| Auteur |
Message |
Disquette
Messages: 32
Tutoriaux : 0
|
 Posté le:
Ven 09 Mai 2008 15:55 Sujet : Infection Vundo/Gen sous vista |
   |
Depuis une semaine, je cherche à me débarrasser d'un virus qui me pourris la vie mais sans succès,
je m'en remet donc à vous pour résoudre ce problème.
Voici les 3 rapports demandés :
====EXTRA.TXT====
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Professionnel (build 6000)
Architecture: X86; Language: French
CPU 0: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 2046.69 MiB / 1150.91 MiB
Pagefile Memory (total/avail): 4311.42 MiB / 3128.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.83 MiB
C: is Fixed (NTFS) - 103.44 GiB total, 11.67 GiB free.
D: is CDROM (UDF)
E: is Fixed (NTFS) - 1.55 GiB total, 1.32 GiB free.
F: is Fixed (NTFS) - 6.79 GiB total, 0.76 GiB free.
\\.\PHYSICALDRIVE0 - ST9120823AS ATA Device - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Système de fichiers installable - 103.44 GiB - C:
\PARTITION1 - Système de fichiers installable - 6.79 GiB - F:
\PARTITION2 - Système de fichiers installable - 1589 MiB - E:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
AV: Avira AntiVir PersonalEdition v8.0.1.15 (Avira GmbH) Disabled
AS: Avira AntiVir PersonalEdition v 7.0.2.208
(Avira GmbH)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authori
zedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Autho
rizedApplications\List]
"C:\\Program Files\\xchat\\xchat.exe"="C:\\Program
Files\\xchat\\xchat.exe:*:Enabled:XChat IRC Client"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Fleur_2\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-DE-FLEUR
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Fleur_2
LOCALAPPDATA=C:\Users\Fleur_2\AppData\Local
LOGONSERVER=\\PC-DE-FLEUR
NUMBER_OF_PROCESSORS=2
OnlineServices=Services en ligne
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;c:\Program Files\Common Files\Roxio
Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common
Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Hewlett-Packard\IAM\bin;C:\Program Files\ATI
Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PLATFORM=BNB
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Fleur_2\AppData\Local\Temp
TMP=C:\Users\Fleur_2\AppData\Local\Temp
USERDOMAIN=PC-de-Fleur
USERNAME=Fleur_2
USERPROFILE=C:\Users\Fleur_2
windir=C:\Windows
-- User Profiles ---------------------------------------------------------------
Fleur
Fleur_2 (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\InstallShield Installation
Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1}
--> MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package
{91120000-002E-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Audition 3.0 --> msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Creative Suite 3 Design Premium --> MsiExec.exe /I{B1EF7B00-8FCC-4209-BFB6-37C50B354B2A}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
-uninstallDelete
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}
Adobe InDesign CS3 --> MsiExec.exe /I{FE8327F9-3AC1-4586-8C7E-3DEE2BC92441}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{9D3F3D5A-BE6D-48C4-B51E-E2D6753ABCDE}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Ajouter ou supprimer Adobe Creative Suite 3 Design Premium --> C:\Program Files\Common
Files\Adobe\Installers\e79070e1ef25043cbd93191267ecaf0\Setup.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Application Installer 4.00.B14 --> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE"
-l0x40c
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition
Classic\SETUP.EXE /REMOVE
BIOS Configuration for HP ProtectTools --> MsiExec.exe /X{617093CF-0B62-4B8B-87D0-DB8FD2A5156B}
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom
802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo"
/rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Catalyst Control Center - Branding --> MsiExec.exe /I{3F93B2BA-18EC-462B-9ACD-396599353EE1}
CloneCD --> "C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program
Files\SlySoft\CloneCD"
Counter-Strike Source LAN Edition --> C:\Windows\Counter-Strike Source LAN Edition
Uninstaller.exe
Credential Manager for HP ProtectTools --> MsiExec.exe /X{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}
Device Access Manager for HP ProtectTools --> MsiExec.exe
/X{55B52830-024A-443E-AF61-61E1E71AFA1B}
Drive Encryption for HP ProtectTools --> MsiExec.exe /X{F843AC27-704C-4731-A590-F57841B488F2}
EasyPHP 2.0b1 --> "C:\Program Files\EasyPHP 2.0b1\unins000.exe"
Embedded Security for HP ProtectTools --> MsiExec.exe /I{F42CF6B5-8594-4D3A-B96F-30FD3BC1AAA5}
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Enhancement Browser Tools Cpmsky -->
C:\Windows\system32\{44f00d87-075f-3c00-e668-c53da1bb2fbc}.dll-uninst.exe
ESU for Microsoft Vista --> MsiExec.exe /I{35843988-D0A7-47AB-8B5E-C3C1D3665500}
Extension de Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe
/X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
FileZilla Client 3.0.4.1 --> C:\Program Files\FileZilla Client\uninstall.exe
Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Hewlett-Packard Active Check for Health Check --> MsiExec.exe
/X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check --> MsiExec.exe
/X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
/uninstall
HP 3D DriveGuard --> MsiExec.exe /X{BD1D7389-B876-47FF-8E81-BFC20DA868AA}
HP Active Support Library --> C:\Program Files\InstallShield Installation
Information\{48903BD9-1C48-47BF-85CB-ED7514823992}\setup.exe -runfromtemp -l0x0409
HP Active Support Library 32 bit components --> MsiExec.exe
