Anlyser mon rapport HijackThis

[Blaise972]

Bonjour!

J'ai fait l'erreur d'ouvrir un fichier non fiable sur msn et mon ordinateur a été infecté par un virus que je n'arrive pas a éradiquer. Après avoir essayer pleins de choses, voici le rapport Hijackthis que j'obtiens.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:19:35, on 03/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20733)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\UberIcon\UberIcon Manager.exe

C:\Windows\System32\VisualTaskTips.exe

C:\Program Files\styler\Styler.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Windows Live\Contrôle parental\fssui.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe

C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Everest Poker\Everest Poker.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%%%.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKLM\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"

O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe

O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe

O4 - HKLM\..\Run: [styler] C:\Program Files\styler\Styler.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe

O4 - HKLM\..\Run: [ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe

O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%%%.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\ADS Tech\Instant TV Remote\ADSRMT.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{B0961485-AC05-4C4D-9B28-E041061ADC84}: NameServer = 217.175.160.11 217.175.160.12

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 9796 bytes

 

 

 

Est ce que quelq'un pourrait m'aider à interpreter les résultas afin de régler mon problème. Merci d'avance!

[Thanos]

salut

 

1) Ton pc est infecté par un ver MSN: j'aimerai stp que tu lise ce topic et que tu utilises le programme recommendé (MSNFix) >>

 

- Lis d'abord l'info sous ACTION A MENER ! et n'hésite pas à te rendre sur le site de téléchargement du fichier infecté afin de "Signaler le problème". Si l'hébergeur ne fait pas partie de la liste, communique l'adresse dans ta réponse stp.

 

- Télécharge et utilise MSNFix comme indiqué puis poste le rapport ici dans ton prochain message.

 

2) Passe par > Démarrer / panneau de configuration / Ajout/suppressions de programmes et désinstalle AskTBar ou MyWebSearch

 

3) Télécharge Deckard's System Scanner (DSS) sur ton bureau.

Tu dois possèder les droits administrateurs pour le lancer.

• Ferme toutes les applications en cours (fenêtres internet etc...)
  
• Double-clique sur dss.exe pour lancer le programme.
  
• DSS va afficher un message et te proposer d'installer Hijackthis: clique sur OUI.
  
• Un nouveau message va te demander de t'assurer que ton pare-feu (si tu en as un) accepte bien la connexion de DSS.exe à internet: clique sur OK et donne lui l'accès si tu reçois une alerte de ton pare-feu.
  
• Lorsque le scan est terminé, deux fichiers texte vont s'ouvrir.
  
• Poste le contenu des rapports nommés main.txt et extra.txt
  
• Si tu ne vois pas le rapport, tu le trouvera dans le dossier suivant > C:\Deckard\System Scanner
  

Que fait DSS ? >

• Il créé un point de restauration pour Windows Xp et Vista.
  
• Il nettoie les fichiers temporaires, le contenu du dossier Downloaded Program Files, le cache internet,et vide aussi la corbeille sur tous les lecteurs.
  
• Il contrôle quelques points névralgiques du système et produit un rapport à soumettre à un analyste.
  
• DSS lance automatiquement HijackThis, si tu ne possèdes pas ce programme, il va l'installer et créer un raccourci sur le bureau.
  

Poste les rapports de MSNFix et DSS.

[Blaise972]

Salut!

 

j'ai fais comme tu me l'a demandé et te poste le rapport MSNFix:

 

MSNFix 1.699

 

C:\Program Files\MSNFix

Fix exécuté le 05/04/2008 - 10:18:02,09 By blaise

mode normal

 

************************ Recherche les fichiers présents

 

... C:\WINDOWS\system32\%%%%%.exe

... C:\WINDOWS\system32\%%%%%.exe

... C:\WINDOWS\system32\real.txt

 

************************ Recherche les dossiers présents

 

... \TEMP\

 

 

 

 

************************ Suppression des fichiers

 

