[résolu] fotomoto ne veut pas partir

[Rogerval]

Salut,

 

Apparemment AVG a eu l'air de fonctionner, mais hélas, pas de rapport à la fin...

 

Du coup, je vous ai fait un ch'ti rapport Hijack....

 

J'ai passé 2 fois windows defender, qui me trouvait fotomoto, là rien... je réessaie en fin d'après midi et vous confirme, mais si vous pouvez regardez mon Hijack...

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:33:01, on 23/11/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\conime.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iTunes\iTunes.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Roger\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...esame/login.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk.disabled

O4 - Global Startup: Adobe Reader Synchronizer.lnk.disabled

O4 - Global Startup: Bluetooth Manager.lnk.disabled

O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk.disabled

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: *.canalplay.com

O15 - Trusted Zone: *.canalplusactive.com

O15 - Trusted Zone: *.canalplay.com (HKLM)

O15 - Trusted Zone: *.canalplusactive.com (HKLM)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Users\Roger\AppData\Roaming\__c002ACE6.dat

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe

O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 10565 bytes

[Rogerval]

rrrraaaaaaaaaaaahhhhhhhh !!!!

 

C'est pas possible... Windows defender viens de m'ouvrir une nouvelle alerte !! fotomoto again....

 

 

A l'aiiiiide !!!!

[Rogerval]

De pire en pire, des fenetres à la con s'ouvre, me proposant de télécharger des anti spywares....

 

C'est horrible !

[Thanos]

re!

 

Ok, comme je t'ai dit, l'infection est quelque peu collante...continue comme ceci stp >

 

Avec l'UAC toujours désactivé, utilise le programme suivant >

 

Télécharge Deckard's System Scanner (DSS) sur ton bureau.

Tu dois possèder les droits administrateurs pour le lancer.

• Ferme toutes les applications en cours (fenêtres internet etc...)
  
• Double-clique sur dss.exe et clique sur ok au message qui s'affiche.
  
• Lorsque le scan est terminé, deux fichiers texte vont s'ouvrir.
  
• Poste le contenu du rapport nommé main.txt
  
• Si tu ne vois pas le rapport, tu le trouvera dans le dossier suivant > C:\Deckard\System Scanner
  

[Rogerval]

Encore merci.

 

Voici le rapport :

 

Main :

 

Deckard's System Scanner v20071014.68

Run by Roger on 2007-11-23 18:40:25

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- Last 5 Restore Point(s) --

17: 2007-11-23 10:46:49 UTC - RP136 - Windows Defender Checkpoint

16: 2007-11-22 17:30:41 UTC - RP134 - Windows Defender Checkpoint

15: 2007-11-22 16:53:39 UTC - RP132 - Installed FileMaker Pro 9 Advanced

14: 2007-11-22 15:57:17 UTC - RP131 - Installed Windows Mobile Device Center

13: 2007-11-22 15:48:42 UTC - RP130 - Installed Windows Mobile Device Center Driver Update

 

 

-- First Restore Point --

1: 2007-11-21 13:38:24 UTC - RP115 - Windows Defender Checkpoint

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as Roger.exe) -----------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:43:37, on 23/11/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Windows\system32\rundll32.exe

C:\Windows\explorer.exe

C:\Windows\system32\conime.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Users\Roger\Desktop\dss.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Roger\DOWNLO~1\Roger.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...esame/login.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0BE8F526-8E56-4C66-9755-6FD3986EA374} - C:\Users\Roger\AppData\Local\Temp\hggfc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: {82dc8660-e59c-97f9-dec4-22f6d949c4c8} - {8c4c949d-6f22-4ced-9f79-c95e0668cd28} - C:\Windows\system32\qakghjuk.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\Windows\system32\gmdqcctp.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll

O2 - BHO: (no name) - {DD1A34F1-B8D4-4A0F-89FA-49B9073BF4F4} - C:\Users\Roger\AppData\Local\Temp\hggfc.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\Windows\system32\gmdqcctp.dll

O4 - HKLM\..\Run: [42efb70d] rundll32.exe "C:\Windows\system32\pgnjkwaw.dll",b

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk.disabled

O4 - Global Startup: Adobe Reader Synchronizer.lnk.disabled

O4 - Global Startup: Bluetooth Manager.lnk.disabled

O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk.disabled

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: *.canalplay.com

O15 - Trusted Zone: *.canalplusactive.com

O15 - Trusted Zone: *.canalplay.com (HKLM)

O15 - Trusted Zone: *.canalplusactive.com (HKLM)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\system32\__c00EE4FE.dat

O20 - Winlogon Notify: gmdqcctp - C:\Windows\SYSTEM32\gmdqcctp.dll

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DomainService - - C:\Windows\system32\tgrollhk.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe

O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 12440 bytes

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

All drivers whitelisted.

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 DomainService - c:\windows\system32\tgrollhk.exe /service <Not Verified; ; DDC>

R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

 

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)

S3 PACSPTISVR - c:\program files\common files\sony shared\avlib\pacsptisvr.exe <Not Verified; ; PACSPTISVR Module>

S3 VundoFixSvc (VundoFix Service) - vundofixsvc.exe <Not Verified; Atribune.org; Vundofix Service>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-11-21 15:56:02 496 --a------ C:\Windows\Tasks\AdwareAlert Scheduled Scan.job

 

 

-- Files created between 2007-10-23 and 2007-11-23 -----------------------------

 

2007-11-23 16:49:19 0 d-------- C:\Program Files\Gadwin Systems

2007-11-23 14:09:58 0 d-------- C:\Program Files\Navilog1

2007-11-23 12:22:04 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>

2007-11-23 11:51:58 85056 --a------ C:\Windows\system32\pgnjkwaw.dll

2007-11-23 11:51:56 83520 --a------ C:\Windows\system32\qakghjuk.dll

2007-11-23 11:49:18 4672 --a------ C:\Windows\system32\irlcpiwk.exe

2007-11-23 11:49:17 145984 --a------ C:\Windows\system32\gmdqcctp.dll

2007-11-23 11:48:56 145984 --a------ C:\Windows\system32\cxkclohv.dll

2007-11-23 11:46:16 10816 --a------ C:\Windows\system32\__c00EE4FE.dat

2007-11-23 11:46:15 10816 --a------ C:\Windows\system32\voddmnxr.dll

2007-11-23 11:46:14 71232 --a------ C:\Windows\system32\tgrollhk.exe <Not Verified; ; DDC>

2007-11-22 18:48:57 0 d-------- C:\Windows\Sun

2007-11-22 16:56:51 12 --a------ C:\Windows\bthservsdp.dat

2007-11-22 12:39:06 0 d-------- C:\Program Files\IZArc

2007-11-22 10:31:18 0 --a------ C:\Windows\nsreg.dat

2007-11-22 10:05:49 0 d-------- C:\VundoFix Backups

2007-11-22 09:44:33 0 d-------- C:\Program Files\Yahoo!