/I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Broadband Wireless Modules --> MsiExec.exe /X{773D6C77-4A5A-45C4-B4DE-3B6DAB4785BC}
HP Customer Experience Enhancements --> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe"
-l0x9 -removeonly
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Core --> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe"
-l0x9
HP Easy Setup - Frontend --> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation Information\{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}\setup.exe"
-l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{584B0895-8EF3-4175-8E80-1B68BFA04636}
HP Integrated Module with Bluetooth wireless technology 6.0.1.4900 --> MsiExec.exe
/X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP MULTIPLE MODEM INSTALLER for VISTA --> MsiExec.exe /I{45A136EC-88BF-4B95-99F5-C45D3930E1CC}
HP MULTIPLE WLAN INSTALLER for VISTA --> MsiExec.exe /I{2DC9E3BC-441B-4481-B26F-4A3D85808298}
HP Notebook Accessories Product Tour --> MsiExec.exe /I{521F72F4-FFE4-4959-AA88-EED06125211F}
HP Performance Tuning Framework --> MsiExec.exe /I{689B2B65-C250-4D8B-8C88-878728DDA578}
HP ProtectTools Security Manager --> MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.40 B2 --> C:\Program Files\InstallShield Installation
Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x040c -removeonly
uninst
HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HP User Guides 0061 --> MsiExec.exe /I{ADA35685-E6DC-42F2-807E-312AD0D18AA6}
HP Wireless Assistant --> MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HP WWAN Setup Utility --> MsiExec.exe /X{8F67CD1C-DF0B-400D-B611-A01A7C8D46B5}
Installation de HP Backup & Recovery Manager --> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe"
-l0x40c -uninst -removeonly
Intel(R) Network Connections Drivers --> Prounstl.exe
InterVideo DVD Check --> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe"
REMOVEALL
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation
Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 3.5.3 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Menus intelligents (Windows Live Toolbar) --> MsiExec.exe
/X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 French Language Pack --> MsiExec.exe
/X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB929729) -->
"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe"
"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Office Access MUI (French) 2007 --> MsiExec.exe
/X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe
/X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007 --> MsiExec.exe
/X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe
/X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1) --> msiexec /package
{90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007 --> MsiExec.exe
/X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe
/X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe
/X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe
/X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe
/X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Ultimate 2007 --> "C:\Program Files\Common Files\Microsoft
Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007 --> MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe
/I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe
/X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista --> MsiExec.exe /I{DCB21DB9-6177-4A7B-B85D-7C081F15A424}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
PDF Complete --> C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RICOH R5C853 Driver Ver.1.00.02 --> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe"
-l0x40c anything
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
SecureW2 TTLS Client 3.3.3 for Windows --> C:\Program Files\SecureW2\SecureW2 TTLS
Client\Uninstall.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package
{91120000-002E-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package
{91120000-002E-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package
{91120000-002E-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package
{91120000-002E-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Soft Data Fax Modem with SmartCP --> C:\Program
Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379z\UIU32m.exe -U -IhpZ1379z.inf
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoundMAX --> C:\Program Files\InstallShield Installation
Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x040c -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search &
Destroy\unins000.exe"
Surligneur (Windows Live Toolbar) --> MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program
Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002E-0000-0000-0000000FF1CE}
/uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package
{91120000-002E-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Vista Default Settings --> MsiExec.exe /I{1EDD7171-AAD9-4CB1-808F-04C66C8E8C48}
Windows Live Favorites pour Windows Live Toolbar --> MsiExec.exe
/X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe"
{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar --> MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Writer --> MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
-- Application Event Log -------------------------------------------------------
Event Record #/Type4782 / Error
Event Submitted/Written: 05/09/2008 03:18:38 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante Acrobat.exe, version 8.0.0.456, horodatage 0x453c8d7f, module défaillant
ntdll.dll, version 6.0.6000.16386, horodatage 0x4549bdc9, code d’exception 0xc0000374,
décalage d’erreur 0x000af1c9,
ID du processus 0x4ac, heure de début de l’application 0xAcrobat.exe0.