.. OK ... C:\WINDOWS\system32\%%.exe

.. OK ... C:\WINDOWS\system32\%%.exe

.. OK ... C:\WINDOWS\system32\%%.exe

/!\ ... C:\WINDOWS\system32\%%%%%.exe

/!\ ... C:\WINDOWS\system32\%%%%%.exe

/!\ ... C:\WINDOWS\system32\%%%%%.exe

/!\ ... C:\WINDOWS\system32\%%%%%.exe

.. OK ... C:\WINDOWS\system32\real.txt

 

 

************************ Suppression des dossiers

 

/!\ ... \TEMP\

 

 

************************ Nettoyage du registre

 

 

 

Les fichiers encore présents seront supprimés au prochain redémarrage

 

 

Aucun Fichier trouvé

.. OK ... C:\WINDOWS\system32\%%.exe

 

 

 

************************ Fichiers suspects

 

Aucun Fichier trouvé

 

 

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 05042008_10310351.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

 

------------------------------------------------------------------------

Auteur : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

 

 

 

Et le rapport DDS:

 

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Professionnel (build 2600) SP 2.0

Architecture: X86; Language: French

 

CPU 0: Intel® Celeron® CPU 2.40GHz

Percentage of Memory in Use: 40%

Physical Memory (total/avail): 1023.53 MiB / 609.7 MiB

Pagefile Memory (total/avail): 2461.23 MiB / 2106.61 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1928.18 MiB

 

A: is Removable (No Media)

C: is Fixed (NTFS) - 97.66 GiB total, 51.08 GiB free.

D: is Fixed (NTFS) - 88.65 GiB total, 70.17 GiB free.

E: is Fixed (FAT32) - 298.01 GiB total, 127.56 GiB free.

F: is CDROM (No Media)

G: is CDROM (No Media)

I: is Fixed (NTFS) - 75.13 GiB total, 71.05 GiB free.

J: is Fixed (NTFS) - 244.14 GiB total, 0.23 GiB free.

K: is Fixed (NTFS) - 146.49 GiB total, 118.28 GiB free.

 

\\.\PHYSICALDRIVE0 - WDC WD2000BB-00RDA0 - 186.31 GiB - 2 partitions

\PARTITION0 (bootable) - Système de fichiers installable - 97.66 GiB - C:

\PARTITION1 - Étendu avec Inter. 13 étendue - 88.65 GiB - D:

 

\\.\PHYSICALDRIVE1 - WD 3200AAJ External USB Device - 298.09 GiB - 1 partition

\PARTITION0 (bootable) - Unknown - 298.08 GiB - E:

 

\\.\PHYSICALDRIVE2 - WD 5000AAK External USB Device - 465.76 GiB - 3 partitions

\PARTITION0 - Système de fichiers installable - 75.13 GiB - I:

\PARTITION1 - Étendu avec Inter. 13 étendue - 390.63 GiB - J: - K:

 

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

 

Unable to create WMI object.

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS

APPDATA=C:\Documents and Settings\Ren‚-Yves.FLERET-8596517B\Application Data

CommonProgramFiles=C:\Program Files\Fichiers communs

COMPUTERNAME=FLERET-8596517B

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Ren‚-Yves.FLERET-8596517B

LOGONSERVER=\\FLERET-8596517B

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0209

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\REN-YV~1.FLE\LOCALS~1\Temp

TMP=C:\DOCUME~1\REN-YV~1.FLE\LOCALS~1\Temp

USERDOMAIN=FLERET-8596517B

USERNAME=Ren‚-Yves

USERPROFILE=C:\Documents and Settings\Ren‚-Yves.FLERET-8596517B

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

René-Yves.FLERET-8596517B (admin)

Maryse.FLERET-8596517B

Administrateur (admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL

--> C:\WINDOWS\UNRecode.exe /UNINSTALL

AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe

AIDA32 v3.93 --> "C:\Program Files\AIDA32 - Personal System Information\unins000.exe"

Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

AVIConverter 3.0 --> C:\Program Files\AVIConverter\uninst.exe

CoreVorbis Audio Decoder (remove only) --> "C:\WINDOWS\system32\CoreVorbis-uninstall.exe"

Correctif Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe

Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"

DivX Codec 3.1alpha release --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Pro Trial --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

eMule --> "C:\Program Files\eMule\Uninstall.exe"