2007-11-22 09:44:23 0 d-------- C:\Program Files\CCleaner

2007-11-21 18:49:08 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-11-21 18:28:51 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller

2007-11-21 18:28:17 0 d-------- C:\Program Files\Windows Live

2007-11-21 16:52:11 0 d-------- C:\Program Files\iPod

2007-11-21 16:49:32 0 d-------- C:\Program Files\QuickTime

2007-11-21 16:48:32 0 d-------- C:\Program Files\Apple Software Update

2007-11-21 16:47:35 0 d-------- C:\Program Files\Common Files\Apple

2007-11-21 16:36:01 0 d-------- C:\Program Files\iTunes

2007-11-21 11:43:56 0 d-------- C:\Windows\PCHEALTH

2007-11-21 11:43:56 0 d-------- C:\Program Files\Microsoft.NET

2007-11-21 11:38:40 0 d-------- C:\Program Files\Microsoft Visual Studio 8

2007-11-21 11:34:39 0 dr-h----- C:\MSOCache

2007-11-21 11:22:27 36352 --a------ C:\Windows\system32\awtqpml.dll

2007-11-21 11:20:13 0 d-------- C:\Program Files\uTorrent

2007-10-29 09:48:42 0 d-------- C:\Program Files\Common Files\Odbc

2007-10-29 09:48:29 0 d-------- C:\Program Files\FileMaker

2007-10-25 17:46:46 0 d-------- C:\Program Files\Alwil Software

2007-10-25 17:42:05 0 d-------- C:\Program Files\Common Files\Macrovision Shared

2007-10-25 17:34:22 0 d--hs---- C:\Windows\ftpcache

2007-10-25 17:10:25 86016 --a------ C:\Windows\system32\cbasepipe.dll <Not Verified; Sage; CBase>

2007-10-25 16:47:44 90112 --a------ C:\Windows\system32\cbasetcp.dll <Not Verified; Sage; CBase>

2007-10-25 16:47:40 696320 --a------ C:\Windows\system32\CBTCP32.dll <Not Verified; Sage; CBase>

2007-10-25 16:47:40 696320 --a------ C:\Windows\system32\CBNpip32.dll <Not Verified; Sage; CBase>

2007-10-25 16:47:40 651264 --a------ C:\Windows\system32\CBloc32.dll <Not Verified; Sage; CBase>

2007-10-25 16:47:40 696320 --a------ C:\Windows\system32\cbase32.dll <Not Verified; Sage; CBase>

2007-10-25 16:43:46 1966080 --a------ C:\Windows\system32\cdintf251.dll <Not Verified; Amyuni Technologies

http://www.amyuni.com; Amyuni Common Driver Interface>

2007-10-25 16:43:42 536576 --a------ C:\Windows\system32\SAGEPERS.DLL

2007-10-25 16:43:42 274432 --a------ C:\Windows\system32\crun500.dll <Not Verified; Compagnie Internationale d'Edition de Logiciel; CRun Dynamic Link Library>

2007-10-25 16:43:42 0 d-------- C:\Program Files\Maestria

2007-10-25 16:43:41 86016 --a------ C:\Windows\system32\mlcorert.dll <Not Verified; Sage; Sage runtime librairie>

2007-10-25 16:43:41 0 d-------- C:\Program Files\Common Files\SAGE

2007-10-25 16:43:40 278528 --a------ C:\Windows\system32\cbaselocal.dll <Not Verified; Sage; CBase>

2007-10-25 16:43:38 606208 --a------ C:\Windows\system32\cbaseintf.dll <Not Verified; Sage; CBase>

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Voisinage réseau

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Voisinage d'impression

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\SendTo

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Recent

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Modèles

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Mes documents

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Menu Démarrer

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Local Settings

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Cookies

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Application Data

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Videos

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Searches

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Saved Games

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Pictures

2007-10-25 09:30:48 3145728 --ahs---- C:\Users\Roger\NTUSER.DAT

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Music

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Links

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Favorites

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Downloads

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Documents

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Desktop

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Contacts

2007-10-25 09:30:48 0 d--h----- C:\Users\Roger\AppData

2007-10-25 09:25:12 0 d-------- C:\Windows\SoftwareDistribution

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-11-23 18:40:14 0 d-------- C:\Users\Roger\AppData\Roaming\Skype

