ecran ; ralenti mon PC , ... Je ne c'est pas trop quoi faire surtout que je sui un noob dc svp aidez moi

Ce sujet a été déplacé de la catégorie Internet-Reseaux vers la catégorie Sécurité - Virus par Sam85

Bonjour,

Quel emplacement ?

"Bonjour,

Quel emplacement ?"

Euh ... C'est a dire ?

Emplacement du virus = C:\...
Merci de me donner la suite

Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Le Virus Est Dans :

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsv3.tmp\euladlg.dll

Et le Rappor de hijackthis est :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:36, on 01/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/disp [...] tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_ [...] TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_ [...] TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {61166EBE-A296-4894-AE84-D9C18AEDA553} - C:\WINDOWS\system32\byXoomnL.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {E2039728-7F91-4EF5-B084-FACACBFAC017} - (no file)
O2 - BHO: (no name) - {ECAD7F43-31EB-4E49-8158-F33F829B3611} - C:\WINDOWS\system32\jkkJayYs.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [inrhc7l7j0er1g] C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt1E.tmp.exe /CR=32BDDFA41AB960FB7FD33779695D38B44FE8E0ABF7E426138FBD9C73D1FB4928D8156548F93C086CF6964208984A019511D6B363DCA3AA6FA532F829F3CF6981FFCBA0F6A0781758A7391A16384442F071
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BMa33e3e73] Rundll32.exe "C:\WINDOWS\system32\eaaqqdku.dll",s
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xoztqweao] c:\windows\system32\xoztqweao.exe xoztqweao
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S53.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [epaykz] c:\windows\system32\epaykz.exe epaykz
O4 - HKCU\..\Run: [bhckdww] c:\windows\system32\bhckdww.exe bhckdww
O4 - HKCU\..\Run: [actcmjp] c:\windows\system32\actcmjp.exe actcmjp
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\winvi\update.exe" /background
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [sjtluerqt] c:\documents and settings\administrateur\local settings\application data\sjtluerqt.exe sjtluerqt
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - Winlogon Notify: byXoomnL - byXoomnL.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 13001 bytes


Merci BCP de ton AIde !!

Re,

! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

• Télécharge ComboFix (sUBs) sur ton Bureau.
• Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

Re , Encore merci de ton aide ! le rapport c est :

ComboFix 08-10-01.06 - Administrateur 2008-10-02 19:03:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.303 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Cookies\administrateur@clickintext[2].txt
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sjtluerqt.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\SJTLUERQT.EXE
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sjtluerqt_nav.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\sjtluerqt_navps.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco_nav.dat
C:\Documents and Settings\Administrateur\Local Settings\Application Data\yyiumco_navps.dat
C:\Program Files\winvi
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js
C:\Program Files\winvi\dsktp\desktop.html
C:\Program Files\winvi\dsktp\internetDetection.swf
C:\Program Files\winvi\dsktp\settings.sol
C:\Program Files\winvi\version.ini
C:\Program Files\winvi\WUPDA.EXE
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BMa33e3e73.txt
C:\WINDOWS\BMa33e3e73.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
c:\WINDOWS\system32\actcmjp.dat
C:\WINDOWS\system32\actcmjp_nav.dat
C:\WINDOWS\system32\actcmjp_navps.dat
C:\WINDOWS\system32\bhckdww.dat
C:\WINDOWS\system32\bhckdww_nav.dat
c:\WINDOWS\system32\bhckdww_navps.dat
C:\WINDOWS\system32\epaykz.dat
c:\WINDOWS\system32\epaykz_nav.dat
c:\WINDOWS\system32\epaykz_navps.dat
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\phc3l7j0er1g.bmp
C:\WINDOWS\system32\ryiehr.dat
C:\WINDOWS\system32\RYIEHR.EXE
C:\WINDOWS\system32\ryiehr_nav.dat
C:\WINDOWS\system32\ryiehr_navps.dat
C:\WINDOWS\system32\xoztqweao.dat
C:\WINDOWS\system32\xoztqweao_nav.dat
c:\WINDOWS\system32\xoztqweao_navps.dat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-02 au 2008-10-02 ))))))))))))))))))))))))))))))))))))
.