Everest Poker (Remove Only) --> C:\Program Files\Everest Poker\cstart.exe /uninstall

Extension de Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}

ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"

Galerie de photos Windows Live --> MsiExec.exe /X{9D442283-88AD-4F49-8568-18CE6EAA15AF}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

HijackThis 2.0.2 --> "I:\LOGICIELS\CD Logiciels\éliminons les virus\HijackThis.exe" /uninstall

HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat

HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}

Huffyuv AVI lossless video codec (Remove Only) --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF

INSTANT TV Uninstaller --> C:\WINDOWS\p3xunist.exe

Instant TV Utilities --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{477AB148-138C-46D2-820B-0DBFA744CEE8}\setup.exe" -l0x40c -uninst

Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}

Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}

Menus intelligents (Windows Live Toolbar) --> MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}

Messenger Plus! 3 & Sponsor --> "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /Remove

Messenger Plus! Live & Sponsor (CiD) --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft Office XP Professional avec FrontPage --> MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}

Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Mise à jour de sécurité pour Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Morgan Stream Switcher --> "C:\Program Files\Morgan\mmswitch\uninst.exe"

MSNFix 1.699 --> "C:\Program Files\MSNFix\unins000.exe"

MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{1787603C-E6E3-42D4-8034-55F358486F1D}

Nero 8 Trial --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1036}

neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI

PowerQuest PartitionMagic 8.0 Demo --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

SoundMAX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"

Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"

SuperCopier2 --> "C:\Program Files\SuperCopier2\SC2Uninst.exe"

Surligneur (Windows Live Toolbar) --> MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}

Ulead InstaMedia 2.0 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5D78185-94FD-4131-B7F0-7E7771C58E1B}\setup.exe" -l0x40c

VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}

Windows Live Favorites pour Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}

Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Live OneCare Contrôle parental --> MsiExec.exe /X{3677FD57-D0DE-47CD-942E-99913D04C135}

Windows Live Writer --> MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}

XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"

 

 

-- Application Event Log -------------------------------------------------------

 

Event Record #/Type2244 / Success

Event Submitted/Written: 04/05/2008 09:23:15 AM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

 

Event Record #/Type2233 / Success

Event Submitted/Written: 04/04/2008 09:11:37 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

 

Event Record #/Type2220 / Success

Event Submitted/Written: 04/04/2008 07:51:12 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

 

Event Record #/Type2209 / Success

Event Submitted/Written: 04/04/2008 00:10:12 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

 

Event Record #/Type2207 / Success

Event Submitted/Written: 04/04/2008 11:16:54 AM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type9419 / Warning

Event Submitted/Written: 04/05/2008 10:24:51 AM

Event ID/Source: 1007 / Dhcp

Event Description:

Votre ordinateur a automatiquement configuré l'adresse IP pour la

carte avec l'adresse réseau 00112F3124A1. L'adresse IP utilisée est 169.254.84.202.

 

Event Record #/Type9415 / Error

Event Submitted/Written: 04/05/2008 10:15:49 AM

Event ID/Source: 10010 / DCOM

Event Description:

Le serveur {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} ne s'est pas enregistré sur DCOM avant la fin du temps imparti.

 

Event Record #/Type9414 / Error

Event Submitted/Written: 04/05/2008 10:15:19 AM

Event ID/Source: 7034 / Service Control Manager

Event Description:

Le service Service Messenger Sharing Folders USN Journal Reader s'est terminé de façon inattendue pour la 1ème fois.

 

Event Record #/Type9413 / Error

Event Submitted/Written: 04/05/2008 10:15:16 AM

Event ID/Source: 7034 / Service Control Manager

Event Description:

Le service Kaspersky Anti-Virus 6.0 s'est terminé de façon inattendue pour la 1ème fois.

 

Event Record #/Type9412 / Warning

Event Submitted/Written: 04/05/2008 09:23:24 AM

Event ID/Source: 1007 / Dhcp

Event Description:

Votre ordinateur a automatiquement configuré l'adresse IP pour la

carte avec l'adresse réseau 00112F3124A1. L'adresse IP utilisée est 169.254.84.202.