2007-11-23 14:06:44 693588 --a------ C:\Windows\system32\perfh00C.dat

2007-11-23 14:06:44 118450 --a------ C:\Windows\system32\perfc00C.dat

2007-11-23 11:49:12 0 d-------- C:\Users\Roger\AppData\Roaming\uTorrent

2007-11-22 20:07:35 0 d-------- C:\Users\Roger\AppData\Roaming\HouseCall 6.6

2007-11-22 18:13:50 0 d-------- C:\Users\Roger\AppData\Roaming\Leadertech

2007-11-21 18:28:51 0 d-------- C:\Program Files\Common Files

2007-11-21 16:52:39 0 d-------- C:\Users\Roger\AppData\Roaming\Apple Computer

2007-11-21 15:45:09 0 d-------- C:\Users\Roger\AppData\Roaming\AdwareAlert

2007-11-21 15:10:30 0 d-------- C:\Users\Roger\AppData\Roaming\FileMaker

2007-11-21 11:48:01 0 d-------- C:\Program Files\Microsoft Works

2007-11-21 11:47:37 0 d-------- C:\Program Files\MSBuild

2007-11-21 11:18:42 0 d-------- C:\Users\Roger\AppData\Roaming\Mozilla

2007-11-14 18:37:38 0 d-------- C:\Program Files\Windows Mail

2007-11-14 16:29:20 0 d-------- C:\Users\Roger\AppData\Roaming\Sage

2007-11-05 12:03:59 0 d-------- C:\Program Files\Java

2007-10-29 10:01:19 0 d-------- C:\Program Files\Google

2007-10-29 09:58:17 0 d-------- C:\Program Files\Norton Save and Restore

2007-10-29 09:58:14 0 d-------- C:\Program Files\Common Files\Symantec Shared

2007-10-29 09:54:13 0 d-------- C:\Program Files\DivX

2007-10-26 18:58:58 174 --ahs---- C:\Program Files\desktop.ini

2007-10-26 18:56:55 0 d-------- C:\Program Files\Windows Calendar

2007-10-26 12:17:01 0 d-------- C:\Users\Roger\AppData\Roaming\DivX

2007-10-25 17:45:07 0 d-------- C:\Users\Roger\AppData\Roaming\Google

2007-10-25 17:42:53 0 d-------- C:\Users\Roger\AppData\Roaming\Adobe

2007-10-25 17:38:28 0 d-------- C:\Program Files\Common Files\Adobe

2007-10-25 17:30:45 0 d-------- C:\Users\Roger\AppData\Roaming\Macromedia

2007-10-25 16:47:37 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-10-25 16:09:15 0 d-------- C:\Users\Roger\AppData\Roaming\Sony Corporation

2007-10-25 15:06:10 0 d-------- C:\Users\Roger\AppData\Roaming\temp

2007-10-25 13:38:02 0 d-------- C:\Program Files\Lecteur CANALPLAY

2007-09-17 19:23:00 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>

2007-09-17 19:23:00 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>

2007-09-17 19:22:58 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>

2007-09-17 19:22:58 739840 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>

2007-08-24 18:08:24 1275392 --a------ C:\Windows\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP 2>

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0BE8F526-8E56-4C66-9755-6FD3986EA374}]

21/11/2007 11:27 315488 --a------ C:\Users\Roger\AppData\Local\Temp\hggfc.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8c4c949d-6f22-4ced-9f79-c95e0668cd28}]

23/11/2007 11:51 83520 --a------ C:\Windows\system32\qakghjuk.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

23/11/2007 11:49 145984 --a------ C:\Windows\system32\gmdqcctp.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD1A34F1-B8D4-4A0F-89FA-49B9073BF4F4}]

21/11/2007 11:27 315488 --a------ C:\Users\Roger\AppData\Local\Temp\hggfc.dll

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\Windows\system32\gmdqcctp.dll [23/11/2007 11:49 145984]

 

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"42efb70d"="C:\Windows\system32\pgnjkwaw.dll" [23/11/2007 11:51]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34]

"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [20/08/2007 09:42]

 

C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 - Capture d'‚cran et lancement.lnk.disabled [22/11/2007 17:11:32]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Synchronizer.lnk.disabled [25/10/2007 17:40:43]

Bluetooth Manager.lnk.disabled [25/10/2007 09:33:54]

Lancement rapide d'Adobe Acrobat.lnk.disabled [22/11/2007 17:48:02]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

"EnableLUA"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gmdqcctp]

gmdqcctp.dll 23/11/2007 11:49 145984 C:\Windows\System32\gmdqcctp.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

VESWinlogon.dll 24/07/2007 18:26 98304 C:\Windows\System32\VESWinlogon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\Windows\system32\__c00EE4FE.dat

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\Users\Roger\AppData\Local\Temp\hggfc.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"__c002ACE6"=rundll32.exe "C:\Users\Roger\AppData\Roaming\__c002ACE6.dat",B

"42efb70d"=rundll32.exe "C:\Users\Roger\AppData\Local\Temp\dxmeuvvk.dll",b

"cmds"=rundll32.exe C:\Users\Roger\AppData\Local\Temp\hggfc.dll,c

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"42efb70d"=rundll32.exe "C:\Users\Roger\AppData\Local\Temp\dxmeuvvk.dll",b

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

"RtHDVCpl"=RtHDVCpl.exe

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

"Persistence"=C:\Windows\system32\igfxpers.exe

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

"IgfxTray"=C:\Windows\system32\igfxtray.exe

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

bthsvcs BthServ

WindowsMobile wcescomm rapimgr

LocalServiceRestricted WcesComm RapiMgr

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

AutoRun\command- G:\Autorun\Autorun.exe

 

*Newly Created Service* - CATCHME

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

 

 

 

-- Hosts -----------------------------------------------------------------------

 

127.0.0.1 007guard.com

127.0.0.1 www.007guard.com

127.0.0.1 008i.com

127.0.0.1 008k.com

127.0.0.1 www.008k.com

127.0.0.1 00hq.com

127.0.0.1 www.00hq.com

127.0.0.1 010402.com

127.0.0.1 032439.com

127.0.0.1 www.032439.com

 

7517 more entries in hosts file.

 

 

-- End of Deckard's System Scanner: finished at 2007-11-23 18:44:44 ------------

 

 

 

et j'ai l'extra :

 

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft® Windows Vista™ Édition Familiale Premium (build 6000)

Architecture: X86; Language: French

 

CPU 0: Intel® Core2 Duo CPU T7250 @ 2.00GHz

Percentage of Memory in Use: 46%

Physical Memory (total/avail): 2037.81 MiB / 1083.22 MiB

Pagefile Memory (total/avail): 4293.68 MiB / 3005.5 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1891.89 MiB

 

C: is Fixed (NTFS) - 140.07 GiB total, 103.28 GiB free.

D: is Removable (No Media)

E: is Removable (No Media)

F: is CDROM (No Media)

G: is Fixed (FAT32) - 149.01 GiB total, 46.16 GiB free.