Event Record #/Type4781 / Error
Event Submitted/Written: 05/09/2008 03:17:13 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante Acrobat.exe, version 8.0.0.456, horodatage 0x453c8d7f, module défaillant
unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception 0xc0000005, décalage
d’erreur 0x33657079,
ID du processus 0x142c, heure de début de l’application 0xAcrobat.exe0.
Event Record #/Type4780 / Error
Event Submitted/Written: 05/09/2008 03:16:11 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante Acrobat.exe, version 8.0.0.456, horodatage 0x453c8d7f, module défaillant
unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception 0xc0000005, décalage
d’erreur 0x33657079,
ID du processus 0x15c8, heure de début de l’application 0xAcrobat.exe0.
Event Record #/Type4775 / Error
Event Submitted/Written: 05/09/2008 03:01:10 PM
Event ID/Source: 5007 / WerSvc
Event Description:
Impossible d’analyser le fichier cible de la plateforme de signalement de problèmes Windows
(fichier DLL contenant la liste des problèmes de l’ordinateur et nécessitant la collecte de
données supplémentaires à des fins de diagnostic). Le code d’erreur était : 8014FFF9.
Event Record #/Type4772 / Warning
Event Submitted/Written: 05/09/2008 02:57:04 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\Users\Fleur_2\AppData\Local\Temp\hgGvtTkh.dll
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type25074 / Warning
Event Submitted/Written: 05/09/2008 03:20:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
L’agent de protection en temps réel %PC-de-Fleur27 a détecté des modifications. Microsoft vous
recommande d’analyser les logiciels responsables de ces modifications, à la recherche de
risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces
programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur.
N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur
de logiciel. %PC-de-Fleur27 ne peut pas annuler les modifications que vous autorisez.
Pour plus d’informations, consultez les données suivantes :
%PC-de-Fleur275
ID d’analyse : {953D17FC-FE46-4687-A4AC-ADFBB0C369FE}
Utilisateur : PC-de-Fleur\Fleur_2
Nom : %PC-de-Fleur271
ID : %PC-de-Fleur272
ID de gravité : %PC-de-Fleur273
ID de catégorie : %PC-de-Fleur274
Chemin d’accès trouvé : %PC-de-Fleur276
Type d’alerte : %PC-de-Fleur278
Type de détection : 1.1.1505.02
Event Record #/Type25073 / Warning
Event Submitted/Written: 05/09/2008 03:20:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
L’agent de protection en temps réel %PC-de-Fleur27 a détecté des modifications. Microsoft vous
recommande d’analyser les logiciels responsables de ces modifications, à la recherche de
risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces
programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur.
N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur
de logiciel. %PC-de-Fleur27 ne peut pas annuler les modifications que vous autorisez.
Pour plus d’informations, consultez les données suivantes :
%PC-de-Fleur275
ID d’analyse : {DAAF8232-8881-4960-9018-8660CAFD1E53}
Utilisateur : PC-de-Fleur\Fleur_2
Nom : %PC-de-Fleur271
ID : %PC-de-Fleur272
ID de gravité : %PC-de-Fleur273
ID de catégorie : %PC-de-Fleur274
Chemin d’accès trouvé : %PC-de-Fleur276
Type d’alerte : %PC-de-Fleur278
Type de détection : 1.1.1505.02
Event Record #/Type25072 / Warning
Event Submitted/Written: 05/09/2008 03:20:41 PM
Event ID/Source: 3004 / WinDefend
Event Description:
L’agent de protection en temps réel %PC-de-Fleur27 a détecté des modifications. Microsoft vous
recommande d’analyser les logiciels responsables de ces modifications, à la recherche de
risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces
programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur.