 

 

 

-- End of Deckard's System Scanner: finished at 2008-04-05 10:50:43 ------------

 

 

 

Merci pour ton aide!

[Thanos]

salut

 

L'infection a été éradiquée par MSNFix

Il manque un rapport! stp poste moi le contenu du rapport main.txt que tu trouveras dans ce dossier >> C:\Deckard\System Scanner

 

Je vois que tu as installé Messenger Plus! Live & Sponsor (CiD) >> Lorsque tu installes Messenger, ne coche surtout pas la case "J'accepte, installer Messenger Plus! avec le programme de sponsor" sinon tu a droit à de jolies pubs en supplément lorsque tu surfes sur internet! >

Voilà les autres programmes à éviter (ils installent aussi CID): la liste n'est pas exhaustive >

BitDownload

BitGrabber

BitRoll

MessengerPlus! 3

Messenger Plus! Live

NetPumper

TorrentQ

Torrent101

On va voir si l'adware installé est encore sur ton pc et on l'éliminera (rien de bien méchant!).

 

Profite en pour faire un scan en ligne >>

 

http://www.nanoscan.com/as/v1/principal.aspx?Lang=en

En images ici > http://www.malekal.com/scan_Av_en_ligne.php#mozTocId131054

• Il faut choisir Full Scan (et pas QuickScan) >
  
• Poste le rapport qu'il t'affichera à la fin.
  
• Note: Tu n'es pas obligé de donner ton email, tu peux utiliser une adresse jetable si tu le souhaites : http://www.jetable.org/fr/index
  
• Si ca ne fonctionne pas, assure toi que Internet Explorer est correctement configuré pour le scan en ligne comme indiqué ici : http://www.malekal.com/scan_Av_en_ligne.html#mozTocId898809 .
  

Poste les deux rapports demandés stp

[Blaise972]

Salut!

 

Visiblement je n'est plus d'alertes incessantes de mon anti-virus et je te remercie beaucoup pour l'aide précieuse que tu m'a apporter.

 

Voici le rapport main.txt :

 

Deckard's System Scanner v20071014.68

Run by René-Yves on 2008-04-05 10:46:52

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 5 Restore Point(s) --

94: 2008-04-05 14:47:04 UTC - RP94 - Deckard's System Scanner Restore Point

93: 2008-04-04 15:53:31 UTC - RP93 - Point de vérification système

92: 2008-04-03 13:13:22 UTC - RP92 - AntiVir PersonalEdition Classic - 03/04/2008 09:13

91: 2008-04-03 02:10:41 UTC - RP91 - Software Distribution Service 3.0

90: 2008-04-02 21:18:20 UTC - RP90 - mamandoudou1

 

 

-- First Restore Point --

1: 2008-02-27 21:11:05 UTC - RP1 - Point de vérification système

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as ryf.exe) -------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:48:43, on 05/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20733)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\UberIcon\UberIcon Manager.exe

C:\Windows\System32\VisualTaskTips.exe

C:\Program Files\styler\Styler.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Windows Live\Contrôle parental\fssui.exe

C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe

C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\René-Yves.FLERET-8596517B\Bureau\dss.exe

I:\LOGICI~1\CDLOGI~1\LIMINO~1\René-Yves.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKLM\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"

O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe

O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe

O4 - HKLM\..\Run: [styler] C:\Program Files\styler\Styler.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun

O4 - HKLM\..\Run: [Matchlock Scheduling] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe

O4 - HKLM\..\Run: [ulead Remote Control Center] C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKLM\..\RunOnce: [AskTBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: TV Remote Control.lnk = C:\Program Files\ADS Tech\Instant TV Remote\ADSRMT.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{B0961485-AC05-4C4D-9B28-E041061ADC84}: NameServer = 217.175.160.11 217.175.160.12

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 8969 bytes

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>

R3 Cap713x (Philips Cap713x Video Capture) - c:\windows\system32\drivers\cap713x.sys <Not Verified; Philips Semiconductors GmbH; Philips Semiconductors Cap713x>

R3 catchme - c:\docume~1\ren-yv~1.fle\locals~1\temp\catchme.sys (file missing)

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

All services whitelisted.