 

\\.\PHYSICALDRIVE1 - MemoryStick0 Device

 

\\.\PHYSICALDRIVE2 - SD1 Device

 

\\.\PHYSICALDRIVE0 - ST9160821AS ATA Device - 149.05 GiB - 2 partitions

\PARTITION0 - Unknown - 8.98 GiB

\PARTITION1 (bootable) - Système de fichiers installable - 140.07 GiB - C:

 

\\.\PHYSICALDRIVE3 - WDC WD16 00BEVE-11UYT0 USB Device - 149.05 GiB - 1 partition

\PARTITION0 (bootable) - Unknown - 149.05 GiB - G:

 

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

 

AV: avast! antivirus 4.7.1043 [VPS 071122-0] v4.7.1043 (ALWIL Software)

AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Disabled

AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.)

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Roger\AppData\Roaming

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=VAIO-DE-ROGER

ComSpec=C:\Windows\system32\cmd.exe

configsetroot=C:\Windows\ConfigSetRoot

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\Roger

LOCALAPPDATA=C:\Users\Roger\AppData\Local

LOGONSERVER=\\VAIO-DE-ROGER

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\PROGRA~1\COMMON~1\Odbc\FILEMA~1;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0f0d

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\Roger\AppData\Local\Temp

TMP=C:\Users\Roger\AppData\Local\Temp

USERDOMAIN=Vaio-de-Roger

USERNAME=Roger

USERPROFILE=C:\Users\Roger

windir=C:\Windows

 

 

-- User Profiles ---------------------------------------------------------------

 

Roger (admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

-->

-->

-->

-->

-->

--> C:\Program Files\InstallShield Installation Information\{AFBA0609-EB70-43CB-B11C-294EDADFA101}\setup.exe -runfromtemp -l0x040c -removeonly

--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}

--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}

--> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}

--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}

--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}

--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{638BAD93-701B-482A-86C6-72DFF3E6FE51}\setup.exe" -l0x9 -removeonly

Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

Adobe Acrobat 8 Standard - English, Français, Deutsch --> msiexec /I {AC76BA86-1033-F400-BA7E-000000000003}

Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}

Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}

Adobe Reader 8.1.0 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}

Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

ArcSoft Magic-i Visual Effects Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}\Setup.exe" -l0x40c

Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Atlantis - Sky Patrol --> C:\Big Fish Games\Atlantis - Sky Patrol\Uninstall.exe

µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup

Big Fish Games Sudoku --> C:\Big Fish Games\sudoku\Uninstall.exe

Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}

Browser Address Error Redirector --> regsvr32 /u /s "C:\PROGRA~1\GOOGLE~1\BAE.dll"

CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"

Centre de Big Fish Games --> C:\Big Fish Games\Uninstall.exe

Click to DVD 2.0.05 Menu Data --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x40c -removeonly

Click to DVD 2.6.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x40c -removeonly

Comptabilité --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93A837CB-5919-4BBA-B1AE-2E42F0E00794}\setup.exe" -l0x40c

DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

FileMaker Pro 6 --> MsiExec.exe /I{58EDAD68-7839-42D8-A6AD-854A9ECB8224}

Gadwin PrintScreen --> C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe

GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}

Gestionnaire pour appareils Windows Mobile --> MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

HDAUDIO SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRXz.inf

HijackThis 2.0.2 --> "C:\Users\Roger\Downloads\HijackThis.exe" /uninstall

HouseCall 6.6 --> "C:\Users\Roger\AppData\Roaming\HouseCall 6.6\uninstaller.exe"

Instant Mode --> C:\Program Files\InstallShield Installation Information\{E6707034-D7A4-49B1-94D0-F5AACE46F06C}\setup.exe -runfromtemp -l0x0009 -removeonly

Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall

iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}

IZArc 3.81 --> "C:\Program Files\IZArc\unins000.exe"

Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Lecteur CANALPLAY 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\setup.exe" -l0x40c -removeonly

Mahjong Towers Eternity --> C:\Big Fish Games\Mahjong Towers Eternity\Uninstall.exe

Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Groove MUI (French) 2007 --> MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office OneNote MUI (French) 2007 --> MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Works --> MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}

Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile --> MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144}

Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

Mystery Case Files - Prime Suspects --> C:\Big Fish Games\Mystery Case Files - Prime Suspects\Uninstall.exe

Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}

OpenMG Limited Patch 4.7-07-15-19-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-15-19-01\HotFixSetup\setup.exe /u

OpenMG Secure Module 4.7.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL

Outil de restauration de données VAIO --> C:\Program Files\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exe -runfromtemp -l0x040c -removeonly

Outil VAIO Media Registration 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x40c UNINSTALL -removeonly

Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"

QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly

Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly

Roxio Easy Media Creator Home --> MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}

Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}

Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}

Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}

Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}

Serveur Sage NT --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8182555-1C54-498D-8F5F-48F3955178E6}\setup.exe" -l0x40c

Setting Utility Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe" -l0x40c -removeonly

Skype 3.2 --> "C:\Program Files\Skype\Phone\unins000.exe"

Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}

SonicStage Mastering Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6332AFF1-9D9A-429C-AA03-F82749FA4F49}\setup.exe" -l0x40c -removeonly

SonicStage Mastering Studio Audio Filter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}\setup.exe" -l0x40c -removeonly

SonicStage Mastering Studio Audio Filter Custom Preset --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC37A846-53AC-4DA7-98FA-76A4E74AA900}\setup.exe" -l0x40c -removeonly

SonicStage Mastering Studio Plugins --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}\setup.exe" -l0x40c -removeonly

Sony Video Shared Library --> C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe -runfromtemp -l0x040c -removeonly

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}

Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}

Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}

Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}

Update for Outlook 2007 Junk Email Filter (kb943559) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2BE2B020-CE6A-4AD1-8291-2B881CF923B6}

Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}

VAIO Aqua Breeze Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97BCD719-6ECB-458F-97D6-F38D2E07375E}\setup.exe" -l0x9 -removeonly

VAIO Camera Capture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D2576EC-A0E9-418A-A09A-409933A3B6F4}\setup.exe" -l0x40c -removeonly

VAIO Content Folder Setting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23825B69-36DF-4DAD-9CFD-118D11D80F16}\setup.exe" -l0x40c -removeonly

VAIO Content Importer / VAIO Content Exporter --> C:\Program Files\InstallShield Installation Information\{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}\setup.exe -runfromtemp -l0x040c -removeonly