N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur
de logiciel. %PC-de-Fleur27 ne peut pas annuler les modifications que vous autorisez.
Pour plus d’informations, consultez les données suivantes :
%PC-de-Fleur275
ID d’analyse : {65C3BD7E-E9F8-4ECB-B634-8AAA70027F07}
Utilisateur : PC-de-Fleur\Fleur_2
Nom : %PC-de-Fleur271
ID : %PC-de-Fleur272
ID de gravité : %PC-de-Fleur273
ID de catégorie : %PC-de-Fleur274
Chemin d’accès trouvé : %PC-de-Fleur276
Type d’alerte : %PC-de-Fleur278
Type de détection : 1.1.1505.02
Event Record #/Type25071 / Warning
Event Submitted/Written: 05/09/2008 03:20:39 PM
Event ID/Source: 3004 / WinDefend
Event Description:
L’agent de protection en temps réel %PC-de-Fleur27 a détecté des modifications. Microsoft vous
recommande d’analyser les logiciels responsables de ces modifications, à la recherche de
risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces
programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur.
N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur
de logiciel. %PC-de-Fleur27 ne peut pas annuler les modifications que vous autorisez.
Pour plus d’informations, consultez les données suivantes :
%PC-de-Fleur275
ID d’analyse : {26B46484-EA5B-4AA1-9302-109195E96BE5}
Utilisateur : PC-de-Fleur\Fleur_2
Nom : %PC-de-Fleur271
ID : %PC-de-Fleur272
ID de gravité : %PC-de-Fleur273
ID de catégorie : %PC-de-Fleur274
Chemin d’accès trouvé : %PC-de-Fleur276
Type d’alerte : %PC-de-Fleur278
Type de détection : 1.1.1505.02
Event Record #/Type25070 / Warning
Event Submitted/Written: 05/09/2008 03:20:39 PM
Event ID/Source: 3004 / WinDefend
Event Description:
L’agent de protection en temps réel %PC-de-Fleur27 a détecté des modifications. Microsoft vous
recommande d’analyser les logiciels responsables de ces modifications, à la recherche de
risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces
programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur.
N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur
de logiciel. %PC-de-Fleur27 ne peut pas annuler les modifications que vous autorisez.
Pour plus d’informations, consultez les données suivantes :
%PC-de-Fleur275
ID d’analyse : {279A665B-26C0-4B03-ADAB-941513F31C6D}
Utilisateur : PC-de-Fleur\Fleur_2
Nom : %PC-de-Fleur271
ID : %PC-de-Fleur272
ID de gravité : %PC-de-Fleur273
ID de catégorie : %PC-de-Fleur274
Chemin d’accès trouvé : %PC-de-Fleur276
Type d’alerte : %PC-de-Fleur278
Type de détection : 1.1.1505.02
-- End of Deckard's System Scanner: finished at 2008-05-09 15:23:13 ------------
==================
====MAIN.TXT====
Deckard's System Scanner v20071014.68
Run by Fleur_2 on 2008-05-09 15:02:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
13: 2008-05-09 12:19:41 UTC - RP216 - Windows Update
12: 2008-05-01 20:57:33 UTC - RP215 - Removed Google Toolbar for Internet Explorer
11: 2008-04-30 15:41:24 UTC - RP214 - Installed Ad-Aware 2007
10: 2008-04-29 21:23:56 UTC - RP213 - Installed Java(TM) 6 Update 5
9: 2008-04-29 21:08:29 UTC - RP212 - Installé Adobe Reader 8.1.2 - Français
-- First Restore Point --
1: 2008-04-21 17:49:20 UTC - RP201 - Windows Update
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 11.67 GiB (less than 15%) free.