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

Class GUID:

Description: EyeToy USB camera Namtai

Device ID: USB\VID_054C&PID_0155&MI_00\6&15542B79&0&0000

Manufacturer:

Name: EyeToy USB camera Namtai

PNP Device ID: USB\VID_054C&PID_0155&MI_00\6&15542B79&0&0000

Service:

 

Class GUID:

Description: Contrôleur PCI de communications simplifiées

Device ID: PCI\VEN_14F1&DEV_2F01&SUBSYS_900616EF&REV_01\3&61AAA01&0&68

Manufacturer:

Name: Contrôleur PCI de communications simplifiées

PNP Device ID: PCI\VEN_14F1&DEV_2F01&SUBSYS_900616EF&REV_01\3&61AAA01&0&68

Service:

 

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: Carte audio compatible Sound Blaster 16 ou AWE32 (WDM)

Device ID: ROOT\MEDIA\0000

Manufacturer: Creative Technology Ltd.

Name: Carte audio compatible Sound Blaster 16 ou AWE32 (WDM)

PNP Device ID: ROOT\MEDIA\0000

Service: ctlsb16

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-04-04 20:00:00 374 --a------ C:\WINDOWS\Tasks\HPpromotions journeysoftware.job

 

 

-- Files created between 2008-03-05 and 2008-04-05 -----------------------------

 

2008-04-05 10:39:34 245760 --a------ C:\Program Files\Uninstall Ask Toolbar.dll <Not Verified; Ask.com; Ask Toolbar for Internet Explorer>

2008-04-05 10:15:12 0 d-------- C:\Program Files\MSNFix

2008-04-05 09:18:46 0 d-------- C:\WINDOWS\system32\oobe

2008-04-05 09:15:08 0 d-------- C:\BackUpMSNCleaner

2008-04-03 09:50:39 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2008-04-03 09:13:51 0 d-------- C:\Program Files\Avira

2008-04-03 09:13:51 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

2008-04-02 21:37:32 0 d-------- C:\Program Files\eMule

2008-04-02 21:21:01 0 d-------- C:\Program Files\Everest Poker

2008-04-02 18:07:10 691545 --a------ C:\WINDOWS\unins000.exe

2008-04-02 18:07:10 2567 --a------ C:\WINDOWS\unins000.dat

2008-04-02 17:35:42 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2008-04-02 14:07:19 686080 -ra------ C:\WINDOWS\system32\drivers\Cap713x.sys <Not Verified; Philips Semiconductors GmbH; Philips Semiconductors Cap713x>

2008-04-02 13:48:59 0 d-------- C:\Program Files\Windows Installer Clean Up

2008-04-02 13:48:32 0 d-------- C:\Program Files\MSECACHE

2008-04-02 13:37:12 0 d-------- C:\WINDOWS\pss

2008-04-02 12:07:48 327 --a------ C:\WINDOWS\system32\xhppcu.exe

2008-04-02 11:59:13 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>

2008-04-02 11:59:13 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>

2008-04-02 11:59:12 974848 --a------ C:\WINDOWS\SynthCoreA.Dll <Not Verified; Analog Devices, Inc.; SoundMAX Wavetable>

2008-04-02 11:59:12 380928 --a------ C:\WINDOWS\SynCor.exe <Not Verified; Analog Devices, Inc.; SynthCore>

2008-04-02 11:59:11 0 d-------- C:\WINDOWS\VirtualEar

2008-04-02 11:59:11 45056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll <Not Verified; Analog Devices, Inc.; Analog Devices, Inc. SynthCore11Resources>

2008-04-02 11:59:11 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>

2008-04-02 11:59:11 49152 --a------ C:\WINDOWS\system32\S11thk32.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>

2008-04-02 11:59:11 765952 --a------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>

2008-04-02 11:59:10 45056 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>

2008-04-02 11:59:10 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>

2008-04-02 11:59:10 0 d-------- C:\Program Files\Analog Devices

2008-04-02 11:59:09 44 --a------ C:\WINDOWS\system32\msssc.dll

2008-04-02 11:17:21 0 d-------- C:\Documents and Settings\ren??-yves.fleret-8596517b\application data