2008-09-30 19:58 . 2008-09-30 19:58 <REP> d-------- C:\Program Files\Lavasoft
2008-09-30 19:57 . 2008-09-30 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-29 15:26 . 2008-09-29 18:32 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-09-29 14:06 . 2008-09-29 14:06 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-28 15:57 . 2008-09-28 15:57 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-09-28 09:14 . 2005-06-21 17:49 62,454 --a------ C:\WINDOWS\system32\igfx.hlp
2008-09-27 16:53 . 2008-09-27 16:58 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-09-27 16:31 . 2008-06-24 13:45 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-09-25 21:24 . 2008-09-25 21:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Nero
2008-09-25 21:19 . 2008-09-27 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-09-25 21:19 . 2008-09-27 16:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-25 18:53 . 2008-09-25 18:54 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InfraRecorder
2008-09-24 22:05 . 2008-09-26 20:36 <REP> d-------- C:\Program Files\AskTBar
2008-09-24 18:45 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\system32\BroSNMP.dll
2008-09-24 18:45 . 2007-01-18 13:51 163,840 --------- C:\WINDOWS\system32\NSSearch.dll
2008-09-24 18:45 . 2007-01-25 17:16 94,208 -r------- C:\WINDOWS\system32\BrDctF2.dll
2008-09-24 18:45 . 2007-01-15 21:54 12,288 -r------- C:\WINDOWS\system32\BrDctF2S.dll
2008-09-24 18:45 . 2007-01-15 16:09 12,288 -r------- C:\WINDOWS\system32\BrDctF2L.dll
2008-09-24 18:45 . 2001-11-15 01:00 6,224 --------- C:\WINDOWS\CVRPAGE.bmp
2008-09-24 18:44 . 2008-09-24 18:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-09-24 15:55 . 2008-09-24 15:55 <REP> dr------- C:\Documents and Settings\Administrateur\Application Data\Brother
2008-09-24 15:14 . 2008-09-24 15:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
2008-09-24 14:28 . 2008-09-24 18:49 434 --a------ C:\WINDOWS\BRWMARK.INI
2008-09-24 14:28 . 2008-09-24 18:49 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-09-24 14:27 . 2008-09-24 18:46 50 --a------ C:\WINDOWS\system32\bridf07a.dat
2008-09-24 14:26 . 2007-01-26 16:14 57,856 --a------ C:\WINDOWS\system32\brinsstr.dll
2008-09-24 14:25 . 2008-09-24 18:46 <REP> d-------- C:\Program Files\Brother
2008-09-24 14:25 . 2007-02-15 13:54 131,072 --------- C:\WINDOWS\brunin03.dll
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Program Files\Nuance
2008-09-24 14:23 . 2008-09-24 14:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-09-24 14:23 . 2006-10-24 15:35 31,831 --a------ C:\WINDOWS\maxlink.ini
2008-09-24 14:22 . 2008-09-24 14:22 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-09-24 14:22 . 2008-09-24 15:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-09-24 14:21 . 2008-09-24 14:21 <REP> d-------- C:\Program Files\ScanSoft
2008-09-24 14:20 . 2008-09-24 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-09-16 15:54 . 2008-09-16 16:16 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-13 19:50 . 2008-09-13 19:57 <REP> d-------- C:\Program Files\Dictionnaire
2008-09-13 16:11 . 2008-09-13 16:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\EPSON
2008-09-13 16:07 . 2008-09-13 16:07 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-09-13 15:53 . 2008-09-13 15:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-13 15:53 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-09-13 15:53 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-09-13 15:53 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-09-13 10:50 . 2008-09-16 16:48 <REP> d-------- C:\Program Files\epson
2008-09-13 10:50 . 2008-09-13 10:50 27 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-12 15:19 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a------ C:\WINDOWS\system32\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 99,840 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a------ C:\WINDOWS\system32\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:47 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2008-09-12 15:18 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-09-04 21:02 . 2008-09-04 21:02 268 --ah----- C:\sqmdata10.sqm
2008-09-04 21:02 . 2008-09-04 21:02 244 --ah----- C:\sqmnoopt09.sqm
2008-09-04 16:20 . 2008-09-30 20:34 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-04 14:33 . 2008-09-28 10:09 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Ahead
2008-09-04 14:32 . 2008-09-04 14:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-04 14:28 . 2008-09-25 21:19 <REP> d-------- C:\Program Files\Nero

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 17:11 --------- d-----w C:\Program Files\Wanadoo
2008-10-02 17:11 --------- d-----w C:\Program Files\SPAMfighter
2008-10-02 10:52 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-09-30 17:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-30 14:57 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-09-28 12:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
2008-09-25 17:48 --------- d-----w C:\Program Files\Yahoo!
2008-09-25 17:47 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-09-24 16:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-24 12:22 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-05 18:09 --------- d-----w C:\Program Files\McDonaldsDragons
2008-08-21 14:36 --------- d-----w C:\Program Files\LimeWire
2008-08-16 17:23 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-12 09:37 --------- d-----w C:\Program Files\ABBYY FineReader 6.0
2008-08-09 07:58 --------- d-----w C:\Program Files\Java
2008-08-05 19:41 921,632 ----a-w C:\PA7311.DAT
2008-08-03 09:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-03 09:04 --------- d-----w C:\Program Files\Ulead Systems
2008-08-03 09:02 --------- d-----w C:\Program Files\Samsung
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-05-13 11:24 513,951 --sha-w C:\WINDOWS\system32\rBcbLRqr.ini2
2008-05-19 20:26 659,372 --sha-w C:\WINDOWS\system32\sYyaJkkj.ini2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-08-02 15360]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 126976]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-07-14 321160]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"a-squared"="C:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-31 2131600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-08-02 15360]
"DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YUY2"= wb9967.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
"VIDC.WJPG"= wb9967.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 W9967CAM;%W9967CAM.Dev%;C:\WINDOWS\system32\DRIVERS\W9967STI.SYS [2001-10-30 10256]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files\SPAMfighter\sfus.exe [2008-07-14 184968]
R3 PAC7311;PLEOMAX PWC-2000;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-09-16 150272]
S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [ ]
S3 USBW9967;SAMSUNG DIGITAL CAMCORDER D5 II;C:\WINDOWS\system32\DRIVERS\2kw9967.sys [2002-07-03 113330]
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
BHO-{E2039728-7F91-4EF5-B084-FACACBFAC017} - (no file)
BHO-{ECAD7F43-31EB-4E49-8158-F33F829B3611} - C:\WINDOWS\system32\jkkJayYs.dll
HKCU-Run-yyiumco - c:\documents and settings\administrateur\local settings\application data\yyiumco.exe
HKLM-Run-inrhc7l7j0er1g - C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt1E.tmp.exe
HKLM-Run-BMa33e3e73 - C:\WINDOWS\system32\eaaqqdku.dll
HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
Notify-byXoomnL - byXoomnL.dll


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\fqc8uv7u.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 19:08:51
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE
.
**************************************************************************
.
Heure de fin: 2008-10-02 19:15:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-02 17:15:34

Avant-CF: 2ÿ914ÿ062ÿ336 octets libres
Après-CF: 6,227,181,568 octets libres

270 --- E O F --- 2008-10-01 19:05:56



A+