-- HijackThis (run as Fleur_2.exe) ---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:11, on 09/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Fleur_2\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Fleur_2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fw
link/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: cpmsky browser optimizer - {2703f130-d037-acc9-eb10-6a96f4398bb9} -
C:\Windows\system32\{44f00d87-075f-3c00-e668-c53da1bb2fbc}.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program
Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program
Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -
C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security
Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless
Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health
Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
/Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat
8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Fleur_2\AppData\Local\Temp\pmnnNfFx.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Fleur_2\AppData\Local\Temp\hgGvtTkh.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User
'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User
'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User
'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft
Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated -
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation -
C:\Windows\system32\AEADISRV.EXE
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH -
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program
Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. -
C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple
Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program
Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Verrouillage des périphériques / Audition HP ProtectTools (FLCDLOCK) -
Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common
Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP
Health Check\hphc_service.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program
Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program
Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG -
C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG -
C:\Windows\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common
Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) -
Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF
Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) -
Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing
Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra
Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 14734 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 SbAlg - c:\windows\system32\drivers\sbalg.sys <Not Verified; SafeBoot N.V.; SafeBoot Security
System>
R1 RsvLock - c:\windows\system32\drivers\rsvlock.sys <Not Verified; SafeBoot International;
SafeBoot Security System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program
files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir
Workstation>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program
files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 HP Health Check Service - "c:\program files\hewlett-packard\hp health
check\hphc_service.exe" <Not Verified; Hewlett-Packard; HP Health Check Service>
R2 HpFkCryptService (Drive Encryption Service) - "c:\program files\hewlett-packard\drive
encryption\hpfkcrypt.exe" <Not Verified; SafeBoot International; HP ProtectTools>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet
publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher
(32 bit)>
S3 Com4Qlb - "c:\program files\hewlett-packard\hp quick launch buttons\com4qlb.exe"
<Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 FLCDLOCK (Verrouillage des périphériques / Audition HP ProtectTools) -
c:\windows\system32\flcdlock.exe <Not Verified; Hewlett-Packard Ltd; Device Access Manager>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not
Verified; MicroVision Development, Inc.; SureThing CD Labeler>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-05-09 14:15:09 422 --ah-----
C:\Windows\Tasks\User_Feed_Synchronization-{8DAB71FA-9C9B-44F4-9C60-7A0412999574}.job
2007-12-07 23:20:27 258 --a------ C:\Windows\Tasks\Vérifier les mises à jour de Windows Live
Toolbar.job
-- Files created between 2008-04-09 and 2008-05-09 -----------------------------
2008-05-09 15:14:08 0 d-------- C:\Program Files\Trend Micro
2008-05-09 14:33:42 0 d-------- C:\Users\Fleur\Bluetooth Software
2008-05-01 23:02:02 0 d-------- C:\Windows\pss
2008-04-30 17:42:37 0 d-------- C:\Program Files\Lavasoft
2008-04-30 17:42:25 0 d-------- C:\Users\All Users\Lavasoft
2008-04-30 17:41:30 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-30 17:40:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 01:04:00 0 d-------- C:\Users\Fleur_2\Droplets
2008-04-29 23:00:54 0 d-------- C:\VundoFix Backups
2008-04-25 16:39:09 40713 --a------ C:\Windows\system32\cpmsky-uninst.exe
2008-04-25 16:34:12 0 d-------- C:\Program Files\LimeWire
-- Find3M Report ---------------------------------------------------------------
2008-05-09 15:01:11 700222 --a------ C:\Windows\system32\perfh00C.dat
2008-05-09 15:01:11 122020 --a------ C:\Windows\system32\perfc00C.dat
2008-05-09 14:52:49 836 --a------ C:\Windows\bthservsdp.dat
2008-05-01 23:14:12 0 d-------- C:\Program Files\Google
2008-05-01 23:03:02 0 d-------- C:\Program Files\xchat
2008-05-01 22:53:09 0 d-------- C:\Users\Fleur_2\AppData\Roaming\InterVideo
2008-04-30 17:40:26 0 d-------- C:\Program Files\Common Files
2008-04-29 23:28:11 0 d-------- C:\Program Files\Java
2008-04-29 16:45:50 0 d-------- C:\Users\Fleur_2\AppData\Roaming\Adobe