2008-04-02 11:17:21 0 d-------- C:\Documents and Settings\ren??-yves.fleret-8596517b\Application Data\nero

2008-04-02 11:11:22 64156 -----n--- C:\WINDOWS\system32\%%%%%.exe

2008-04-01 21:28:22 0 d-------- C:\Documents and Settings\René-Yves.FLERET-8596517B\Application Data\Ulead Systems

2008-04-01 21:26:43 0 d-------- C:\Program Files\Ulead Systems

2008-04-01 21:26:37 0 d-------- C:\Program Files\Fichiers communs\Ulead Systems

2008-04-01 17:49:10 0 d-------- C:\Program Files\AIDA32 - Personal System Information

2008-04-01 15:23:16 60032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

2008-04-01 12:31:57 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-04-01 12:31:57 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-04-01 12:31:34 29984 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-04-01 12:31:34 4297248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-03-31 19:57:20 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-03-31 19:35:58 0 d-------- C:\Program Files\Windows Live Favorites

2008-03-31 19:35:51 0 d-------- C:\Program Files\Windows Live Toolbar

2008-03-31 15:19:10 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab

2008-03-31 15:18:35 0 d-------- C:\KAV

2008-03-19 18:58:39 0 d-------- C:\Documents and Settings\Maryse.FLERET-8596517B\Application Data\Macromedia

2008-03-19 18:58:39 0 d-------- C:\Documents and Settings\Maryse.FLERET-8596517B\Application Data\Adobe

2008-03-19 16:52:42 298096 --a------ C:\Documents and Settings\René-Yves.FLERET-8596517B\Application Data\GDIPFONTCACHEV1.DAT

2008-03-19 10:06:04 298096 --a------ C:\Documents and Settings\Maryse.FLERET-8596517B\Application Data\GDIPFONTCACHEV1.DAT

2008-03-15 08:33:07 0 d-------- C:\Documents and Settings\Maryse.FLERET-8596517B\Application Data\Google

2008-03-13 08:31:01 0 d-------- C:\Documents and Settings\René-Yves.FLERET-8596517B\Application Data\WinRAR

2008-03-11 14:59:38 0 d-------- C:\Documents and Settings\René-Yves.FLERET-8596517B\Application Data\Google

2008-03-11 13:44:23 0 d-------- C:\Documents and Settings\Maryse.FLERET-8596517B\Application Data\Nero

2008-03-11 12:04:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google

2008-03-11 10:12:29 33533 --a------ C:\WINDOWS\system32\CoreVorbis-uninstall.exe

2008-03-11 10:12:26 36734 --a------ C:\WINDOWS\system32\OggDSuninst.exe

2008-03-11 10:12:07 77824 --a------ C:\WINDOWS\system32\MMSwitch.dll

2008-03-11 10:12:07 40960 --a------ C:\WINDOWS\system32\MMAVILNG.exe

2008-03-11 10:12:07 0 d-------- C:\Program Files\Morgan

2008-03-11 10:12:04 0 d-------- C:\Program Files\AC3Filter

2008-03-11 10:12:00 0 d-------- C:\Program Files\XviD

2008-03-11 10:11:45 1682 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys

2008-03-11 10:11:45 56 -r-hs---- C:\WINDOWS\system32\E5A5429D30.sys

2008-03-11 10:11:40 0 d-------- C:\Program Files\DivX

2008-03-11 10:02:08 0 d-------- C:\Documents and Settings\René-Yves.FLERET-8596517B\Application Data\Nero

2008-03-11 09:58:20 0 d-------- C:\Program Files\Fichiers communs\Nero

2008-03-11 09:58:20 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero

2008-03-11 09:51:02 0 d-------- C:\Program Files\AskTBar

2008-03-11 09:25:17 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!