VAIO Content Metadata Intelligent Analyzing Manager --> C:\Program Files\InstallShield Installation Information\{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}\setup.exe -runfromtemp -l0x040c -removeonly

VAIO Content Metadata Manager Setting --> C:\Program Files\InstallShield Installation Information\{69351E9E-23ED-41D5-B146-EDBF83C63B66}\setup.exe -runfromtemp -l0x040c -removeonly

VAIO Content Metadata XML Interface Library --> C:\Program Files\InstallShield Installation Information\{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}\setup.exe -runfromtemp -l0x040c -removeonly

VAIO Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -l0x40c -removeonly

VAIO Cozy Orange Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}\setup.exe" -l0x9 -removeonly

VAIO Entertainment Platform --> C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe -runfromtemp -l0x040c -removeonly

VAIO Event Service --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x40c -removeonly

VAIO Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}\setup.exe" -l0x40c -removeonly

VAIO Long Battery Life Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}\setup.exe" -l0x9 -removeonly

VAIO Media 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x40c UNINSTALL -removeonly

VAIO Media AC3 Decoder 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x40c UNINSTALL

VAIO Media Content Collection 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{500162A0-4DD5-460A-BAFD-895AAE48C532}\setup.exe" -l0x40c UNINSTALL -removeonly

VAIO Media Integrated Server 6.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x40c UNINSTALL -removeonly

VAIO Media Redistribution 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x40c UNINSTALL -removeonly

VAIO Movie Story --> C:\Program Files\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe -runfromtemp -l0x040c -removeonly

VAIO Movie Story Template Data --> C:\Program Files\InstallShield Installation Information\{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}\setup.exe -runfromtemp -l0x040c -removeonly

VAIO MusicBox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4EA55D20-27FB-45D7-8726-147E8A5F6C62}\setup.exe" -l0x40c -removeonly

VAIO MusicBox Sample Music --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98FC7A64-774B-49B5-B046-4B4EBC053FA9}\setup.exe" -l0x40c -removeonly

VAIO Original Function Setting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe" -l0x40c -removeonly

VAIO Original Screen Saver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\Setup.exe" -l0x40c

VAIO Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{802889F8-6AF5-45A5-9764-CA5B999E50FC}\setup.exe" -l0x40c -removeonly

VAIO Tender Green Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934A3213-1CB6-4264-84A2-EE080C017BCA}\setup.exe" -l0x9 -removeonly

VAIO Update 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x40c -removeonly

VAIO Xblack Contents -->

Virtual Villagers --> C:\Big Fish Games\Virtual Villagers\Uninstall.exe

Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

WinDVD for VAIO --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x040c

Wireless Switch Setting Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\setup.exe" -l0x40c -removeonly

Yahoo! Install Manager --> C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Yahoo! Toolbar avec bloqueur de fenêtres pop-up --> C:\PROGRA~1\Yahoo!\Common\unyt.exe

 

 

-- Application Event Log -------------------------------------------------------

 

Event Record #/Type5829 / Success

Event Submitted/Written: 11/23/2007 02:54:41 PM

Event ID/Source: 12001 / usnjsvc

Event Description:

The Messenger Sharing USN Journal Reader service started successfully.

 

Event Record #/Type5826 / Warning

Event Submitted/Written: 11/23/2007 02:11:54 PM

Event ID/Source: 3036 / Windows Search Service

Event Description:

La source de contenu <mapi://{s-1-5-21-3136176734-2097662771-2445549310-1000}/> est inaccessible.

 

Contexte : Application Windows, Catalogue SystemIndex

 

Détails :

Une erreur s'est produite sur le serveur. Vérifiez que le serveur est disponible. (0x80041206)

 

Event Record #/Type5817 / Error

Event Submitted/Written: 11/23/2007 00:25:58 PM

Event ID/Source: 5007 / WerSvc

Event Description:

Impossible d’analyser le fichier cible de la plateforme de signalement de problèmes Windows (fichier DLL contenant la liste des problèmes de l’ordinateur et nécessitant la collecte de données supplémentaires à des fins de diagnostic). Le code d’erreur était : 8014FFF9.

 

Event Record #/Type5811 / Success

Event Submitted/Written: 11/23/2007 00:25:09 PM

Event ID/Source: 5617 / WinMgmt

Event Description:

 

 

Event Record #/Type5808 / Error

Event Submitted/Written: 11/23/2007 00:25:07 PM

Event ID/Source: 7 / VzCdbSvc

Event Description:

Échec de chargement du module d'extension. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Code d'erreur = 0x80042019)

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type7084 / Error

Event Submitted/Written: 11/23/2007 06:05:19 PM

Event ID/Source: 10010 / DCOM

Event Description:

{0002DF01-0000-0000-C000-000000000046}

 

Event Record #/Type7080 / Warning

Event Submitted/Written: 11/23/2007 02:06:59 PM

Event ID/Source: 4 / Client Side Rendering Spooler

Event Description:

Le spouleur d’impression n’a pas pu rouvrir une connexion d’imprimante existante car il n’a pas pu lire les informations de configuration dans la clé de Registre S-1-5-18\Printers\Connections. Le spouleur d’impression n’a pas pu ouvrir la clé de Registre. Ceci peut se produire si la clé de Registre est endommagée ou absente, ou si le Registre est momentanément indisponible.

 

Event Record #/Type7079 / Warning

Event Submitted/Written: 11/23/2007 02:06:59 PM

Event ID/Source: 4 / Client Side Rendering Spooler

Event Description:

Le spouleur d’impression n’a pas pu rouvrir une connexion d’imprimante existante car il n’a pas pu lire les informations de configuration dans la clé de Registre S-1-5-18\Printers\Connections. Le spouleur d’impression n’a pas pu ouvrir la clé de Registre. Ceci peut se produire si la clé de Registre est endommagée ou absente, ou si le Registre est momentanément indisponible.

 

Event Record #/Type7051 / Warning

Event Submitted/Written: 11/23/2007 00:25:36 PM

Event ID/Source: 3004 / WinDefend

Event Description:

L’agent de protection en temps réel %AUTORITE NT27 a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. %AUTORITE NT27 ne peut pas annuler les modifications que vous autorisez.