2008-04-29 12:18:59 0 d-------- C:\Users\Fleur_2\AppData\Roaming\uTorrent
2008-04-29 11:16:25 0 d-------- C:\Users\Fleur_2\AppData\Roaming\Thinstall
2008-04-28 15:40:41 0 d-------- C:\Users\Fleur_2\AppData\Roaming\LimeWire
2008-04-28 12:43:50 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-28 12:43:00 0 d-------- C:\Users\Fleur_2\AppData\Roaming\InstallShield
2008-04-23 14:02:36 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-23 13:17:03 0 d-------- C:\Users\Fleur_2\AppData\Roaming\Roxio
2008-04-16 16:53:12 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-16 16:22:59 0 d-------- C:\Program Files\Windows Mail
2008-04-08 14:22:16 328192 --a------
C:\Windows\system32\{44f00d87-075f-3c00-e668-c53da1bb2fbc}.dll
2008-02-20 23:41:43 1828398 --a------ C:\Windows\Counter-Strike Source LAN Edition
Uninstaller.exe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2703f130-d037-acc9-eb10-6a96f4398bb9}]
08/04/2008 14:22 328192 --a------ C:\Windows\system32\{44f00d87-075f-3c00-e668-c53da1bb2fbc}.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/08/2007
08:03]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security
Manager\PTHOSTTR.exe" [09/01/2007 15:52]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/09/2007 03:50]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless
Assistant\HPWAMain.exe" [01/03/2007 13:18]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless
Assistant\WiFiMsg.exe" [10/01/2007 16:12]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health
Check\HPHC_Scheduler.exe" [16/05/2007 07:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
[22/02/2008 04:25]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe"
[06/11/2007 16:34]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
[16/02/2005 23:11]
"HPWWANGSAssistant"="c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe" [03/05/2007
16:33]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [21/02/2007
15:14]
"IFXSPMGT"="C:\Windows\system32\ifxspmgt.exe" [23/05/2007 16:04]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [08/05/2007 07:38]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[24/08/2007 07:00]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat
8.0\Acrobat\Acrotray.exe" [22/10/2006 22:24]
"@"="" []
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE"
[20/03/2007 15:40]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe"
[21/04/2008 21:10]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007
03:29]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/01/2008 16:27]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [23/05/2007
11:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"MSConfig"="C:\Windows\system32\msconfig.exe" [02/11/2006 11:45]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [23/01/2008 09:42]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007
12:34]
"MSServer"="C:\Users\Fleur_2\AppData\Local\Temp\pmnnNfFx.dll,#1" []
"cmds"="C:\Users\Fleur_2\AppData\Local\Temp\hgGvtTkh.dll,c" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"ST Recovery Launcher"=%WINDIR%\SMINST\launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [29/03/2007 12:11:50]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [31/10/2007 17:50:01]
Lancement rapide d'Adobe Acrobat.lnk -
C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [15/11/2007 16:32:17]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
DeviceNP.dll 30/04/2007 08:19 49152 C:\Windows\System32\DeviceNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= SbHpNp scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04
F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002
BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04
FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7
D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe
Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c0e4eaf]
rundll32.exe "C:\Users\Fleur_2\AppData\Local\Temp\nfvtgetd.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f3d7d33]
Rundll32.exe "C:\Users\Fleur_2\AppData\Local\Temp\imwivtnu.dll",s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
C:\Windows\System32\Rundll32.exe
"C:\Windows\system32\{44f00d87-075f-3c00-e668-c53da1bb2fbc}.dll" DllInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry
WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc
QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc
irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum
EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc
PnrpAutoReg
bthsvcs BthServ
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{053b09e7-8e3c-11
dc-a405-001a6bbdbab8}]
Auto\command- G:\UFO.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d9074f6-9519-11
dc-9518-001a73986ee5}]
AutoRun\command- H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d402cd6-a7f4-11
dc-9734-001a73986ee5}]
Auto\command- UFO.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e91d6fd-ae2e-11
dc-8c3e-001a6bbdbab8}]
Auto\command- MSOCache\doWTP_RESTORE.exe -autorun
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
MSOCache\doWTP_RESTORE.exe -autorun
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a18ddfd0-8b02-11
dc-8a1a-001a73986ee5}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d379acec-d24e-11
dc-bb6c-001a6bbdbab8}]
Auto\command- H:\UFO.exe
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\UFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f316e43a-d4cc-11
dc-9154-001a6bbdbab8}]
AutoRun\command- explorer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8300 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-05-09 15:23:13 ------------
================ |
Dernière édition par Fleur le Sam 10 Mai 2008 12:16; édité 2 fois |
|
    |
|
Disquette
Messages: 32
Tutoriaux : 0
|
| Posté le:
Ven 09 Mai 2008 15:58 Sujet : Infection Vundo/Gen sous vista |