2008-03-11 06:37:39 31744 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>

2008-03-11 06:36:00 19696 -----n--- C:\WINDOWS\hpomdl05.dat

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-04-02 14:02:35 0 d-------- C:\Program Files\ADS Tech

2008-04-02 13:58:10 0 d-------- C:\Program Files\Windows Live

2008-04-02 11:59:09 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-04-02 11:20:10 0 d-------- C:\Program Files\Nero

2008-04-02 11:20:10 0 d-------- C:\Program Files\Fichiers communs\Ahead

2008-04-01 21:26:37 0 d-------- C:\Program Files\Fichiers communs

2008-04-01 21:23:34 0 d-------- C:\Program Files\Fichiers communs\InstallShield

2008-04-01 18:42:44 465918 --a------ C:\WINDOWS\system32\perfh00C.dat

2008-04-01 18:42:44 74120 --a------ C:\WINDOWS\system32\perfc00C.dat

2008-04-01 11:07:18 0 d-------- C:\Program Files\Messenger Plus! Live

2008-03-31 15:19:10 0 d-------- C:\Program Files\Kaspersky Lab

2008-03-23 09:53:47 34303 --a------ C:\WINDOWS\system32\usb3

2008-03-11 12:04:12 0 d-------- C:\Program Files\Google

2008-03-11 10:12:22 0 d-------- C:\Program Files\ffdshow

2008-03-04 14:56:54 0 d-------- C:\Program Files\AVIConverter

2008-02-29 23:59:36 0 d-------- C:\Program Files\MSXML 6.0

2008-02-29 18:34:58 0 d-------- C:\Program Files\Messenger Plus! 3

2008-02-29 10:26:27 0 d-------- C:\Documents and Settings\René-Yves.FLERET-8596517B\Application Data\vlc

2008-02-28 21:16:16 0 d-------- C:\Documents and Settings\René-Yves.FLERET-8596517B\Application Data\Macromedia

2008-02-28 13:43:25 0 d-------- C:\Program Files\Trend Micro

2008-02-28 12:55:25 0 d-------- C:\Documents and Settings\René-Yves.FLERET-8596517B\Application Data\Adobe

2008-02-28 10:41:57 0 d-------- C:\Documents and Settings\René-Yves.FLERET-8596517B\Application Data\Xentient

2008-02-28 10:40:51 0 d-------- C:\Documents and Settings\René-Yves.FLERET-8596517B\Application Data\Styler

2008-02-28 10:40:40 0 d-------- C:\Documents and Settings\René-Yves.FLERET-8596517B\Application Data\Identities

2008-02-28 05:22:47 0 d-------- C:\Program Files\PowerQuest

2008-02-27 17:26:26 62 --ahs---- C:\Documents and Settings\René-Yves.FLERET-8596517B\Application Data\desktop.ini

2008-02-27 17:11:04 0 d-------- C:\Program Files\Styler

2008-02-27 16:59:37 0 d-------- C:\Program Files\Compare It!

2008-02-27 16:42:42 21892 --a------ C:\WINDOWS\system32\emptyregdb.dat

2008-02-27 16:42:04 0 d-------- C:\Program Files\Windows Media Connect 2

2008-02-23 19:34:22 0 d-------- C:\Program Files\Java

2008-02-23 19:17:06 0 d-------- C:\Program Files\Fichiers communs\Java

2008-02-17 10:15:45 0 d-------- C:\Program Files\Proc Camp Settings

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]

C:\Program Files\Windows Live\Contrôle parental\fssbho.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [25/10/2007 15:28]

"nwiz"="nwiz.exe" [25/10/2007 15:29 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [25/10/2007 15:29]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/01/2007 16:59]

"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [17/07/2006 18:16]

"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [25/10/2007 15:17]

"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [29/07/2006 22:37]

"Styler"="C:\Program Files\styler\Styler.exe" [03/05/2006 06:48]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [13/09/2004 14:49]

"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [01/03/2007 13:57]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03/12/2007 13:21]

"fssui"="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" []

"Matchlock Scheduling"="C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\Monitor.exe" [14/03/2005 09:58]

"Ulead Remote Control Center"="C:\Program Files\Ulead Systems\Ulead InstaMedia 2.0\RMC.exe" [18/03/2005 03:49]

"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [25/10/2007 15:17]

"MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [29/02/2008 18:34]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 10:34]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [13/12/2007 18:10]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [13/03/2005 19:37]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"WIAWizardMenu"=RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

"AskTBar Uninstall"=rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]