 

Pour plus d’informations, consultez les données suivantes :

%AUTORITE NT275

 

ID d’analyse : {7242286F-6C0C-4E3F-9423-798430F821DB}

 

Utilisateur : AUTORITE NT\SYSTEM

 

Nom : %AUTORITE NT271

 

ID : %AUTORITE NT272

 

ID de gravité : %AUTORITE NT273

 

ID de catégorie : %AUTORITE NT274

 

Chemin d’accès trouvé : %AUTORITE NT276

 

Type d’alerte : %AUTORITE NT278

 

Type de détection : 1.1.1505.02

 

Event Record #/Type7049 / Warning

Event Submitted/Written: 11/23/2007 00:25:35 PM

Event ID/Source: 1003 / Dhcp

Event Description:

Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001B77BE2EF3. Il s'est produit l'erreur suivante :

%%1223. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP).

 

 

 

-- End of Deckard's System Scanner: finished at 2007-11-23 18:44:44 ------------

 

 

 

Si ca te parle...

[Thanos]

salut Rogerval

 

Je ne t'oublie pas! je repasse pour te poster une procédure

[Rogerval]

salut Rogerval

 

Je ne t'oublie pas! je repasse pour te poster une procédure

 

 

Merci... vraiment super de t'avoir à mes cotés dans ce moment délicat.

[Thanos]

salut

 

La suite des manips avec l'UAC toujours désactivé >

 

1) Faire un clic sur le logo vista (Orbe) > Tous les programmes > Invite de commandes >

 

dans la boite de dialogue qui s'ouvre, copie/colle les instructions en gras:

sc stop DomainService => clique sur [entrée] Un message t'avertis du succès de l'opération

puis

sc delete DomainService=> clique sur [entrée]

 

Quitte l'invite de commandes.

 

2) Démarre Hijackthis,clique sur "Do a system scan only", et coche les lignes suivantes :

O2 - BHO: (no name) - {0BE8F526-8E56-4C66-9755-6FD3986EA374} - C:\Users\Roger\AppData\Local\Temp\hggfc.dll

O2 - BHO: {82dc8660-e59c-97f9-dec4-22f6d949c4c8} - {8c4c949d-6f22-4ced-9f79-c95e0668cd28} - C:\Windows\system32\qakghjuk.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\Windows\system32\gmdqcctp.dll

O2 - BHO: (no name) - {DD1A34F1-B8D4-4A0F-89FA-49B9073BF4F4} - C:\Users\Roger\AppData\Local\Temp\hggfc.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\Windows\system32\gmdqcctp.dll

 

O4 - HKLM\..\Run: [42efb70d] rundll32.exe "C:\Windows\system32\pgnjkwaw.dll",b

 

O20 - AppInit_DLLs: C:\Windows\system32\__c00EE4FE.dat

O20 - Winlogon Notify: gmdqcctp - C:\Windows\SYSTEM32\gmdqcctp.dll

-Ferme tous les programmes et clique sur "Fix Checked"

 

3) Stp rend toi sur cette page afin de télécharger le fichier rem.reg sur ton bureau > http://www.sendspace.com/file/ooalxx

pour cela, clique sur le lien en bas de page > Download Link: rem.reg

Double clique dessus afin de l'exécuter > tu vas reçevoir un message te demandant si tu acceptes la fusion avec le registre : accepte.

 

4) Stp rend toi sur cette page afin de télécharger le fichier vundofix.vft > http://www.sendspace.com/file/8qmfu2

pour cela, clique sur le lien en bas de page > Download Link: vundofix.vft > Télécharge le sur ton bureau.

• Ferme tous les programmes ouverts.
  
• Double-clique sur le fichier VundoFix.exe pour l'ouvrir
  
• Fais un glisser/déposer du fichier vundofix.vft dans la fenêtre blanche de VundoFix
  
• Clique ensuite sur le bouton "Remove Vundo"
  
• Tu vas reçevoir un message te demandant si tu veux éliminer les fichiers: clique sur Yes
  
• Une fois ceci fait, ton bureau va disparaitre le temps que VundoFix fasse son travail
  
• Une fois le scan terminé, tu reçevras un message te disant que le pc va redémarrer: clique sur OK
  
• Poste le contenu du fichier C:\vundofix.txt ainsi que le rapport d'un nouveau scan avec Deckard's System Scanner.
  

Courage

Modifié le 24 novembre 2007 par charles ingals

[Rogerval]

je crois que c'est un peu l'hallu !!!

 

Ceux là ne sont pas dans Hijack :

 

O2 - BHO: {82dc8660-e59c-97f9-dec4-22f6d949c4c8} - {8c4c949d-6f22-4ced-9f79-c95e0668cd28} - C:\Windows\system32\qakghjuk.dll

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\Windows\system32\gmdqcctp.dll

 

 

Ceux là reviennent meme quand je les supprime :

O2 - BHO: (no name) - {0BE8F526-8E56-4C66-9755-6FD3986EA374} - C:\Users\Roger\AppData\Local\Temp\hggfc.dll

O2 - BHO: (no name) - {DD1A34F1-B8D4-4A0F-89FA-49B9073BF4F4} - C:\Users\Roger\AppData\Local\Temp\hggfc.dll

 

voici Vundo :

 

 

VundoFix V6.6.2

 

Checking Java version...

 

Scan started at 10:05:50 22/11/2007

 

Listing files found while scanning....

 

No infected files were found.

 

 

VundoFix V6.6.2

 

Checking Java version...

 

Scan started at 12:12:17 23/11/2007

 

Listing files found while scanning....

 

C:\windows\System32\__c00EE4FE.dat

C:\windows\System32\cxkclohv.dll

C:\Windows\system32\gmdqcctp.dll

C:\windows\System32\gmdqcctp.dllbox

C:\windows\System32\voddmnxr.dll

 

Beginning removal...

 

Beginning removal...