|
[Suite du post précédent]
====HIJACKTHIS====
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:34, on 09/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Fleur_2\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fw
link/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: cpmsky browser optimizer - {2703f130-d037-acc9-eb10-6a96f4398bb9} -
C:\Windows\system32\{44f00d87-075f-3c00-e668-c53da1bb2fbc}.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program
Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program
Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -
C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security
Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless
Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health
Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
/Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat
8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Fleur_2\AppData\Local\Temp\pmnnNfFx.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Fleur_2\AppData\Local\Temp\hgGvtTkh.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User
'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User
'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User
'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat
8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft
Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated -
C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation -
C:\Windows\system32\AEADISRV.EXE
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH -
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program
Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. -
C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple
Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program
Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Verrouillage des périphériques / Audition HP ProtectTools (FLCDLOCK) -
Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common
Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP
Health Check\hphc_service.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program
Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program
Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG -
C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG -
C:\Windows\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common
Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) -
Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF
Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) -
Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing
Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra
Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 14684 bytes
=========
Merci de bien vouloir m'aider à résoudre mon probleme  |
|
|
|
|
|
Messages: 2793
Tutoriaux : 0
|
| Posté le:
Sam 10 Mai 2008 11:15 Sujet : Infection Vundo/Gen sous vista |
|
Salut à toi et bienvenue, 
* Désactive le contrôle des comptes utilisateurs (tu le
réactiveras après ta désinfection) :
* - Va dans Démarrer --> Panneau de configuration
* - Double Clique sur l'icône "Comptes
d'utilisateurs"
* - Clique ensuite sur Désactiver et valide.
* Redémarre ta machine.
Ensuite,
Télécharge VundoFix.exe (par
Atribune) sur ton Bureau.
Ici le lien pour télécharger
http://www.atribune.org/ccount/click.php?id=4
Lance Vundofix.exe, le Fix s'install.
Une fois installé, clic sur le raccourcis créé sur ton Bureau. (Vundofix.exe)
Clic ensuite sur le bouton "Scan for Vundo"
Sois patient, ça peut prendre un certain temps, selon la taille du disque dur.
Tu verras défiler les *.dll, *.exe,
Lorsque le scan est fini,en cas de détection de l'infection
Vundo,
Une invite te demande si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaitra un
moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown")---> clic
OK
* Démarre ton PC à nouveau.
* Copier/coller le contenu du rapport situé dans --->
----->C:\vundofix.txt
-->source ici de l'aide visuelle |
_________________
*** je n'ai pas la prétention de résoudre vos soucis, mais juste celle de vous aider à les résoudre 
 |
|
 |
|
Disquette
Messages: 32
Tutoriaux : 0
|
| Posté le:
Sam 10 Mai 2008 12:15 Sujet : Infection Vundo/Gen sous vista |
|
VundoFix V7.0.3
Scan started at 11:34:03 10/05/2008
Listing files found while scanning....
No infected files were found.
Voila le résultat  je me
debat avec mon pc pour virer ce virus et depuis ce matin je n'ai plus rien comme alerte donc ça
explique peut etre le résultat de Vundofix... Par contre vu tout ce que j'ai essayé je ne sais aps
ce qui a résolu mon problème. |
|
|
|
|
|
Messages: 2793
Tutoriaux : 0
|
| Posté le:
Sam 10 Mai 2008 17:03 Sujet : Infection Vundo/Gen sous vista |
|
Bien,
on passe à du plus costaud, nous verrons bien le rapport de Combofix.
Exécute cette manip pour faire un scan avec Combofix.développé
par sUBs.
-->source ici
Poste le rapport de C:\Combofix.txt. sur le forum.
de plus fais ceci:
Télécharge Malware Byte's Antimalware et installe le (assure toi qu'il se soit bien mis à jour
avant de passer à la suite).
-->source ici
* Redémarre en mode sans échec :
o Redémarre ton ordinateur
o Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows
apparaisse, tapote la touche F8 (une pression par seconde).
o A la place du chargement normal de Windows, un menu avec différentes options devrait
apparaître.
o Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur
"Entrée".
o Choisis ton compte.
* Lance MBAM et sélectionne "Exécuter un examen
complet". Patiente le temps du scan.
* Une fois le scan terminé,clique sur "Supprimer la
sélection".
Si MBAM a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
Enregistre le rapport sur ton Bureau lorsqu'il s'affichera.
Poste le dans ta prochaine réponse. [/list] |
|
|
|
|
|
|
|
|
| |