"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"

"tscuninstall"=%systemroot%\system32\tscupgrd.exe

"nltide3"=cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C

"nltide_2"=regsvr32 /s /n /i:U shell32

"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

 

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\

D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [04/11/2004 19:50:52]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoRemoteRecursiveEvents"=1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoUserNameInStartMenu"=1 (0x1)

"NoSMHelp"=1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoUserNameInStartMenu"=1 (0x1)

"NoSMHelp"=1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

C:\WINDOWS\System32\dimsntfy.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService WebClient LmHosts upnphost SSDPSRV

NetworkService

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

AutoRun\command- F:\ADSTech.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{306f3a40-a8bb-11dc-8310-9192e078a8b9}]

AutoRun\command- droit.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67431009-eb6a-11dc-bf3b-00112f3124a1}]

Auto\command- fun.xls.exe

AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

 

 

 

 

-- End of Deckard's System Scanner: finished at 2008-04-05 10:50:43 ------------

 

 

 

 

 

j'ai pu faire le scan en ligne (non pas sans difficulté) et j'ai pu obtenir le rapport suivant:

 

;****************************************************************************

*********************************************************************************

**********************

ANALYSIS: 2008-04-09 19:51:51

PROTECTIONS: 1

MALWARE: 23

SUSPECTS: 0

;*******************************************************************************

*********************************************************************************

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

=================================================================================

===================

Kaspersky Anti-Virus 6.0 6.0.2.621 No Yes

;===============================================================================

=================================================================================

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

=================================================================================

===================

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Maryse.FLERET-8596517B\Cookies\maryse@atdmt[1].txt

00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\MSNFix\incl\Process.exe

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@247realmedia[1].txt

00145758 Cookie/Mysearch TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@mysearch[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@com[2].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@xiti[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Maryse.FLERET-8596517B\Cookies\maryse@xiti[1].txt

00167724 Cookie/HotLog TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@hotlog[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@ad.yieldmanager[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@bs.serving-sys[1].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@weborama[2].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Maryse.FLERET-8596517B\Cookies\maryse@weborama[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@adtech[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@advertising[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@ads.pointroll[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@overture[2].txt

00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@metriweb[1].txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Cookies\rené-yves@smartadserver[1].txt

00288208 Application/HideWindow.S HackTools No 0 No No C:\WINDOWS\i386\CMDOW.EX_[CMDOW.EXE]

00288208 Application/HideWindow.S HackTools No 0 Yes No C:\WINDOWS\system32\cmdow.exe

00505668 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{168BC560-C7D8-4D77-A742-F1EE50496225}\RP95\A0025728.DLL

02222060 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{168BC560-C7D8-4D77-A742-F1EE50496225}\RP25\A0006478.exe

02888294 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP242\A0075863.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP234\A0072776.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP235\A0072810.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP235\A0072821.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP236\A0072852.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP236\A0072864.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP237\A0072896.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP237\A0072908.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP237\A0073908.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP237\A0073946.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP234\A0071761.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP238\A0073986.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP240\A0074029.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP240\A0074056.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP241\A0075583.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP241\A0075742.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP242\A0075783.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP242\A0075792.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP242\A0075818.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP242\A0075838.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP242\A0075854.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP238\A0073970.exe

02895561 Adware/Lop Adware No 0 Yes No C:\System Volume Information\_restore{2E063751-320C-4695-A45A-DF2666C6C29A}\RP234\A0072759.exe

02912372 Trj/Agent.IMZ Virus/Trojan No 0 Yes No C:\Documents and Settings\René-Yves.FLERET-8596517B\Bureau\catchme.zip[%%0e+000xe]

;===============================================================================

=================================================================================

===================

SUSPECTS

Sent Location ×=

;===============================================================================

=================================================================================

===================

;===============================================================================

=================================================================================

===================

VULNERABILITIES

Id Severity Description ×=

;===============================================================================

=================================================================================

===================

182048 HIGH MS07-069 ×=

150243 HIGH MS07-008 ×=

108742 MEDIUM MS06-006 ×=

93454 MEDIUM MS05-049 ×=

 

Merci d'avance!