 

 

Voici Main de DSS :

 

Deckard's System Scanner v20071014.68

Run by Roger on 2007-11-24 09:02:36

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

 

 

-- HijackThis (run as Roger.exe) -----------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:02:45, on 24/11/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Windows\system32\rundll32.exe

C:\Users\Roger\Desktop\dss.exe

C:\Windows\system32\conime.exe

C:\Users\Roger\DOWNLO~1\Roger.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...esame/login.jsp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2DD894E6-08B8-458F-BF88-1C4A9C47CDC9} - C:\Users\Roger\AppData\Local\Temp\hggfc.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A3D00EE5-3E91-423D-931C-C72620BC2DEB} - C:\Users\Roger\AppData\Local\Temp\hggfc.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk.disabled

O4 - Global Startup: Adobe Reader Synchronizer.lnk.disabled

O4 - Global Startup: Bluetooth Manager.lnk.disabled

O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk.disabled

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: *.canalplay.com

O15 - Trusted Zone: *.canalplusactive.com

O15 - Trusted Zone: *.canalplay.com (HKLM)

O15 - Trusted Zone: *.canalplusactive.com (HKLM)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\system32\__c00EE4FE.dat

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe

O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 11723 bytes

 

-- Files created between 2007-10-24 and 2007-11-24 -----------------------------

 

2007-11-23 16:49:19 0 d-------- C:\Program Files\Gadwin Systems

2007-11-23 14:09:58 0 d-------- C:\Program Files\Navilog1

2007-11-23 12:22:04 24576 --a------ C:\Windows\system32\VundoFixSVC.exe <Not Verified; Atribune.org; Vundofix Service>

2007-11-23 11:51:58 85056 --a------ C:\Windows\system32\pgnjkwaw.dll

2007-11-23 11:51:56 83520 --a------ C:\Windows\system32\qakghjuk.dll

2007-11-23 11:49:18 4672 --a------ C:\Windows\system32\irlcpiwk.exe

2007-11-23 11:49:17 145984 --a------ C:\Windows\system32\gmdqcctp.dll

2007-11-23 11:48:56 145984 --a------ C:\Windows\system32\cxkclohv.dll

2007-11-23 11:46:16 10816 --a------ C:\Windows\system32\__c00EE4FE.dat

2007-11-23 11:46:15 10816 --a------ C:\Windows\system32\voddmnxr.dll

2007-11-23 11:46:14 71232 --a------ C:\Windows\system32\tgrollhk.exe <Not Verified; ; DDC>

2007-11-22 18:48:57 0 d-------- C:\Windows\Sun

2007-11-22 16:56:51 12 --a------ C:\Windows\bthservsdp.dat

2007-11-22 12:39:06 0 d-------- C:\Program Files\IZArc

2007-11-22 10:31:18 0 --a------ C:\Windows\nsreg.dat

2007-11-22 10:05:49 0 d-------- C:\VundoFix Backups

2007-11-22 09:44:33 0 d-------- C:\Program Files\Yahoo!

2007-11-22 09:44:23 0 d-------- C:\Program Files\CCleaner

2007-11-21 18:49:08 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2007-11-21 18:28:51 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller

2007-11-21 18:28:17 0 d-------- C:\Program Files\Windows Live

2007-11-21 16:52:11 0 d-------- C:\Program Files\iPod

2007-11-21 16:49:32 0 d-------- C:\Program Files\QuickTime

2007-11-21 16:48:32 0 d-------- C:\Program Files\Apple Software Update

2007-11-21 16:47:35 0 d-------- C:\Program Files\Common Files\Apple

2007-11-21 16:36:01 0 d-------- C:\Program Files\iTunes

2007-11-21 11:43:56 0 d-------- C:\Windows\PCHEALTH

2007-11-21 11:43:56 0 d-------- C:\Program Files\Microsoft.NET

2007-11-21 11:38:40 0 d-------- C:\Program Files\Microsoft Visual Studio 8

2007-11-21 11:34:39 0 dr-h----- C:\MSOCache

2007-11-21 11:22:27 36352 --a------ C:\Windows\system32\awtqpml.dll

2007-11-21 11:20:13 0 d-------- C:\Program Files\uTorrent

2007-10-29 09:48:42 0 d-------- C:\Program Files\Common Files\Odbc

2007-10-29 09:48:29 0 d-------- C:\Program Files\FileMaker

2007-10-25 17:46:46 0 d-------- C:\Program Files\Alwil Software

2007-10-25 17:42:05 0 d-------- C:\Program Files\Common Files\Macrovision Shared

2007-10-25 17:34:22 0 d--hs---- C:\Windows\ftpcache

2007-10-25 17:10:25 86016 --a------ C:\Windows\system32\cbasepipe.dll <Not Verified; Sage; CBase>

2007-10-25 16:47:44 90112 --a------ C:\Windows\system32\cbasetcp.dll <Not Verified; Sage; CBase>

2007-10-25 16:47:40 696320 --a------ C:\Windows\system32\CBTCP32.dll <Not Verified; Sage; CBase>

2007-10-25 16:47:40 696320 --a------ C:\Windows\system32\CBNpip32.dll <Not Verified; Sage; CBase>

2007-10-25 16:47:40 651264 --a------ C:\Windows\system32\CBloc32.dll <Not Verified; Sage; CBase>

2007-10-25 16:47:40 696320 --a------ C:\Windows\system32\cbase32.dll <Not Verified; Sage; CBase>

2007-10-25 16:43:46 1966080 --a------ C:\Windows\system32\cdintf251.dll <Not Verified; Amyuni Technologies

http://www.amyuni.com; Amyuni Common Driver Interface>

2007-10-25 16:43:42 536576 --a------ C:\Windows\system32\SAGEPERS.DLL

2007-10-25 16:43:42 274432 --a------ C:\Windows\system32\crun500.dll <Not Verified; Compagnie Internationale d'Edition de Logiciel; CRun Dynamic Link Library>

2007-10-25 16:43:42 0 d-------- C:\Program Files\Maestria

2007-10-25 16:43:41 86016 --a------ C:\Windows\system32\mlcorert.dll <Not Verified; Sage; Sage runtime librairie>

2007-10-25 16:43:41 0 d-------- C:\Program Files\Common Files\SAGE

2007-10-25 16:43:40 278528 --a------ C:\Windows\system32\cbaselocal.dll <Not Verified; Sage; CBase>

2007-10-25 16:43:38 606208 --a------ C:\Windows\system32\cbaseintf.dll <Not Verified; Sage; CBase>

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Voisinage réseau

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Voisinage d'impression

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\SendTo

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Recent

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Modèles

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Mes documents

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Menu Démarrer

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Local Settings

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Cookies

2007-10-25 09:31:07 0 d--hs---- C:\Users\Roger\Application Data

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Videos

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Searches

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Saved Games

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Pictures

2007-10-25 09:30:48 3145728 --ahs---- C:\Users\Roger\NTUSER.DAT

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Music

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Links

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Favorites

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Downloads

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Documents

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Desktop

2007-10-25 09:30:48 0 dr------- C:\Users\Roger\Contacts

2007-10-25 09:30:48 0 d--h----- C:\Users\Roger\AppData

2007-10-25 09:25:12 0 d-------- C:\Windows\SoftwareDistribution

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-11-24 08:57:12 693588 --a------ C:\Windows\system32\perfh00C.dat

2007-11-24 08:57:12 118450 --a------ C:\Windows\system32\perfc00C.dat

2007-11-24 08:43:02 0 d-------- C:\Users\Roger\AppData\Roaming\Skype

2007-11-23 11:49:12 0 d-------- C:\Users\Roger\AppData\Roaming\uTorrent

2007-11-22 20:07:35 0 d-------- C:\Users\Roger\AppData\Roaming\HouseCall 6.6

2007-11-22 18:13:50 0 d-------- C:\Users\Roger\AppData\Roaming\Leadertech

2007-11-21 18:28:51 0 d-------- C:\Program Files\Common Files

2007-11-21 16:52:39 0 d-------- C:\Users\Roger\AppData\Roaming\Apple Computer

2007-11-21 15:45:09 0 d-------- C:\Users\Roger\AppData\Roaming\AdwareAlert

2007-11-21 15:10:30 0 d-------- C:\Users\Roger\AppData\Roaming\FileMaker

2007-11-21 11:48:01 0 d-------- C:\Program Files\Microsoft Works

2007-11-21 11:47:37 0 d-------- C:\Program Files\MSBuild

2007-11-21 11:18:42 0 d-------- C:\Users\Roger\AppData\Roaming\Mozilla

2007-11-14 18:37:38 0 d-------- C:\Program Files\Windows Mail

2007-11-14 16:29:20 0 d-------- C:\Users\Roger\AppData\Roaming\Sage

2007-11-05 12:03:59 0 d-------- C:\Program Files\Java

2007-10-29 10:01:19 0 d-------- C:\Program Files\Google

2007-10-29 09:58:17 0 d-------- C:\Program Files\Norton Save and Restore

2007-10-29 09:58:14 0 d-------- C:\Program Files\Common Files\Symantec Shared

2007-10-29 09:54:13 0 d-------- C:\Program Files\DivX

2007-10-26 18:58:58 174 --ahs---- C:\Program Files\desktop.ini

2007-10-26 18:56:55 0 d-------- C:\Program Files\Windows Calendar

2007-10-26 12:17:01 0 d-------- C:\Users\Roger\AppData\Roaming\DivX

2007-10-25 17:45:07 0 d-------- C:\Users\Roger\AppData\Roaming\Google

2007-10-25 17:42:53 0 d-------- C:\Users\Roger\AppData\Roaming\Adobe

2007-10-25 17:38:28 0 d-------- C:\Program Files\Common Files\Adobe

2007-10-25 17:30:45 0 d-------- C:\Users\Roger\AppData\Roaming\Macromedia

2007-10-25 16:47:37 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-10-25 16:09:15 0 d-------- C:\Users\Roger\AppData\Roaming\Sony Corporation

2007-10-25 15:06:10 0 d-------- C:\Users\Roger\AppData\Roaming\temp

2007-10-25 13:38:02 0 d-------- C:\Program Files\Lecteur CANALPLAY

2007-09-17 19:23:00 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>

2007-09-17 19:23:00 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>

2007-09-17 19:22:58 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>

2007-09-17 19:22:58 739840 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>

2007-08-24 18:08:24 1275392 --a------ C:\Windows\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP 2>

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2DD894E6-08B8-458F-BF88-1C4A9C47CDC9}]

21/11/2007 11:27 315488 --a------ C:\Users\Roger\AppData\Local\Temp\hggfc.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3D00EE5-3E91-423D-931C-C72620BC2DEB}]

21/11/2007 11:27 315488 --a------ C:\Users\Roger\AppData\Local\Temp\hggfc.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 11:34]

"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [20/08/2007 09:42]

 

C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 - Capture d'‚cran et lancement.lnk.disabled [22/11/2007 17:11:32]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader Synchronizer.lnk.disabled [25/10/2007 17:40:43]

Bluetooth Manager.lnk.disabled [25/10/2007 09:33:54]

Lancement rapide d'Adobe Acrobat.lnk.disabled [22/11/2007 17:48:02]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

"EnableLUA"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

VESWinlogon.dll 24/07/2007 18:26 98304 C:\Windows\System32\VESWinlogon.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\Windows\system32\__c00EE4FE.dat

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\Users\Roger\AppData\Local\Temp\hggfc.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

"RtHDVCpl"=RtHDVCpl.exe

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime

"Persistence"=C:\Windows\system32\igfxpers.exe

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

"IgfxTray"=C:\Windows\system32\igfxtray.exe

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

bthsvcs BthServ

WindowsMobile wcescomm rapimgr

LocalServiceRestricted WcesComm RapiMgr

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

AutoRun\command- G:\Autorun\Autorun.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

 

 

 

-- End of Deckard's System Scanner: finished at 2007-11-24 09:03:09 ------------

 

 

 

Penses tu que je doivent supprimmer à partir de la console de récup... Je suis à 2 doigts de tout reformater !!

[TheGhostRider]

Tout le monde

 

On dirais que ton infection est concentrée dans le répertoire des fichier temporaires , ces lignes qui reviennent sur HijackThis , c'est pas bon . . .

 

Je suis à 2 doigts de tout reformater !!

 

Neunon tu va y arriver te fait pas de bil'

 

Pis va pas risquer un reformatage raté

 

Amitiés ( en esperant que le problème de regerval se resolve , je suis a cours d'idées , mais charles y arrivera )